In Spring Security, to log out, just add a link to url “j_spring_security_logout“, for example :
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
<h2>messages, whatever</h2>
<a href="<c:url value="j_spring_security_logout" />" > Logout</a>
</body>
</html>
In Spring security, declares “logout” tag, and configure the “logout-success-url” attribute :
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<http auto-config="true">
<intercept-url pattern="/welcome*" access="ROLE_USER" />
<logout logout-success-url="/welcome" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="mkyong" password="password" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Download Source Code
Download it – Spring-Security-LogOut-Example.zip (8 KB)
Mapping to j_spring_security_logout is not found
its a crap…
With all due respect, this feature of Spring seems totally useless in real world Spring applications. Most web apps allow users to or administrators to make user accounts through a “registration” or “add user” form.
The idea of needing to manually add each user to an XML file makes this completely inapplicable to 99.999999999999999999% of web applications in existence.
Just leaving this here for anyone who finds this afterwards(like me). As Mike said Spring Security does allow for users to be stored in database and this exact logout method will still work
Spring Security does include features for authentication using a custom database with a users table rather than a static xml file. It’s just an example above.
or
j_spring_security_logout
Thanks sir… it works fine. But when i press back button it enter into page… how to solve this sir…. pls help me
add to your spring config :
Hi.
I am trying to do this with Google App Engine/Google Users and Spring MVC 3/Spring Security. Does this procedure works in the same way?
Thanks
Hi,
I developed web application in spring mvc and hibernate with login module. all works fine. but when i log out and press browsers back button then i getting the secured pages. am trying to handle browser’s back button. Is there any solution?
Can anyone suggest how to implement logout in http authentication instead of form based.
does it invalidate the session ? I tried this in my application and it did not invalidate the session. I could access the pages after logging out by clicking the back button in the browser.
I think it should be <a href="” > Logout
j_spring_security_logout => /j_spring_security_logout
I was not able to logout successfully from childpages since my context path is getting changed. My page design may be at fault here but i think “/j_spring_security_logout” is a safer option.
The link in the first line got deleted.
I am just suggesting to replace j_spring_security_logout => /j_spring_security_logout.
it worked well, but after log out, if i press back button in browser i could see the secured pages again.. how can i avoid that…
This will help:
http://stackoverflow.com/questions/4364622/how-to-set-header-no-cache-in-spring-mvc-3-by-annotation