Spring Security provides Logout Handling Service for logging out by navigating to a particular URL (by default /j_spring_security_logout). LogoutFilter starts processing when a request comes for /j_spring_security_logout url and delegates to LogoutHandler(s) to perform the actual logout functionality like clearing security context, invalidating session, etc. Based on logout configuration, a redirect will be performed to the URL logout-success-url after logout.
In this example, we'll integrate Spring Logout handling mechanism in Spring Security 3 Hello World Example to demonstrate logout functionality.
Tools and Technologies used in this article
1. Import 'Spring Security 3 Hello World Example' project
Download and import code of my previous post on Spring Security 3 Hello World Example
2. Add Logout configuration
Set logout-success-url attribute to /logoutSuccess.jsp. After logout user will be redirected to this page.
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config='true'>
<intercept-url pattern="/secured/*" access="ROLE_USER" />
<logout logout-success-url="/logoutSuccess.jsp"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="srccodes" password="password" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
If you want to use custom logout url (say /logout) instead of default one (/j_spring_security_logout), then use logout-url attribute as shown below.
<logout logout-url="/logout" logout-success-url="/logoutSuccess.jsp"/>
3. Add Logout success page
Add following logoutSuccess.jsp under webapp directory.
File: /logoutSuccess.jsp
<html>
<title>Logged out</title>
<body>
<h2>You have been logged out successfully.</h2>
</body>
</html>
4. Add Logout url
Add custom logout url /logout in mypage.jsp
File: WEB-INF/pages/secured/mypage.jsp
<html>
<title>My Secured Page</title>
<body>
<h2>Hello World!</h2>
<h4>${message}</h4>
<br/>
<a href="/SpringSecurityHelloWorld/logout">Logout</a>
</body>
</html>
5. Overall Project Structure
6. Demo
Start the server and deploy the web application. Open the url http://
On clicking 'Logout' link, Spring security will perform logout functionality and redirect us to logout-success-url as configured.
To recheck, try to open http://
Download SrcCodes
All code samples shown in this post are available on GitHub
Comments