Reputation: 759
Grails 2.2.0, Spring Security - logout feature not working
I am using GGTS and Grails 2.2.0 and have implemented spring security along with Basic Auth with the following options
Config.groovy
grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.digest.realmName = 'someval'
LogoutController {
def index = {
redirect uri: SpringSecurityUtils.securityConfig.logout.filterProcessesUrl
}
When I click on logout – it does not log the user out, it takes me back to the home page. I have looked at the forums, but have not found anything that works.
I want to make sure that whatever solution is implemented, logs off the use completely and the user is not able to return back to the original page without logging back in.
Any pointers/suggestions are appreciated.
Upvotes: 1
Views: 626
Answers (1)
Reputation: 66069
The problem is HTTP Basic Authentication. It doesn't specify a way to log out. I believe there are some "unofficial" methods that work (see How to log out user from web site using BASIC authentication?), but Spring Security doesn't appear to use them.
The best solution is to avoid Basic Auth altogether. If that's not an option, you'll have to write a custom LogoutController that e.g. sends back a 401 error code.
Upvotes: 2
Related Questions
- How to logout from a controller with Spring Security
- force logout for authenticated user using spring security plugin
- Grails logout another logged in user
- Grails Spring Security Rest Logout
- spring-security-rest plugin logout failure
- logout api error - Rest Spring Security Plugin in Grails
- spring security logout handler not working
- Grails Spring Security Core logout message
- Grails Spring Security plugin: logout not working
- Grails Spring security core pre-logout