Reputation: 4305

Logout in Spring Security does not work

I have created an application with Spring Security. In the Spring Security Context file I have added the following piece of code:

<http auto-config="true">
    <intercept-url pattern="/index.jsp" access="ROLE_ADMIN" />
    <intercept-url pattern="/metrics.jsp#chart" access="ROLE_ADMIN" />
    <intercept-url pattern="/metrics.jsp" access="ROLE_ADMIN" />
    <intercept-url pattern="/j_spring_security_logout#chart" access="ROLE_ADMIN" />
    <form-login login-page="/login.jsp" authentication-failure-url="/loginerror.jsp"  default-target-url="/index.jsp" />
    <logout logout-success-url="/login.jsp" invalidate-session="true" delete-cookies="JSESSIONID" />
</http>

In the application context file I have added the following code:

<bean id="webContentInterceptor" class="org.springframework.web.servlet.mvc.WebContentInterceptor">
    <property name="cacheSeconds" value="0" />
    <property name="useExpiresHeader" value="true" />
    <property name="useCacheControlHeader" value="true" />
    <property name="useCacheControlNoStore" value="true" />
</bean>

In the pages of the application (I use JSP), I have added the following code for the logout button:

 <a href="j_spring_security_logout" class="ui-btn-right">Logout</a>

Well, when the user clicks the button, he is redirected to the login page, however he can still go to other pages of the application, which should not happen, Does anyone know where the problem may be? Am I missing something? Thanks in advance!

Upvotes: 2

Logout in Spring Security does not work

Answers (2)

Related Questions