CODEWITHSUNDEEP
springspring-security
jaredready
jaredready

Reputation: 2698

Spring Security logout-success-url Not Being Honored

We are using Spring Security to handle the security of our web app. I have implemented a logout button, and configured it all via XML. When I click on the logout button, though, I am not redirected to the logout-success-url, but instead redirected to the invalid-session-url.

Here's my application-security.xml

<http use-expressions="true">
    <form-login login-page="/login"
                login-processing-url="/j_spring_security_check"
                default-target-url="/main"
                always-use-default-target="true"
                authentication-failure-url="/login?redirect=login_error" />
    <logout logout-success-url="/login?redirect=logout" delete-cookies="JSESSIONID"/>
    <session-management invalid-session-url="/login?redirect=session_timeout" />
    <intercept-url pattern="/login" access="isAnonymous()" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
</http>

And the logout button:

<a role="menuitem" tabindex="-1" href="<c:url value="j_spring_security_logout"/>" >Signout</a>

Thanks for the help!

Upvotes: 3

Views: 1412

Answers (1)

ronielhcuervo
ronielhcuervo

Reputation: 715

Do you import at your page, jstl tag lib. e.g

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

I configured my Logout url and it works well. Here's my application-security.xml

<logout logout-url="/logout" delete-cookies="JSESSIONID"
            logout-success-url="/login?redirect=logout" />

then at my pages.

<a role="menuitem" tabindex="-1" href="<c:url value="/logout" />" />" >Signout</a>

Upvotes: 1

Related Questions