CODEWITHSUNDEEP
javaspringspring-mvcspring-security
user375868
user375868

Reputation: 1378

Spring logout gives 404 error

I've gone through all of the solutions listed at SO but can't seem to make it work. I've a simple spring-security xml file- 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd">
    <http auto-config='true' use-expressions="true">
        <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="user" password="user" authorities="ROLE_USER"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

My logout page looks like this- 

<form action="j_spring_security_logout" method="post" id="logoutForm">
            <input type="hidden"
                    name="${_csrf.parameterName}"
                    value="${_csrf.token}" />
</form>

<script>
    function formSubmit() {
                document.getElementById("logoutForm").submit();
    }
</script>

<c:if test="${pageContext.request.userPrincipal.name != null}">
           <h2>
                Welcome : ${pageContext.request.userPrincipal.name} |
                 <a href="javascript:formSubmit()"> Logout</a>
            </h2>
</c:if>

But I get 404 error when I make HTTP POST; Spring gives following error message- 

WARNING: No mapping found for HTTP request with URI [/j_spring_security_logout] in DispatcherServlet with name 'spring-dispatcher'

What am I doing wrong?

Spring versions (from pom.xml)- 

<spring-core-version>4.1.6.RELEASE</spring-core-version>
<spring-security-version>4.0.1.RELEASE</spring-security-version>

Upvotes: 4

Views: 4003

Answers (1)

Shaun the Sheep
Shaun the Sheep

Reputation: 22752

According to the docs, the logout URL ins Spring Security 4 is just /logout, so it should work if you change your form action.

I would also drop the auto-config attribute and just set what you want to use explicitly, following the examples in the manual.

Upvotes: 7

Related Questions