Logout with Spring Security with Java configuration

Question

I am using Spring Security 4.0.2.RELEASE with Spring 4.2.0.RELEASE.

I am unable to create a logout link (I maen what must be the value of the href attribute).

Consider :

Configuring DelegatingFilterProxy in Java with WebApplicationInitializer:

public class SecurityWebInitializer
    extends AbstractSecurityWebApplicationInitializer {

}

Simple configuration class to enable web security for Spring MVC

@Configuration
@EnableWebSecurity
public class SecurityConfig
    extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.formLogin().and()
            .authorizeRequests()
            .antMatchers("/spitter/").authenticated()   
            .antMatchers(HttpMethod.GET, "/spitter/register").authenticated().and()

            .logout().deleteCookies("remove")
            .invalidateHttpSession(true).logoutUrl("/logout")
            .logoutSuccessUrl("/");

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
        throws Exception {

        auth.inMemoryAuthentication().withUser("user").password("password")
            .roles("USER").and().withUser("admin").password("password")
            .roles("USER", "ADMIN");
    }

}

Controller:

@Controller
@RequestMapping(value = "/spitter")
public class SpittrController {

    private SpittleRepository spittleRepository;

    @Autowired
    public SpittrController(SpittleRepository spittleRepository) {

        this.spittleRepository = spittleRepository;
    }

    @RequestMapping(value = "/register", method = RequestMethod.GET)
    public String showRegistrationForm() {

        return "registerForm";
    }

    @RequestMapping(value = "/register", method = RequestMethod.POST)
    public String processingRegistration(@Valid Spitter spitter, Errors errors) {

        if (errors.hasErrors()) {
            return "registerForm";
        }

        spittleRepository.save(spitter);
        return "redirect:/spitter/" + spitter.getUserName();

    }

    @RequestMapping(value = "/{username}", method = RequestMethod.GET)
    public String showSpitterProfile(@PathVariable("username") String username,
                                     Model model) {

        Spitter spitter = spittleRepository.findByUsername(username);
        if(spitter != null){
            model.addAttribute(spitter);
        }

        return "profile";
    }
}

registerForm.jsp:


        
            
                First Name:
                
            
            
                Last Name:
                
            
            
                User Name:
                
            
            
                Password:

After submission of registerForm.jsp, the profile.jsp is shown to the user:

profile.jsp:


    Hello world!

    The time on the server is ${serverTime}.

    Your Profile
    Logout


    
        
            First Name:
            
        
        
            Last Name:
            
        
        
            User Name:

When I hit

http://localhost:8080/web/spitter/register

I am redirected to the login page. After login and submitting the form, the profile.jsp is shown in which I have included a Logout link. On clicking that, HTTP 404 comes up.

I have gone through Spring Security docs, but they have taken thymeleaf into consideration. My is a simple JSP page.

Furthermore, I have also considered taking this into account,

By default POST request is required to the logout url. To perform logout on GET request you need:

http .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));

1: http://docs.spring.io/spring-security/site/docs/3.2.x/guides/hellomvc.html

Any suggestions?

Balwinder Singh · Accepted Answer

Update the your code in profile.jsp as

logout

Logout with Spring Security with Java configuration

Answers (1)

Related Questions