jeudi 9 avril 2015

Spring security logout handling

According to Spring Security 4.0.0 document:



4.2.4 Logout Handling


The logout element adds support for logging out by navigating to a particular URL. The default logout URL is /logout , but you can set it to something else using the logout-url attribute. More information on other available attributes may be found in the namespace appendix.



However, after following security setting in the doc, the URL /logout doesn't show logout page. Instead, it shows


enter image description here


On the contrary, the URL /login works properly.


enter image description here


The following is my setting:


Spring Framework 4.1.6

Spring Security 4.0.0


Web.xml



<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://ift.tt/ra1lAU"
    xmlns="http://ift.tt/nSRXKP"
    xsi:schemaLocation="http://ift.tt/nSRXKP http://ift.tt/1eWqHMP"
    version="3.0">
    <display-name>Test8</display-name>
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>default.html</welcome-file>
        <welcome-file>default.htm</welcome-file>
        <welcome-file>default.jsp</welcome-file>
    </welcome-file-list>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/security-config.xml</param-value>
    </context-param>


</web-app>


security-config.xml



<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://ift.tt/1c8inpe"
    xmlns:beans="http://ift.tt/GArMu6" xmlns:xsi="http://ift.tt/ra1lAU"
    xsi:schemaLocation="http://ift.tt/GArMu6
           http://ift.tt/QEDs1e
           http://ift.tt/1c8inpe
           http://ift.tt/18sW2ay">
    <http>
        <intercept-url pattern="/**" access="hasRole('USER')" />
        <form-login />
        <logout />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="aaa" password="111" authorities="ROLE_USER, ROLE_ADMIN" />
                <user name="bbb" password="222" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)