Call to j_spring_security_logout not working

前端未结

关注

 6  1206

I\'m trying to setup the logut of my application with j_spring_security_logout but for some reason it\'s not working, I keep getting a 404 error.

I\'m calling the fu

相关标签:

6条回答

梦毁少年i

2020-12-16 11:55

first set security-context.xml the following code...

<security:logout logout-success-url="/"
            invalidate-session="true"  />

then add this code to your jsp file..

  <script>
        function formSubmit() {
            document.getElementById("logoutForm").submit();
        }
    </script>


<c:url var="logoutUrl" value="/logout" />        
  <a href="javascript:formSubmit()"> Logout</a>
</li>

<form action="${logoutUrl}" method="post" id="logoutForm">
    <input type="hidden" name="${_csrf.parameterName}"     value="${_csrf.token}" />
</form>

0 讨论(0)

没有蜡笔的小新

2020-12-16 11:59

check whether csrf is enabled. If csrf enabled, need to use post method to logout, add csrf token as hidden field. then use JavaScript to post the form to logout

0 讨论(0)
发布评论:

提交评论
- 加载中...
夕颜

2020-12-16 12:08
In JAVA-BASED Spring MVC config, you have to configure it in your security config class:
```
@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.servletApi().rolePrefix("");
    http
      .logout()
          .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
}
```
This answer is doubled from, and is working on my case: Spring Security Java Config not generating logout url
0 讨论(0)
发布评论:

提交评论
- 加载中...
闹比i

2020-12-16 12:10
also heres what your controller should look like
```
@RequestMapping("/logout")
    public String logoutUrl(){
        return "logout";
    }
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
长情又很酷

2020-12-16 12:13
the logout-url refers to a virtual URL, you need not have any resource by that name. You can do either this:
```
<logout logout-success-url="/" logout-url="/j_spring_security_logout" />
```
and the link on your page like this
```
<c:url value="/j_spring_security_logout" var="logoutUrl" />
<a href="${logoutUrl}">Log Out</a>
```
OR this:
```
<logout logout-success-url="/" logout-url="/logout" />
```
and the link as follows:
```
<c:url value="/logout" var="logoutUrl" />
<a href="${logoutUrl}">Log Out</a>
```
You were mixing both thats why you were getting 404 error.
0 讨论(0)
发布评论:

提交评论
- 加载中...

北荒

2020-12-16 12:21

With spring security 4 Logout has to be done through form button. CSRF token has to be submitted along. j_spring_security_logout does not work any longer. After spending one day i got following to be working.
Step 1: In your JSP page

<c:url var="logoutUrl" value="/logout"/>
<form action="${logoutUrl}" method="post">
    <input type="submit" value="Logout"/>
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>

Step 2

<security:http use-expressions="true">
<security:form-login login-page="/login" authentication-failure-url="/login?error=true" />
<security:logout logout-success-url="/login" invalidate-session="true" logout-url="/logout" />
</security:http>

Step 3 In your login controller

//Logout mapping
@RequestMapping("/logout")
public String showLoggedout(){
    return "logout";
}

Step 4 You must have one logout.jsp

Important to see that it will land onto login page after logout.

<security:form-login login-page="/login" authentication-failure-url="/login?error=true" />

So this login page must be there with corresponding mappping to login.jsp or whatever to map in your controller.

0 讨论(0)