Spring security with AngularJS - 404 on logout

Question

I\'m working with tutorial that describes how to write simple single-page app using Spring Boot, Spring Security and AngularJS: https://spring.io/guides/tutorials/spring-sec

Answer 1

In fact what you need is just to add a logout success handler

@Component
public class LogoutSuccess implements LogoutSuccessHandler {

@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication)
        throws IOException, ServletException {
    if (authentication != null && authentication.getDetails() != null) {
        try {
            httpServletRequest.getSession().invalidate();
            // you can add more codes here when the user successfully logs
            // out,
            // such as updating the database for last active.
        } catch (Exception e) {
            e.printStackTrace();
            e = null;
        }
    }

    httpServletResponse.setStatus(HttpServletResponse.SC_OK);

}

}

and add a success handler to your security config

http.authorizeRequests().anyRequest().authenticated().and().logout().logoutSuccessHandler(logoutSuccess).deleteCookies("JSESSIONID").invalidateHttpSession(false).permitAll();

Answer 2

In newer version of Spring Boot there is a class called HttpStatusReturningLogoutSuccessHandler which returns HTTP 200 per default. Its JavaDoc says:

"This is useful in REST-type scenarios where a redirect upon a successful logout is not desired".

to use it write something like:

        //... 
        .formLogin()
        .and()
        .logout().logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler());

Answer 3

Try to change $http.post('logout', {}) to this $http.post('\logout')

So it will be like this:

$scope.logout = function () {
    $http.post('\logout')
        .success(function () {
            // on success logic
        })
        .error(function (data) {
            // on errorlogic
        });
}