Spring Security Logout Example
Spring Security provides Logout Handling Service for logging out by navigating to a particular URL (by default /j_spring_security_logout). LogoutFilter starts processing when a request comes for /j_spring_security_logout url and delegates to LogoutHandler(s) to perform the actual logout functionality like clearing security context, invalidating session, etc. Based on logout configuration, a redirect will be performed to the URL logout-success-url after logout.
In this example, we'll integrate Spring Logout handling mechanism in Spring Security 3 Hello World Example to demonstrate logout functionality.
Tools and Technologies used in this article :
1. Import 'Spring Security 3 Hello World Example' project
Download and import code of my previous post on Spring Security 3 Hello World Example
2. Add Logout configuration
Set logout-success-url attribute to /logoutSuccess.jsp. After logout user will be redirected to this page.
If you want to use custom logout url (say /logout) instead of default one (/j_spring_security_logout), then use logout-url attribute as shown below.
3. Add Logout success page
Add following logoutSuccess.jsp under webapp directory.File : /logoutSuccess.jsp
4. Add Logout url
Add custom logout url /logout in mypage.jspFile : WEB-INF/pages/secured/mypage.jsp
5. Overall Project Structure
Start the server and deploy the web application. Open the url http://<IP>:<PORT>/SpringSecurityHelloWorld/secured/mypage. We'll be redirected to login page. Using correct username (srccodes) and password (password) we'll be able to view the content of the secured page having our custom logout url.
On clicking 'Logout' link, Spring security will perform logout functionality and redirect us to logout-success-url as configured.
To recheck, try to open http://<IP>:<PORT>/SpringSecurityHelloWorld/secured/mypage, we'll be again redirected to login page. This means, we have been properly logged out from the application.
Download Source Code