Main Tutorials

Spring Security logout example

In Spring Security, to log out, just add a link to url “j_spring_security_logout“, for example :


<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
	<h2>messages, whatever</h2>	
	<a href="<c:url value="j_spring_security_logout" />" > Logout</a>
</body>
</html>

In Spring security, declares “logout” tag, and configure the “logout-success-url” attribute :


<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

	<http auto-config="true">
		<intercept-url pattern="/welcome*" access="ROLE_USER" />
		<logout logout-success-url="/welcome" />
	</http>

	<authentication-manager>
	  <authentication-provider>
	    <user-service>
		<user name="mkyong" password="password" authorities="ROLE_USER" />
	    </user-service>
	  </authentication-provider>
	</authentication-manager>

</beans:beans>

Download Source Code

Download it – Spring-Security-LogOut-Example.zip (8 KB)

About Author

author image
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter. If you like my tutorials, consider make a donation to these charities.

Comments

Subscribe
Notify of
18 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Anon
6 years ago

Mapping to j_spring_security_logout is not found

johaness vix
8 years ago

its a crap…

mike
10 years ago

With all due respect, this feature of Spring seems totally useless in real world Spring applications. Most web apps allow users to or administrators to make user accounts through a “registration” or “add user” form.

The idea of needing to manually add each user to an XML file makes this completely inapplicable to 99.999999999999999999% of web applications in existence.

Vincent
8 years ago
Reply to  mike

Just leaving this here for anyone who finds this afterwards(like me). As Mike said Spring Security does allow for users to be stored in database and this exact logout method will still work

Mike
10 years ago
Reply to  mike

Spring Security does include features for authentication using a custom database with a users table rather than a static xml file. It’s just an example above.

Thiago Henrique
11 years ago

or

 

<h:commandLink value="Logout" onclick="location.href = '../j_spring_security_logout';"/> 

Anon
6 years ago

j_spring_security_logout

Jeeva
9 years ago

Thanks sir… it works fine. But when i press back button it enter into page… how to solve this sir…. pls help me

Lê Thanh Liêm
9 years ago
Reply to  Jeeva

add to your spring config :

Nashuald
10 years ago

Hi.

I am trying to do this with Google App Engine/Google Users and Spring MVC 3/Spring Security. Does this procedure works in the same way?

Thanks

Guest
9 years ago
Reply to  Nashuald

Hi,
I developed web application in spring mvc and hibernate with login module. all works fine. but when i log out and press browsers back button then i getting the secured pages. am trying to handle browser’s back button. Is there any solution?

vijay
10 years ago

Can anyone suggest how to implement logout in http authentication instead of form based.

manish
10 years ago

does it invalidate the session ? I tried this in my application and it did not invalidate the session. I could access the pages after logging out by clicking the back button in the browser.

Sanket
10 years ago

I think it should be <a href="” > Logout

j_spring_security_logout => /j_spring_security_logout

I was not able to logout successfully from childpages since my context path is getting changed. My page design may be at fault here but i think “/j_spring_security_logout” is a safer option.

Sanket
10 years ago
Reply to  Sanket

The link in the first line got deleted.
I am just suggesting to replace j_spring_security_logout => /j_spring_security_logout.

santhosh
11 years ago

it worked well, but after log out, if i press back button in browser i could see the secured pages again.. how can i avoid that…

sensoft1988
12 years ago
 i  this logout works even when we press back button in the browser