Spring Security logout example

In Spring Security, to log out, just add a link to url “j_spring_security_logout“, for example :


<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
	<h2>messages, whatever</h2>	
	<a href="<c:url value="j_spring_security_logout" />" > Logout</a>
</body>
</html>

In Spring security, declares “logout” tag, and configure the “logout-success-url” attribute :


<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

	<http auto-config="true">
		<intercept-url pattern="/welcome*" access="ROLE_USER" />
		<logout logout-success-url="/welcome" />
	</http>

	<authentication-manager>
	  <authentication-provider>
	    <user-service>
		<user name="mkyong" password="password" authorities="ROLE_USER" />
	    </user-service>
	  </authentication-provider>
	</authentication-manager>

</beans:beans>

Download Source Code

Download it – Spring-Security-LogOut-Example.zip (8 KB)

About the Author

author image
mkyong
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider make a donation to these charities.

Comments

Leave a Reply

avatar
newest oldest most voted
johaness vix
Guest
johaness vix

its a crap…

Anon
Guest
Anon

j_spring_security_logout

Anon
Guest
Anon

Mapping to j_spring_security_logout is not found

Jeeva
Guest
Jeeva

Thanks sir… it works fine. But when i press back button it enter into page… how to solve this sir…. pls help me

Lê Thanh Liêm
Guest
Lê Thanh Liêm

add to your spring config :

trackback
Spring Security + Google App Engine + UserService: What is the correct way to logout? | Technology & Programming Answers

[…] By example, there is a way to do it just putting a link pointing to ‘j_spring_security_logout’ as is explained on mkyong. […]

Nashuald
Guest
Nashuald

Hi.

I am trying to do this with Google App Engine/Google Users and Spring MVC 3/Spring Security. Does this procedure works in the same way?

Thanks

Guest
Guest
Guest

Hi,
I developed web application in spring mvc and hibernate with login module. all works fine. but when i log out and press browsers back button then i getting the secured pages. am trying to handle browser’s back button. Is there any solution?

vijay
Guest
vijay

Can anyone suggest how to implement logout in http authentication instead of form based.

manish
Guest
manish

does it invalidate the session ? I tried this in my application and it did not invalidate the session. I could access the pages after logging out by clicking the back button in the browser.

Sanket
Guest
Sanket

I think it should be <a href="” > Logout

j_spring_security_logout => /j_spring_security_logout

I was not able to logout successfully from childpages since my context path is getting changed. My page design may be at fault here but i think “/j_spring_security_logout” is a safer option.

Sanket
Guest
Sanket

The link in the first line got deleted.
I am just suggesting to replace j_spring_security_logout => /j_spring_security_logout.

trackback
GAE?SpringMVC???????3(Spring Security ??????) | Walk on apps.

[…] ???????????????? Spring Security hello world example Spring Security logout example […]

trackback
GAE?SpringMVC???????3(Spring Security ??????) | Walk on apps.

[…] ???????????????? Spring Security hello world example Spring Security logout example […]

mike
Guest
mike

With all due respect, this feature of Spring seems totally useless in real world Spring applications. Most web apps allow users to or administrators to make user accounts through a “registration” or “add user” form.

The idea of needing to manually add each user to an XML file makes this completely inapplicable to 99.999999999999999999% of web applications in existence.

Mike
Guest
Mike

Spring Security does include features for authentication using a custom database with a users table rather than a static xml file. It’s just an example above.

Vincent
Guest
Vincent

Just leaving this here for anyone who finds this afterwards(like me). As Mike said Spring Security does allow for users to be stored in database and this exact logout method will still work

Thiago Henrique
Guest
Thiago Henrique

or

 

<h:commandLink value="Logout" onclick="location.href = '../j_spring_security_logout';"/> 

santhosh
Guest
santhosh

it worked well, but after log out, if i press back button in browser i could see the secured pages again.. how can i avoid that…

sensoft1988
Guest
sensoft1988
 i  this logout works even when we press back button in the browser