{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《Issue with Spring security's logout》','https://www.manongdao.com/q-1326889.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've got a problem logging out in Spring framework.
First when I want j_spring_security_logout to handle it for me i get 404 j_spring_security_logout not found: sample-security.xml:
<http>
<intercept-url pattern="/messageList.htm*" access="ROLE_USER,ROLE_GUEST" />
<intercept-url pattern="/messagePost.htm*" access="ROLE_USER" />
<intercept-url pattern="/messageDelete.htm*" access="ROLE_ADMIN" />
<form-login login-page="/login.jsp" default-target-url="/messageList.htm"
authentication-failure-url="/login.jsp?error=true" />
<logout/>
</http>
Sample url link to logout in JSP page:
<a href="<c:url value="/j_spring_security_logout" />">Logout</a>
When i try to use a custom JSP page i.e. I use login form for this purpose then I get better result at least it gets to login page, but another problem is that you dont't get logged off as you can diretcly type url that should be guarded buy you get past it anyway.
Slightly modified from previous listings:
<http>
<intercept-url pattern="/messageList.htm*" access="ROLE_USER,ROLE_GUEST" />
<intercept-url pattern="/messagePost.htm*" access="ROLE_USER" />
<intercept-url pattern="/messageDelete.htm*" access="ROLE_ADMIN" />
<form-login login-page="/login.jsp" default-target-url="/messageList.htm"
authentication-failure-url="/login.jsp?error=true" />
<logout logout-success-url="/login.jsp" />
</http>
<a href="<c:url value="/login.jsp" />">Logout</a>
Thank you for help
You should do POST request. Something like that:
Is logout link aware of the context path?
For example, if your context path is "myapp", where does the above mentioned link point?
"http://localhost:8080/myapp/j_spring_security_logout" or "http://localhost:8080/j_spring_security_logout" ?
In fact, the j_spring_security_logout is only valid within the context of the webapp so only the first link would lead to the correct url
Try this link in your page whow content a logout link:
and creeate a logout.jsp file in your "webcontent" folder with the following code:
if an eror occured try to change "#{request.contextPath}" to the name of your project ex: my project name is "security" so i am using in my logout.jsp file:
I've just had this problem.
You need to make sure in
web.xmlyour security filter matches on the url /j_spring_security_logoute.g.
I ran into the same problem and after loosing hope, finally I found out the answer by accident. Of course we learn a lot by reading and using someone else's codes and, by doing this we inherit settings we don't know much about.
And this is what happened to me when programming using Spring Security.
In the Spring Security XML, within the http tag, there is this line:
I got this line during my research from some tutorial or example. And after 2 days struggling with the j_spring_security_logout keyword and getting nothing but error 404, I figured out this.
In the logout tag I am using, there's this logout-url parameter set to "/logout". Then I realized that according to my settings, my spring is expecting to receive /logout instead of /j_spring_security_logout.
Once I updated my code accordingly, it worked like a charm.
I had the same issue.
Seems to be a bug on 3.0.6!