Home/ Questions/Q 8228577
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T16:30:14+00:00

I was reading many tutorials and none of them is working for me… I

  • 0

I was reading many tutorials and none of them is working for me…
I use Spring 3.1.x with Spring Security. I have a bunch of secured url and many unsecured. Now, when the user is logged in and tries to logout I want him to stay in the same page as he was before so I use this:

<beans:bean id="logoutSuccessHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
    <beans:property name="useReferer" value="true"/>
</beans:bean>

This works fine, however when the user logs out from the secured page it redirects him to the login page, and I would like to redirect to home page.. How can I achieve this?
Thanks in advance!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since you have custom logic for redirecting, you need a custom LogoutSuccessHandler.
    In this handler, you need to add this logic:

    String refererUrl = request.getHeader("Referer");
String normalizedRefererUrl = ...; // "Normalize" (if needed) the URL so it is in the form that you need.

if (requiresAuthentication(normalizedRefererUrl, authentication)) {
    response.sendRedirect(request.getContextPath()); // home page
} else {
    response.sendRedirect(refererUrl); // or normalizedUrl
}

    In your requiresAuthentication() method, you need to use some part of Spring Security that determined if the URL needs authentication.

    You can use a WebInvocationPrivilegeEvaluator reference there. You get a hold of it through Spring through autowiring by class (since there will be a bean implementing WebInvocationPrivilegeEvaluator).

    The evaluator has a method that you can use, isAllowed(uri, authentication).

    • 0