From 3f6f01ce20b1f30f85229ee10bcc36fde963deac Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Tue, 18 Apr 2023 11:23:57 -0600 Subject: [PATCH] Add Spring MVC Links Issue gh-13062 --- docs/modules/ROOT/pages/servlet/authentication/logout.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/modules/ROOT/pages/servlet/authentication/logout.adoc b/docs/modules/ROOT/pages/servlet/authentication/logout.adoc index 4d9f896740..c9091ca7c3 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/logout.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/logout.adoc @@ -76,7 +76,7 @@ http { and no authorization changes are necessary since it simply adjusts the `LogoutFilter`. [[permit-logout-endpoints]] -However, if you stand up your own logout success endpoint (or in a rare case, <>), say using Spring MVC, you will need permit it in Spring Security. +However, if you stand up your own logout success endpoint (or in a rare case, <>), say using {spring-framework-reference-url}web.html#spring-web[Spring MVC], you will need permit it in Spring Security. This is because Spring MVC processes your request after Spring Security does. You can do this using `authorizeHttpRequests` or `` like so: @@ -327,7 +327,7 @@ Since {security-api-url}org/springframework/security/web/authentication/logout/L It is strongly recommended that you use the provided `logout` DSL to configure logout. One reason is that its easy to forget to call the needed Spring Security components to ensure a proper and complete logout. -In fact, it is often simpler to <> than create a Spring MVC endpoint for performing logout. +In fact, it is often simpler to <> than create a {spring-framework-reference-url}web.html#spring-web[Spring MVC] endpoint for performing logout. That said, if you find yourself in a circumstance where a custom logout endpoint is needed, like the following one: