Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Spring MVC Links

Browse Source 
Issue gh-13062
This commit is contained in:
Josh Cummings 2023-04-18 11:23:57 -06:00
parent c79f04cd11
commit 3f6f01ce20
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/modules/ROOT/pages/servlet/authentication/logout.adoc
View File

@ -76,7 +76,7 @@ http {
and no authorization changes are necessary since it simply adjusts the `LogoutFilter`. and no authorization changes are necessary since it simply adjusts the `LogoutFilter`.
[[permit-logout-endpoints]] [[permit-logout-endpoints]]
However, if you stand up your own logout success endpoint (or in a rare case, <<creating-custom-logout-endpoint, your own logout endpoint>>), say using Spring MVC, you will need permit it in Spring Security. However, if you stand up your own logout success endpoint (or in a rare case, <<creating-custom-logout-endpoint, your own logout endpoint>>), say using {spring-framework-reference-url}web.html#spring-web[Spring MVC], you will need permit it in Spring Security.
This is because Spring MVC processes your request after Spring Security does. This is because Spring MVC processes your request after Spring Security does.
You can do this using `authorizeHttpRequests` or `<intercept-url>` like so: You can do this using `authorizeHttpRequests` or `<intercept-url>` like so:
@ -327,7 +327,7 @@ Since {security-api-url}org/springframework/security/web/authentication/logout/L
It is strongly recommended that you use the provided `logout` DSL to configure logout. It is strongly recommended that you use the provided `logout` DSL to configure logout.
One reason is that its easy to forget to call the needed Spring Security components to ensure a proper and complete logout. One reason is that its easy to forget to call the needed Spring Security components to ensure a proper and complete logout.
In fact, it is often simpler to <<add-logout-handler, register a custom `LogoutHandler`>> than create a Spring MVC endpoint for performing logout. In fact, it is often simpler to <<add-logout-handler, register a custom `LogoutHandler`>> than create a {spring-framework-reference-url}web.html#spring-web[Spring MVC] endpoint for performing logout.
That said, if you find yourself in a circumstance where a custom logout endpoint is needed, like the following one: That said, if you find yourself in a circumstance where a custom logout endpoint is needed, like the following one: