1

I am using GGTS and Grails 2.2.0 and have implemented spring security along with Basic Auth with the following options

Config.groovy

grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.digest.realmName = 'someval'

LogoutController {

def index = {
    redirect uri: SpringSecurityUtils.securityConfig.logout.filterProcessesUrl  
}

When I click on logout – it does not log the user out, it takes me back to the home page. I have looked at the forums, but have not found anything that works.

I want to make sure that whatever solution is implemented, logs off the use completely and the user is not able to return back to the original page without logging back in.

Any pointers/suggestions are appreciated.

user1811107
  • 729
  • 3
  • 18
  • 39

1 Answers1

2

The problem is HTTP Basic Authentication. It doesn't specify a way to log out. I believe there are some "unofficial" methods that work (see How to log out user from web site using BASIC authentication?), but Spring Security doesn't appear to use them.

The best solution is to avoid Basic Auth altogether. If that's not an option, you'll have to write a custom LogoutController that e.g. sends back a 401 error code.

Community
  • 1
  • 1
ataylor
  • 64,891
  • 24
  • 161
  • 189
  • Thanks that reconfirms what I have been reading, I will eventually use DigestAuth - BasicAuth will have to do in the meantime. Do you have any articles suggestions on implementing Digest auth in grails? – user1811107 Mar 01 '13 at 02:28
  • 2
    Digest auth uses the same mechanism, only more secure. Most websites just ignore HTTP authentication and handle it in the application. – ataylor Mar 01 '13 at 02:48