I have web app with spring security 4.2.3.RELEASE.
Security config:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/s/**").permitAll()
.antMatchers("/changePassword").permitAll()
.antMatchers("/changePasswordPerform").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.defaultSuccessUrl("/home", true)
.failureHandler(customAuthenticationHandler)
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
}
Controller
@RequestMapping(value = "/login")
public ModelAndView login(HttpServletRequest request,
@RequestParam(value = "logout", required = false) String logout) {
ModelAndView model = new ModelAndView();
if (logout != null) {
model.addObject("msg", "logout successfully");
}
model.setViewName("login-new");
return model;
}
All works fine (After logout I get a message "logout successfully" , page is ../login?logout). Now I am trying to audit my logout events. For that propose I add
@Component
public class CustomLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
//audit logic here
String URL = request.getContextPath() + "/login?logout";
response.setStatus(HttpStatus.OK.value());
response.sendRedirect(URL);
}
}
and changed my security config
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
.logoutSuccessHandler(customLogoutSuccessHandler);
Logout still works, but now I am not getting message "logout successfully". And logout page is ../login (not ../login?logout). How can I get my message back?
