Grails Spring Security plugin: logout not working

Question

I just add the spring-security-plugin to my grails project. everything looks working fine. but when I try to logout the app shows me the logout message, however the application is still logged-in!

My Config files is the following:

// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.userLookup.userDomainClassName = 'malibu.server.User'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'malibu.server.UserRole'
grails.plugins.springsecurity.authority.className = 'malibu.server.Role'

cheers

score 6 · Accepted Answer · answered May 06 '11 at 17:55

6

Since you're using Basic auth, your browser must be caching your credentials and logging you back in.

answered May 06 '11 at 17:55

Burt Beckwith

75,342
5
143
156

Yeah that might be right! so the point is '/j_spring_security_logout' shouldnt clean that? – Arthur Neves May 06 '11 at 18:59
The logout action removes the Authentication and invalidates your http session, but can't control what your browser does with cached Basic auth credentials. See http://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication and http://userfirstweb.com/23/logouts-form-based-http-basic-authentication/ – Burt Beckwith May 06 '11 at 20:38

score 4 · Answer 2 · answered Apr 22 '12 at 09:37

4

Just session.invalidate() before redirect.

class LogoutController {
    /**
     * Index action. Redirects to the Spring security logout uri.
     */
    def index = {
            session.invalidate()
            redirect [whatever]
    }
}

answered Apr 22 '12 at 09:37

Gonzalo Clavell

41
1

Grails Spring Security plugin: logout not working

2 Answers2