Home Spring MVC Spring Security – Logout

Spring Security – Logout

Spring Boot - REST Example

How to Configure Log4j 2 Logging in Spring Boot?

Spring Security logout process involves invalidating the user’s session and optionally cleaning up any related security context that identifies the user’s session. It provides default logout handling mechanisms that can be customized through the application security configuration.

When the user logs out:

  • The authentication is cleared from the current SecurityContext and it ensures the user is no longer recognized as the authenticated of the application.
  • The user’s session is invalidated.
  • Optional the cookies can be cleared then the other cleanup activities can be performed.

Implementation of the Spring Security – Logout

Below are the implementation steps of the logout mechanism in Spring Security.

Step 1:

Create a new Spring Boot project using the Spring Initializr, make sure to include the following dependencies:

  • Spring Web
  • Spring Security
  • Lombok
  • Spring DevTools

Once the project is created, the file structure will resemble the following:


Step 2:

Open the application.properties file and add the security username and password configuration for the Spring Security application:

spring.application.name=spring-security-logout

server.port=8080

spring.security.user.name=user
spring.security.user.password=user


Step 3: Create the Security Configuration class.

We create the SecurityConfig class to configure Spring Security in the project. Go src > org.example.springsecuritylogout > config > SecurityConfig and put the below code.

Java 
package org.example.springsecuritylogout.config;


import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;


@Configuration
@EnableWebSecurity
public class SecurityConfig  {

    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .formLogin(Customizer.withDefaults())
                .logout()
                .logoutSuccessUrl("/login?logout")
                .invalidateHttpSession(true)
                .deleteCookies("JSESSIONID")
                .permitAll();
    }
}


Step 4: Create the Controller class.

We create the HomeController class to create the home REST API of the Spring project. Go src > org.example.springsecuritylogout > controller > HomeController and put the below code.

Java 
package org.example.springsecuritylogout.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class HomeController {

    @GetMapping("/")
    public String home() {
        return "home";
    }

    @GetMapping("/login")
    public String login() {
        return "login";
    }
}


Step 5: Main Class(No Changes are required)

Go src > org.example.springsecuritylogout > SpringSecurityLogoutApplication and put the below code.

Java 
package org.example.springsecuritylogout;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SpringSecurityLogoutApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringSecurityLogoutApplication.class, args);
    }

}


Step 6: Create the Home HTML page.

We will now create the Home page for the Spring application. Go src > main > resources > templates > Home.html and put the below code.

HTML 
<!DOCTYPE html>
<html>
<head>
    <title>Home Page</title>
    <style>
        body {
            font-family: Arial, sans-serif; /* Sets the font for the body */
            background-color: #f4f4f9; /* Light grey background */
            margin: 40px; /* Adds margin around the body */
        }
        h1 {
            color: #333; /* Dark grey color for the heading */
        }
        a {
            color: #007BFF; /* Bootstrap primary blue color for links */
            text-decoration: none; /* Removes underline from links */
            font-weight: bold; /* Makes the text bold */
        }
        a:hover {
            color: #0056b3; /* Darker blue color on hover */
            text-decoration: underline; /* Adds underline on hover */
        }
    </style>
</head>
<body>
<h1>Welcome to the Home Page!</h1>
<a href="/logout">Logout</a>
</body>
</html>


Step 7: Run the Application

Finally, we will run the application then it will be start at port number 8080.


Step 7: Test the Application

Endpoint API:

http://localhost:8080/

If user not login into the application its redirects to the /login endpoint of the Spring application.

  • Username: user
  • password: user

Output:


Once logged into the application, it goes to the below URL.

http://localhost:8080/?continue

Output:


Click on the logout button, then its redirects to the below URL.

http://localhost:8080/logout

Output:


Once the user logs out of the application, they are redirected to the login page.

http://localhost:8080/login?logout

Output:


This example project demonstrates how to set up a basic Spring Boot application with Spring Security for handling login and logout functionalities. It showcases how users can securely sign in and logout of the application, with Spring Security taking care of session invalidation and cleanup, thus enhancing the security of the Spring application.



Tags:
#Java-Spring-Security #Advance Java

Spring Boot - REST Example

How to Configure Log4j 2 Logging in Spring Boot?

Contact Us

Categories
Learn the most popular programming languages in the world.