Spring Security
  1. Spring Security
  2. SEC-1254

LogoutBeanDefinitionParser cannot leave 'logoutSuccessUrl' empty

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 2.0.5
    • Fix Version/s: 3.0.0.RC2
    • Component/s: Namespace
    • Labels:
      None

      Description

      I have patched LogoutFilter before to use request.getHeader('Referer') for logoutSuccessUrl http://jira.springframework.org/browse/SEC-491
      It need logoutSuccessUrl be empty to use such feature

      please remove DEF_LOGOUT_SUCCESS_URL in LogoutBeanDefinitionParser leave it to LogoutFilter, LogoutFilter has default value "/"

        Issue Links

          Activity

          Hide
          Luke Taylor added a comment -

          The behaviour you describe no longer applies in the 3.0 codebase. The location is determined by the LogoutSuccessHandler. If you want to use the referer, rmove the <logout /> element from the namespace and add a LogoutFilter which has a SimpleUrlLogoutSuccessHandler with the "referer" property set to "true".

          Show
          Luke Taylor added a comment - The behaviour you describe no longer applies in the 3.0 codebase. The location is determined by the LogoutSuccessHandler. If you want to use the referer, rmove the <logout /> element from the namespace and add a LogoutFilter which has a SimpleUrlLogoutSuccessHandler with the "referer" property set to "true".
          Hide
          Luke Taylor added a comment -

          Changing type and module. Not a bug - more a limitation of the namespace, which doesn't supoprt use of the referer as the destination.

          Show
          Luke Taylor added a comment - Changing type and module. Not a bug - more a limitation of the namespace, which doesn't supoprt use of the referer as the destination.
          Hide
          Luke Taylor added a comment -

          I've added SEC-1291, to allow customization of the logout success handler, so you will be able to inject the required behaviour.

          Show
          Luke Taylor added a comment - I've added SEC-1291 , to allow customization of the logout success handler, so you will be able to inject the required behaviour.

            People

            • Assignee:
              Luke Taylor
              Reporter:
              zhouyanming
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: