1: @Configuration
2: public class SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
3: @Override
4: protected void configure(HttpSecurity http) throws Exception {
5: http
6: .csrf()
7: .disable()
8: .and()
9: .authorizeRequests()
10: .anyRequest()
11: .authenticated()
12: .and()
13: .formLogin()
14: .permitAll()
15: .and()
16: .logout()
17: .deleteCookies("remove")
18: .invalidateHttpSession(false)
19: .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
20: .logoutSuccessUrl("/login");
21: }
How this works:
Just type "logout" in header address bar and it will delete any user session cookies that spring security creates it by default, invalidates the user session and takes the user back to the default login page. Actually in the backend spring will look for any logout requests made and map it to the default login page after logging out the user. Isn't this simple and cool?
Please comment if you need any help implementing this functionality.