From e7433a03bb056ec7de2e281304ef44fc4351d49d Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 19 Nov 2018 18:39:30 +0300 Subject: remove invalid logout url --- src/main/java/com/juick/server/configuration/SecurityConfig.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/main/java/com/juick/server') diff --git a/src/main/java/com/juick/server/configuration/SecurityConfig.java b/src/main/java/com/juick/server/configuration/SecurityConfig.java index f02083d58..37007f09f 100644 --- a/src/main/java/com/juick/server/configuration/SecurityConfig.java +++ b/src/main/java/com/juick/server/configuration/SecurityConfig.java @@ -40,6 +40,7 @@ import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; @@ -185,9 +186,10 @@ public class SecurityConfig { .sessionManagement().invalidSessionUrl("/") .and() .logout() + .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .invalidateHttpSession(true) .logoutUrl("/logout") - .logoutSuccessUrl("/login?logout") + .logoutSuccessUrl("/") .deleteCookies("hash", COOKIE_NAME) .and() .formLogin() -- cgit v1.2.3