From e7433a03bb056ec7de2e281304ef44fc4351d49d Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Mon, 19 Nov 2018 18:39:30 +0300
Subject: remove invalid logout url

---
 src/main/java/com/juick/server/configuration/SecurityConfig.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/main/java/com/juick')

diff --git a/src/main/java/com/juick/server/configuration/SecurityConfig.java b/src/main/java/com/juick/server/configuration/SecurityConfig.java
index f02083d5..37007f09 100644
--- a/src/main/java/com/juick/server/configuration/SecurityConfig.java
+++ b/src/main/java/com/juick/server/configuration/SecurityConfig.java
@@ -40,6 +40,7 @@ import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -185,9 +186,10 @@ public class SecurityConfig {
                     .sessionManagement().invalidSessionUrl("/")
                     .and()
                     .logout()
+                    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                     .invalidateHttpSession(true)
                     .logoutUrl("/logout")
-                    .logoutSuccessUrl("/login?logout")
+                    .logoutSuccessUrl("/")
                     .deleteCookies("hash", COOKIE_NAME)
                     .and()
                     .formLogin()
-- 
cgit v1.2.3