Announcement Announcement Module
No announcement yet.
What is j_spring_security_logout? Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • What is j_spring_security_logout?

    I am a beginner of Spring Security.

    Could someone explain what is "j_spring_security_logout"?

    I am trying to implement OpenID.

    I downloaded "spring-security-samples-openid-2.0.4.war" and ran the example.

    However, logout does not work.

    When I reviewed a jsp file, the logout link refers to j_spring_security_logout, but I don't know what it is.

    Please help me understand it.

    Thanks in advance.


  • #2
    '/j_spring_security_logout' of LogoutFilter is similar to '/j_spring_security_check' of AuthenticationProcessingFilter but for logout.

    E.g. LogoutFilter will process logout when client request /j_spring_security_logout url. LogoutFilter delegates work to list of LogoutHandler, one of which does session invalidation (SecurityContextLogoutHandler)


    • #3
      Could you help me find where the source code for "j_spring_security_logout"?
      Is it a servlet? a macro? or what? I want to know where (which jar file) it is located in, and how it is written in detail.

      Thanks in advance. and please understand my lack of knowledge.



      • #4


        • #5
          Does somebody test this j_spring_security_logout for OpenID?

          It seems to work in other samples in the repository, but it(logout) does not in the OpenID sample (

          The problem is that although I used j_spring_security_logout, I can still access to the secured web pages.
          When I access to the secured web pages in a new session, my access is filtered and redirected to a log-in page, so I need to do authentication processes (OpenID authentication), which is the normal situation.
          Once logged-in and then logged-out, I can access to the secured web pages without authentication, which is not the normal situation.

          Could you help me?


          • #6
            OpenID is a single-sign-on solution. So even if you log out of the application you will still be allowed back in while you are authenticated to OpenID.


            • #7

              Is there any way to change configuration, so that I can force a complete logout after clicking the logout button in OpenID?

              I think it is not secure that when I leave a public computer after "explicitly" logging out from an OpenID secured web page, somebody can access to the page.