In my SpringBoot-App, I am using an implementation of a Logout-handler to put together a redirect-uri. Since the method logout() (without parameters) of HttpSecurity has been deprecated, I am attempting to configure the logout with lambdas. In my eyes, it should do the same, the behaviour however turns out to be different.
The logout handler looks like this:
public class MyCustomLogoutHandler implements LogoutHandler{
@Override
public void logout(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) {
try {
response.sendRedirect(assembleUri());
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
Old (and working) config:
httpSecurity.logout()
.logoutUrl("/sso/logout")
.permitAll()
.addLogoutHandler(new MyCustomLogoutHandler());
I changed it into the following:
httpSecurity.logout(config -> config.logoutUrl("sso/logout")
.permitAll()
.addLogoutHandler(new MyCustomLogoutHandler()));
But now, the method "logout" is not called anymore and i end up in a 404.
What could be the mistake here?
>Solution :
Missing "/" in Logout URL:
In the lambda configuration, you’ve used .logoutUrl("sso/logout"). Make sure that the URL should begin with a "/" to be treated as an absolute URL path. So, it should be .logoutUrl("/sso/logout").
httpSecurity.logout(config -> config.logoutUrl("/sso/logout")
.permitAll()
.addLogoutHandler(new MyCustomLogoutHandler()));