Skip to content

Commit b04b34b

Browse files
committed
Fix Logout in OpenID Sample
Fixes gh-8554
1 parent 4ab9da1 commit b04b34b

File tree

2 files changed

+8
-2
lines changed

2 files changed

+8
-2
lines changed

samples/xml/openid/src/main/webapp/WEB-INF/applicationContext-security.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
<intercept-url pattern="/css/*" access="permitAll"/>
1717
<intercept-url pattern="/js/*" access="permitAll"/>
1818
<intercept-url pattern="/**" access="authenticated"/>
19-
<logout/>
19+
<logout logout-success-url="/"/>
2020
<openid-login login-page="/openidlogin.jsp" user-service-ref="registeringUserService"
2121
authentication-failure-url="/openidlogin.jsp?login_error=true">
2222
<attribute-exchange identifier-match="https://www.google.com/.*">

samples/xml/openid/src/main/webapp/index.jsp

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
<%@ page import="org.springframework.security.web.csrf.CsrfToken" %>
12
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
23
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
34

@@ -27,6 +28,11 @@ by the application and will be recognized if you return.
2728
<p>
2829
Your principal object is....: <%= request.getUserPrincipal() %>
2930
</p>
30-
<p><a href="logout">Logout</a>
31+
<% CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); %>
32+
<form id="logout" method="post" action="logout">
33+
<input type="hidden" name="<%= token.getParameterName() %>"
34+
value="<%= token.getToken() %>"/>
35+
</form>
36+
<p><a href="#" onclick="document.forms[0].submit()">Logout</a></p>
3137
</body>
3238
</html>

0 commit comments

Comments
 (0)