How to disable logout confirmation in spring security using xml?

It is a CSRF feature to avoid logout request initiated by malicious javascript from another site.
Your request is GET: /logout and hence spring security wants to confirm it by user action such as click.

So to avoid it. Your logout request should be POST and contain valid _csrf token.

You can achieve it by using spring form tag with method post as given below

<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
...
<form:form action="${pageContext.request.contextPath}/logout" 
           method="post" modelAttribute="AnyModelAttributePassedFromController">
    <form:button value="submit"> Logout</form:button>
</form:form>
...

<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
...
<form:form action="${pageContext.request.contextPath}/logout" 
           method="post" modelAttribute="_csrf">
    <form:button value="submit"> Logout</form:button>
</form:form>
...

How to disable logout confirmation in spring security using xml?

Tags:

Java

Spring

Spring Mvc

Spring Security

Logout

Related

Recent Posts