Configuring logout

The HttpSecurity configuration of Spring Security automatically adds support for logging the user out. All that is needed is to create a link that points to /j_spring_security_logout. However, we will demonstrate how to customize the URL used to log the user out by performing the following steps:

1. Update the Spring Security configuration as follows:

        //src/main/java/com/packtpub/springsecurity/configuration/
        SecurityConfig.java

        http.authorizeRequests()
        ...
       .logout()
       .logoutUrl("/logout")
       .logoutSuccessUrl("/login?logout");

1. You have to provide a link for the user to click on that will log them out. We will update the header.html  file so that the Logout link appears on every page:

        //src/main/webapp/WEB-INF/templates/fragments/header.html

        <p id="navbar" ...>
         ...
           <ul class="nav navbar-nav pull-right">
             <li><a id="navLogoutLink" th:href="@{/logout}">
               Logout</a></li>
           </ul>
            ...
        </p>

1. The last step is to update the login.html file to display a message indicating logout was successful when the logout parameter is present:

        //src/main/webapp/WEB-INF/templates/login.html

        <p th:if="${param.logout != null}" class="alert 
        alert-success"> You have been logged out.</p>
          <label for="username">Username</label>
          ...

Your code should now look like chapter02.02-calendar.