Grails Spring Security plugin url

0
votes

The Grails Spring Security plugin docs shows these two properties related to logout urls (copied from https://github.com/grails-plugins/grails-spring-security-core/blob/master/src/docs/guide/13%20URL%20Properties.gdoc)

logout.afterLogoutUrl | '/' | URL for redirect after logout.

logout.filterProcessesUrl | '/j_spring_security_logout' | Logout URL, intercepted by Spring Security filter.

When I run the s2-quickstart script to generate the LogoutController, the default behavior is to redirect to logout.filterProcessesUrl.

What is the purpose of logout.afterLogoutUrl if the LogoutController does not redirect to it?

1
grailsspring-securitylogout

1 Answers

2
votes

Spring Security introduces some filters, Java filters, not Grails. This filters do all authentication job, see http://static.springsource.org/spring-security/site/docs/3.1.x/reference/security-filter-chain.html

logout.filterProcessesUrl handled by Spring Security filter, and after cleanup (removes user from current context, etc) it redirects to logout.afterLogoutUrl.

LogoutController does nothing, just redirects to filter. You can redirect user to this user in your own controller, or even put <a link to such url