grails spring security redirect after logout

3
votes

I'm using grails spring security and want to redirect user to some url just after logout. What I've discovered so far is that there is a special property for that called 'logout.afterLogoutUrl' and that grails.plugin.springsecurity.logout.postOnly should be set to false. So in my Config.groovy I have: 

grails.plugin.springsecurity.logout.postOnly = false
logout.afterLogoutUrl = "/"

my logout button looks like: 

    <sec:ifLoggedIn>
        <g:remoteLink class="logout buttons" controller="logout"><g:message code="btn.logout"
                                                               default="Loading&hellip;"/></g:remoteLink>
    </sec:ifLoggedIn>

When I click on logout button the following sequence of requests appears:

  1. /logout/index
  2. /j_spring_security_logout
  3. /
  4. /login/authAjax

and from the last one I get 'Status Code:401 Unauthorized' but user still sees the page from where I clicked logout button. Does anyone know how to handle this situation? Thank you very much!

2
grailsgrails-2.0grails-plugin

2 Answers

6
votes

I noticed that I use wrong property name for logout url. I changed its name to grails.plugin.springsecurity.logout.afterLogoutUrl

2
votes

This may be because your action is secured. Please make this available for anonymous user. To do this put IS_AUTHENTICATED_ANONYMOUSLY annotation like:-

@Secured(['IS_AUTHENTICATED_ANONYMOUSLY'])
def yourActionName(){
    ...
}