What is j_spring_security_logout?

[jwy923]

I am a beginner of Spring Security.

Could someone explain what is "j_spring_security_logout"?

I am trying to implement OpenID.

I downloaded "spring-security-samples-openid-2.0.4.war" and ran the example.

However, logout does not work.

When I reviewed a jsp file, the logout link refers to j_spring_security_logout, but I don't know what it is.

Please help me understand it.

Thanks in advance.

John

[Andrei Tsibets]

'/j_spring_security_logout' of LogoutFilter is similar to '/j_spring_security_check' of AuthenticationProcessingFilter but for logout.

E.g. LogoutFilter will process logout when client request /j_spring_security_logout url. LogoutFilter delegates work to list of LogoutHandler, one of which does session invalidation (SecurityContextLogoutHandler)

[jwy923]

Could you help me find where the source code for "j_spring_security_logout"?
Is it a servlet? a macro? or what? I want to know where (which jar file) it is located in, and how it is written in detail.

Thanks in advance. and please understand my lack of knowledge.

John

[Luke Taylor]

http://static.springframework.org/sp...outFilter.html

[jwy923]

Does somebody test this j_spring_security_logout for OpenID?

It seems to work in other samples in the repository, but it(logout) does not in the OpenID sample (http://repo1.maven.org/maven2/org/sp...amples-openid/).

The problem is that although I used j_spring_security_logout, I can still access to the secured web pages.
When I access to the secured web pages in a new session, my access is filtered and redirected to a log-in page, so I need to do authentication processes (OpenID authentication), which is the normal situation.
Once logged-in and then logged-out, I can access to the secured web pages without authentication, which is not the normal situation.

Could you help me?

[Luke Taylor]

OpenID is a single-sign-on solution. So even if you log out of the application you will still be allowed back in while you are authenticated to OpenID.