Why my logourFilter doesn't work&

[Shikarno]

Please help me! Why my logout filter doesn't work? It is not redirecting me to logout.htm. But if i put it redirect to <http> section, it works

Code:

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
								 http://www.springframework.org/schema/beans/spring-beans.xsd
						         http://www.springframework.org/schema/jdbc
        						 http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
								 http://www.springframework.org/schema/security
								 http://www.springframework.org/schema/security/spring-security-3.0.xsd">
	<http use-expressions="true">
		<intercept-url pattern="/home.htm" access="hasRole('ROLE_CANDIDATE')"
			requires-channel="https" />
		<intercept-url pattern="/*" access="permitAll"
			requires-channel="https" />
		<logout />
		<form-login default-target-url="/home.htm" />

	</http>

	<beans:bean id="logoutHandler" class="business.service.UserLogoutHandler" />
	<beans:bean id="logoutFilter"
		class="org.springframework.security.web.authentication.logout.LogoutFilter">

		<beans:constructor-arg value="/logout.htm" />
		<beans:constructor-arg>
			<beans:list>
				<beans:ref bean="logoutHandler" />
			</beans:list>
		</beans:constructor-arg>
	
	</beans:bean>

	<beans:bean id="userLoginService" class="business.service.UserLoginService" />
	<authentication-manager>
		<authentication-provider user-service-ref="userLoginService" />
	</authentication-manager>
</beans:beans>

[Luke Taylor]

You're assuming that just declaring a bean will automatically cause it to be used. This isn't the case.

In your configuration, <logout /> will create a separate filter which will be used and your separate bean will be ignored. If you want to use a custom logout filter, remove the namespace element and plug your filter into the namespace as described in the namespace documentation.

[Shikarno]

If i add

Code:

<custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>

it must work, but it doesn't

[Luke Taylor]

It should.

When it comes down to it, there's not very much to logging out. It is just a URL with some functionality attached (typically invalidating the session). It is just as easily done in something like an MVC controller so you might find that easier to understand. There's no real requirement that it is implemented within Spring Security.

[Shikarno]

It doesn't work because of this error

Code:

INFO: Undeploying context [/staffing]
8 ышёЄ 2010 15:39:00 org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive staffing.war
log4j:WARN No appenders could be found for logger (org.springframework.web.
xt.ContextLoader).
log4j:WARN Please initialize the log4j system properly.
8 ышёЄ 2010 15:39:01 org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
8 ышёЄ 2010 15:39:01 org.apache.catalina.core.StandardContext start
SEVERE: Context [/staffing] startup failed due to previous errors
8 ышёЄ 2010 15:39:42 org.apache.catalina.startup.HostConfig checkResources

Without custom filter it is undeployed and works fine

[Luke Taylor]

That's just output from Tomcat - you'll need to get some proper debug logging output from Spring to see what the real error is. Debug logging is essential. As always I'd recommend that you use one of the sample applications as a setup guide so that you are starting with a working configuration.

[Shikarno]

Thanks a lot! The last problem was that my filter has the same order as default logoutfilter. I need my own logoutfilter for the future. Now it all works fine!

[Luke Taylor]

Thanks a lot! The last problem was that my filter has the same order as default logoutfilter. I need my own logoutfilter for the future. Now it all works fine!

That's why you need to remove the <logout /> element. Good to hear you worked it out.