Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logoutSuccessUrl in DefaultLoginPageGeneratingFilter is not set #9973

Closed
skuhnert opened this issue Jun 21, 2021 · 2 comments
Closed

logoutSuccessUrl in DefaultLoginPageGeneratingFilter is not set #9973

skuhnert opened this issue Jun 21, 2021 · 2 comments
Assignees
@eleftherias
Labels
in: web An issue in web modules (web, webmvc) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
5.6.0-M1

Comments

@skuhnert
Copy link

Describe the bug
Relogin after logout leads to an error (404).

To Reproduce

  • Startup a minimal webapp with spring-boot integration (see Sample)
  • Login with user / password from console-log
  • Klick on the logout-link
  • Login again with user / password from console-log
  • see error page

Expected behavior
Seeing the welcome page after 2nd login.

Sample
https://github.com/comlinegmbh/spring-security-missing-default-url-demo

Woraround
Please take a look in DemoApplication.java. If you remove the comments in line 27 (@PostConstruct), the relogin succeded.

Imo the standard configuration should take care of the logoutSuccessUrl.
Maybe directly in the DefaultLoginPageGeneratingFilter (see init() Methods) or by calling setLogoutSuccessUrl in FormLoginConfigurer.initDefaultLoginFilter?
@skuhnert skuhnert added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jun 21, 2021
@sjohnr sjohnr added in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 21, 2021
@eleftherias eleftherias changed the title logoutSuccessUrl in DefaultLoginPageGeneratingFilter ist not set logoutSuccessUrl in DefaultLoginPageGeneratingFilter is not set Jun 23, 2021
@eleftherias eleftherias added this to the 5.6.0-M1 milestone Jun 24, 2021
eleftherias added a commit that referenced this issue Jun 24, 2021
@eleftherias
Apply DefaultLoginPageConfigurer before logout
fdd017d 
If they are not applied in this order, then the LogoutConfigurer cannot
set the logoutSuccessUrl, because the DefaultLoginPageGeneratingFilter
does not exist yet.
This impacts users that inject the default HttpSecurity bean.

Closes gh-9973
@spring-projects-issues spring-projects-issues added the status: backported An issue that has been backported to maintenance branches label Jun 24, 2021
Closed
eleftherias added a commit that referenced this issue Jun 24, 2021
@eleftherias
Apply DefaultLoginPageConfigurer before logout
e313e6b 
If they are not applied in this order, then the LogoutConfigurer cannot
set the logoutSuccessUrl, because the DefaultLoginPageGeneratingFilter
does not exist yet.
This impacts users that inject the default HttpSecurity bean.

Closes gh-9973
Closed
@eleftherias
Copy link
Contributor

Thanks for the report @skuhnert!
This is now fixed and backported to the 5.5 and 5.4 branches.

@skuhnert
Copy link
Author

Thanks for the quick fix!

akohli96 pushed a commit to akohli96/spring-security that referenced this issue Aug 25, 2021
@eleftherias
Apply DefaultLoginPageConfigurer before logout
ac66bbc 
If they are not applied in this order, then the LogoutConfigurer cannot
set the logoutSuccessUrl, because the DefaultLoginPageGeneratingFilter
does not exist yet.
This impacts users that inject the default HttpSecurity bean.

Closes spring-projectsgh-9973
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

Labels
in: web An issue in web modules (web, webmvc) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
5.6.0-M1
Development

No branches or pull requests
4 participants
@sjohnr @eleftherias @spring-projects-issues @skuhnert