(window.webpackJsonp=window.webpackJsonp||[]).push([[182],{604:function(e,t,o){"use strict";o.r(t);var n=o(56),a=Object(n.a)({},(function(){var e=this,t=e.$createElement,o=e._self._c||t;return o("ContentSlotsDistributor",{attrs:{"slot-key":e.$parent.slotKey}},[o("h1",{attrs:{id:"logout"}},[o("a",{staticClass:"header-anchor",attrs:{href:"#logout"}},[e._v("#")]),e._v(" Logout")]),e._v(" "),o("p",[e._v("Spring Security provides a logout endpoint by default.\nOnce logged in, you can "),o("code",[e._v("GET /logout")]),e._v(" to see a default logout confirmation page, or you can "),o("code",[e._v("POST /logout")]),e._v(" to initiate logout.\nThis will:")]),e._v(" "),o("ul",[o("li",[o("p",[e._v("clear the "),o("code",[e._v("ServerCsrfTokenRepository")]),e._v(", "),o("code",[e._v("ServerSecurityContextRepository")]),e._v(", and")])]),e._v(" "),o("li",[o("p",[e._v("redirect back to the login page")])])]),e._v(" "),o("p",[e._v("Often, you will want to also invalidate the session on logout.\nTo achieve this, you can add the "),o("code",[e._v("WebSessionServerLogoutHandler")]),e._v(" to your logout configuration, like so:")]),e._v(" "),o("div",{staticClass:"language- extra-class"},[o("pre",{pre:!0,attrs:{class:"language-text"}},[o("code",[e._v("@Bean\nSecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {\n    DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(\n            new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler()\n    );\n\n    http\n        .authorizeExchange((exchange) -> exchange.anyExchange().authenticated())\n        .logout((logout) -> logout.logoutHandler(logoutHandler));\n\n    return http.build();\n}\n")])])])])}),[],!1,null,null,null);t.default=a.exports}}]);