Kotlin – Spring Security Customize Logout Success Handler

In the tutorial, we will show you how to customize Logout Success Handler with Kotlin Spring Security web application.

I. Technologies

– Kotlin 1.2.20
– Apache Maven 3.5.2
– Spring Tool Suite – Version 3.9.0.RELEASE
– Spring Boot – 1.5.10.RELEASE
– Bootstrap

II. Goal

We create a Kotlin MVC Web Application as below:

Kotlin Spring Security - Customize LogOut Successfully - project structure

We use LogoutSuccessHandler to customize a behaviour of Kotlin Spring Security after logout successfully. In the tutorial, it will redirect to logoutsuccessful.html page:

Kotlin Spring Security - Customize LogOut Successfully - logout succesfully

III. Implementation

1. Create Kotlin Spring Security web application

-> Follow the article: Kotlin SpringBoot – Configure Spring Security

2. Customize LogoutSuccessHandler

2.1. Create logoutsuccessful.html page
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
	xmlns:th="http://www.thymeleaf.org"
	xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
<head>
	<title>Welcome Security with Spring Boot!</title>
	<meta charset="utf-8"/>
	<meta name="viewport" content="width=device-width, initial-scale=1"/>
	<link rel="stylesheet"
		href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"/>
	<script
		src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
	<script
		src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body class="container" style="margin:50px">
	<div class="row col-sm-5" 
				style="border: 1px ridge #003312; padding:20px; float: none; margin: 0 auto;">
			<h1>Logout Successfully!</h1>
			<a style="color: blue" th:href="@{/}">Home Page</a>
			<br />
			<a style="color: blue" th:href="@{/login}">Login Page</a>
	</div>
</body>
</html>
2.2 Customize LogoutSuccessHandler

package com.javasampleapproach.kotlin.springsecurity.successlogout.config

import java.io.IOException;
 
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.stereotype.Component;
 
@Component
class CustomLogoutSuccessHandler: LogoutSuccessHandler{
	
	val logger = LoggerFactory.getLogger(CustomLogoutSuccessHandler::class.java)
	
	override fun onLogoutSuccess(request: HttpServletRequest,
			response: HttpServletResponse, authentication: Authentication)
			: Unit{
		
		// Code For Business Here
		logger.info("Logout Sucessfull with Principal: " + authentication.getName())
		
		response.setStatus(HttpServletResponse.SC_OK)
        //redirect to login
		response.sendRedirect("/logoutsuccessful")
	}
	
}
2.3 Add LogoutSuccessHandler to WebSecurityConfigurer

package com.javasampleapproach.kotlin.springsecurity.successlogout.config

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
class SecurityConfig : WebSecurityConfigurerAdapter() {

	@Autowired
	lateinit var customLogoutSuccessHandler: CustomLogoutSuccessHandler
	
	override fun configure(http: HttpSecurity): Unit {
		http
				.authorizeRequests()
				.antMatchers("/", "/logoutsuccessful").permitAll()
				.antMatchers("/admin").hasRole("ADMIN")
				.anyRequest().authenticated()
				.and()
				.formLogin()
					.loginPage("/login").permitAll()
				.and()
				.logout()
					.logoutSuccessHandler(customLogoutSuccessHandler).permitAll()
		
		http.exceptionHandling().accessDeniedPage("/403");
	}

	@Autowired
	fun configureGlobal(auth: AuthenticationManagerBuilder): Unit {
		auth
				.inMemoryAuthentication()
				.withUser("user").password("user").roles("USER")
				.and()
				.withUser("admin").password("admin").roles("ADMIN")	
	}
}

IV. SourceCode

KotlinSpringSecurityCustomizeLogoutSuccessful

One thought on “Kotlin – Spring Security Customize Logout Success Handler”

  1. I’m not sure exactly why but this blog is loading very slow for me.

    Is anyone else having this problem or is it a issue on my
    end? I’ll check back later and see if the problem
    still exists.

Leave a Reply

Your email address will not be published. Required fields are marked *