@ -98,18 +98,36 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends Ab
@@ -98,18 +98,36 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends Ab
}
/ * *
* The URL that triggers logout to occur on HTTP POST . The default is "/logout"
* @param logoutUrl the URL that will invoke logout .
* The URL that triggers log out to occur on HTTP POST . The default is
* "/logout" .
*
* < p >
* It is considered best practice to use an HTTP POST on any action that
* changes state ( i . e . log out ) to protect against < a
* href = "http://en.wikipedia.org/wiki/Cross-site_request_forgery" > CSRF
* attacks < / a > . If you really want to use an HTTP GET , you can use
* < code > logoutRequestMatcher ( new AntPathRequestMatcher ( logoutUrl , "GET" ) ) ; < / code >
* < / p >
*
* @see # logoutRequestMatcher ( RequestMatcher )
*
* @param logoutUrl
* the URL that will invoke logout .
* @return the { @link LogoutConfigurer } for further customization
* /
public LogoutConfigurer < H > logoutUrl ( String logoutUrl ) {
return logoutRequestMatcher ( new AntPathRequestMatcher ( logoutUrl , "POST" ) ) ;
}
/ * *
* The RequestMatcher that triggers logout to occur on HTTP POST . The default is "/logout"
* @param logoutRequestMatcher the RequestMatcher used to determine if logout should occur .
* The RequestMatcher that triggers log out to occur . In most circumstances
* users will use { @link # logoutUrl ( String ) } which helps enforce good
* practices .
*
* @see # logoutUrl ( String )
*
* @param logoutRequestMatcher
* the RequestMatcher used to determine if logout should occur .
* @return the { @link LogoutConfigurer } for further customization
* /
public LogoutConfigurer < H > logoutRequestMatcher ( RequestMatcher logoutRequestMatcher ) {
Rob Winch
13 years ago