Grails Spring Security Plugin – Logout postOnly setting

I had a question come in about a setting in Spring Security so I thought I would take a quick minute and explain it in case anyone else also has the same question. There is a setting

‘grails.plugin.springsecurity.logout.postOnly = true’

that is true by default. If you look at the LogoutController’s index action this make a little more sense.

All this is saying is that to Logout we must have that request made in the form of a post. An easy way to do that is create a link to the logout controller (remember index is our default action).

If you try and just visit the URL http://localhost:8080/{your_context}/logout you can tell by the code that this should throw a 405 error, and it does.

Categories: Random

About The Author

My name is Dan Vega and I am a Software Developer based out of Cleveland OH. I love to play with new technologies and write about my experiences here. When I am not busy being a full time geek I love to lift heavy weights and hang out with friends and family. If you have any questions please don't hesitate to contact me.

Follow me on:
  • eriihine

    I still had some issues with this one. It seems that the href link is always generating a GET method (which I guess makes sense):

    <a href="${createLink(controller: ‘logout’)}"> Logout</a>

    I was finally able to workaround this by using:

    <form name="submitForm" method="POST" action="${createLink(controller: ‘logout’)}">
    <input type="hidden" name="" value="">
    <a HREF="javascript:document.submitForm.submit()">Logout</a>

    as suggested here: