Spring Security + Google App Engine + UserService: What is the correct way to logout?
Question
Sorry if this question is very obvious.
I am very confused about how to logout from web app using Google App Engine (UserService) and Spring MVC/Spring Security.
By example, there is a way to do it just putting a link pointing to 'j_spring_security_logout' as is explained on mkyong .
And there is the way described in the basic Google App Engine tutorial , putting a link to URL returned by 'createLoginURL(...)' method.
I have tried both, and google user keep logged in.
So, what is the correct way accomplish this simple task?
Thanks.
2 answers
solution1
0 2014-01-12 09:25:56
By pointing to
j_spring_security_logout, user's current session will be invalidated but he will not be logged out from Google accounts. So when user comes back to URL or link where you are expecting user to be logged in using Google account will work as he is not logged out from Google.When you redirect user to the link created by
userService.createLogoutUrl, user will be logged out from Google accounts.
Depending upon your requirement you can use single or combine these two steps to log out user from current session and Google accounts as well.
solution2
0 2015-11-04 07:59:35
UserService works with a Google account, so userService.createLogoutUrl will actually log you out of a Google account.
And Logout feature of Spring Security is related to session so, j_spring_security_logout will destroy the session.
Now depending upon how you are determining someone is considered logged out you can choose in between them.
You may wanna go through this article :
http://spring.io/blog/2010/08/02/spring-security-in-google-app-engine/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.