VOOZH about

URL: https://www.geeksforgeeks.org/advance-java/spring-security-logout/

⇱ Spring Security - Logout - GeeksforGeeks

  • Courses
  • Tutorials
  • Interview Prep

Spring Security - Logout

Last Updated : 28 May, 2026

Spring Security Logout is a mechanism used to securely end a user session in a Spring application. It clears authentication details, invalidates the session, and redirects the user to the login page after logout.

  • Prevents unauthorized access after the user signs out.
  • Clears session data and security context automatically.
  • Supports custom logout URLs and logout success pages.

When the user logs out

  • The authentication is cleared from the current SecurityContext and it ensures the user is no longer recognized as the authenticated of the application.
  • The user's session is invalidated.
  • Optional the cookies can be cleared then the other cleanup activities can be performed.

Implementation of the Spring Security - Logout

Below are the implementation steps of the logout mechanism in Spring Security.

Step 1: Create a Spring Boot Project

Create a new project using Spring Initializr with the following configuration:

Add Dependencies:

  • Spring Web
  • Spring Security
  • Thymeleaf
  • Lombok
  • Spring DevTools

Once the project is created, the file structure will resemble the following:

👁 Folder Structure

Step 2: Configure Security Credentials

Open the application.properties file and add the security username and password configuration for the Spring Security application:

Step 3: Create the Security Configuration class

Create the SecurityConfig class to configure Spring Security in the project.

  • .formLogin() enables the default login page.
  • .logoutSuccessUrl() redirects users after logout.
  • .invalidateHttpSession(true) clears the session.

Step 4: Create the Controller class

Create the HomeController class to create the home REST API of the Spring project.

  • @Controller handles web page requests.
  • @GetMapping("/") maps the home page.

Step 5: Main Class(No Changes are required)

Go src > org.example.springsecuritylogout > SpringSecurityLogoutApplication.

  • @SpringBootApplication enables Spring Boot features.
  • Main method starts the application.

Step 6: Create the Home HTML page

Create the home.html file inside the templates folder.

  • Displays the home page after login
  • Logout link calls Spring Security logout endpoint

Step 7: Run the Application

Finally, we will run the application then it will be start at port number 8080.

👁 Application Runs

Step 7: Test the Application

Endpoint API:

http://localhost:8080/

If user not login into the application its redirects to the /login endpoint of the Spring application.

  • Username: user
  • password: user

Output:

👁 Sign in Page

Once logged into the application, it goes to the below URL.

http://localhost:8080/?continue

Output:

👁 Home Page

Click on the logout button, then its redirects to the below URL.

http://localhost:8080/logout

Output:

👁 Log out popup

Once the user logs out of the application, they are redirected to the login page.

http://localhost:8080/login?logout

Output:

👁 Sign out
Comment
Article Tags:

Explore