logout in spring 5 and thymeleaf does not work anymore with my code; in spring 4 it did

Question

With spring 4, logout worked with de code below, but with spring 5 it does not anymore.

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
      //@formatter:off
    http
      .formLogin()
        .loginPage("/login")
      .and()
        .logout()
          .logoutSuccessUrl("/")

I use thymeleaf, and the application is also called thymeleaf. In the pom file I have dependencies on thymeleaf-spring4 and thymeleaf-extras-springsecurity4 (bringing both to 5 and changing classes here and there didn't help). In the logs I see:

2022-05-31 12:16:16,839 DEBUG org.springframework.security.web.FilterChainProxy : Secured GET /logout
2022-05-31 12:16:16,846 DEBUG org.springframework.web.servlet.DispatcherServlet : GET "/thymeleaf/logout", parameters={}
2022-05-31 12:16:16,883 DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping : Mapped to org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler@7f0551e7
2022-05-31 12:16:16,949 DEBUG org.springframework.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND

So in the code above, maybe I have to add something, and create a logout.html file? I don't know how.

Answer 1

you can test this in your html file. Note I am using bootstrap 5.

<form th:action="@{/logout}" method=post>
 <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
 <button type="submit" class="btn btn-sm btn-outline-secondary">Logout</button>
 </form>

Answer 2

try using .logoutUrl("/thymeleaf/logout")

you can see the documentation in: https://docs.spring.io/spring-security/reference/servlet/authentication/logout.html#logout-java-configuration