Hello Dr.Sun,

When i logout of admin.jsp i'm getting 404 error. Also, i've added the below snippet in my application-context.xml.

<security:http auto-config="true" use-expressions="true">
    <security:intercept-url pattern="/admin.*" access="authenticated" />
      <security:logout logout-success-url="/"/> 
      <security:csrf/> 
</security:http>

It was about the version, It's working fine now. Thank you Dr.Sun.

bseemscs wrote:

So this is how I am understanding this. We can use the /login url and the login form is generated and displayed automatically by Spring. This is working for me when I use href="<c:url value='/login'/>". We can also explicitly use the form if we want to customize the login form.

However, to log out we cannot simply use the /logout url? We must explicitly use the logout form? When I use href="<c:url value='/logout'/>" I get 404 error /csjobs/logout not available and logout is not accomplished. Only when I use the form in a jsp am I able to logout and be directed to the logout-success-url. I don't mind using the form but if the url can accomplish logout it would be nice to just be able to put in the link. Advice?

To prevent CSRF attack, newer versions of Spring Security require that logout request must be  a POST request, so simply clicking on a logout link won't work because it's a GET request.