Spring Security Logout: A Step-by-Step Tutorial

Logging out a user from a Spring Security application is a crucial feature for any web application. This tutorial will guide you through setting up a simple Spring Boot 3.2 application with Spring Security 6.1 and implementing a logout functionality.


  • JDK 17 or later
  • Maven or Gradle
  • IDE (IntelliJ IDEA, Eclipse, etc.)

Step 1: Set Up a Spring Boot Project

1.1 Create a New Spring Boot Project

Use Spring Initializr to create a new project with the following dependencies:

  • Spring Web
  • Spring Security
  • Thymeleaf (optional, for the frontend)

Download and unzip the project, then open it in your IDE.

1.2 Configure application.properties

Set up the application properties for your project. This file is located in the src/main/resources directory.

# src/main/resources/application.properties

# Server port

# Thymeleaf configuration (optional)

Step 2: Configure Spring Security

2.1 Create a Security Configuration Class

Create a configuration class to set up Spring Security.

package com.example.demo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

public class SecurityConfig {

    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
            .authorizeHttpRequests(authorizeRequests ->
                    .requestMatchers("/login", "/logout", "/resources/**").permitAll()
            .formLogin(formLogin ->
            .logout(logout ->

        return http.build();

    public UserDetailsService userDetailsService() {
        UserDetails user = User.builder()

        return new InMemoryUserDetailsManager(user);


  • SecurityFilterChain: Configures the security filter chain.
  • authorizeHttpRequests: Defines URL authorization.
  • formLogin: Configures form-based login.
  • logout: Configures logout functionality.
  • UserDetailsService: Provides user details for authentication. Here, an in-memory user store is used.

Step 3: Create the Login and Logout Pages

3.1 Create the Login Page

Create a login page using Thymeleaf. Create a file named login.html in the src/main/resources/templates directory.

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
    <form th:action="@{/login}" method="post">
            <input type="text" name="username"/>
            <input type="password" name="password"/>
            <button type="submit">Login</button>
    <div th:if="${param.logout}">
        You have been logged out.
    <div th:if="${param.error}">
        Invalid username or password.

3.2 Create the Home Page

Create a home page that will be accessible only to authenticated users. Create a file named home.html in the src/main/resources/templates directory.

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
    <h1>Welcome, <span th:text="${#httpServletRequest.remoteUser}">User</span>!</h1>
    <a th:href="@{/logout}">Logout</a>

Step 4: Create a Controller

4.1 Create the HomeController

Create a controller to handle requests to the login and home pages.

package com.example.demo.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

public class HomeController {

    public String login() {
        return "login";

    public String home() {
        return "home";


  • @Controller: Marks the class as a web controller.
  • @GetMapping("/login"): Maps GET requests for the login page.
  • @GetMapping("/"): Maps GET requests for the home page.

Step 5: Running and Testing the Application

5.1 Run the Application

Run the Spring Boot application using your IDE or the command line:

./mvnw spring-boot:run

5.2 Test the Login and Logout Functionality

  1. Open a web browser and navigate to http://localhost:8080.
  2. You will be redirected to the login page.
  3. Enter the username user and password password, and click the "Login" button.
  4. You should be redirected to the home page and see a welcome message.
  5. Click the "Logout" link to log out. You will be redirected to the login page with a logout message.


In this tutorial, you have learned how to implement login and logout functionality using Spring Security 6.1 in a Spring Boot 3.2 application. We covered:

  • Setting up a Spring Boot project with Spring Security.
  • Configuring Spring Security to handle login and logout.
  • Creating login and home pages using Thymeleaf.
  • Creating a controller to handle requests.

By following these steps, you can effectively manage authentication and session management in your Spring Boot applications using Spring Security.