Merge pull request #2713 from rob-baily/master

* pr/2713:
  Fix logout in sample secure web applications

spring-boot-samples/spring-boot-sample-web-secure-custom/src/main/java/sample/web/secure/custom/SampleWebSecureCustomApplication.java

@@ -76,7 +76,7 @@ public class SampleWebSecureCustomApplication extends WebMvcConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
 			http.authorizeRequests().antMatchers("/css/**").permitAll().anyRequest()
 					.fullyAuthenticated().and().formLogin().loginPage("/login")
-					.failureUrl("/login?error").permitAll();
+					.failureUrl("/login?error").permitAll().and().logout().permitAll();
 		}
 
 		@Override

spring-boot-samples/spring-boot-sample-web-secure-custom/src/main/resources/templates/home.html

@@ -13,7 +13,6 @@
 					Plain </a>
 				<ul class="nav">
 					<li><a th:href="@{/}" href="home.html"> Home </a></li>
-					<li><a th:href="@{/logout}" href="logout"> Logout </a></li>
 				</ul>
 			</div>
 		</div>
@@ -21,6 +20,9 @@
 		<div th:text="${message}">Fake content</div>
 		<div id="created" th:text="${#dates.format(date)}">July 11,
 			2012 2:17:16 PM CDT</div>
+        <form th:action="@{/logout}" method="post">
+            <input type="submit" value="Sign Out"/>
+        </form>
 	</div>
 </body>
 </html>

spring-boot-samples/spring-boot-sample-web-secure-jdbc/src/main/java/sample/web/secure/jdbc/SampleWebSecureCustomApplication.java

@@ -81,7 +81,7 @@ public class SampleWebSecureCustomApplication extends WebMvcConfigurerAdapter {
 		protected void configure(HttpSecurity http) throws Exception {
 			http.authorizeRequests().antMatchers("/css/**").permitAll().anyRequest()
 					.fullyAuthenticated().and().formLogin().loginPage("/login")
-					.failureUrl("/login?error").permitAll();
+					.failureUrl("/login?error").permitAll().and().logout().permitAll();
 		}
 
 		@Override

spring-boot-samples/spring-boot-sample-web-secure-jdbc/src/main/resources/templates/home.html

@@ -13,7 +13,6 @@
 					Plain </a>
 				<ul class="nav">
 					<li><a th:href="@{/}" href="home.html"> Home </a></li>
-					<li><a th:href="@{/logout}" href="logout"> Logout </a></li>
 				</ul>
 			</div>
 		</div>
@@ -21,6 +20,9 @@
 		<div th:text="${message}">Fake content</div>
 		<div id="created" th:text="${#dates.format(date)}">July 11,
 			2012 2:17:16 PM CDT</div>
+        <form th:action="@{/logout}" method="post">
+            <input type="submit" value="Sign Out"/>
+        </form>
 	</div>
 </body>
 </html>

spring-boot-samples/spring-boot-sample-web-secure/src/main/java/sample/web/secure/SampleWebSecureApplication.java

@@ -71,7 +71,8 @@ public class SampleWebSecureApplication extends WebMvcConfigurerAdapter {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin()
-					.loginPage("/login").failureUrl("/login?error").permitAll();
+					.loginPage("/login").failureUrl("/login?error").permitAll().and()
+					.logout().permitAll();
 		}
 
 		@Override

spring-boot-samples/spring-boot-sample-web-secure/src/main/resources/templates/home.html

@@ -13,7 +13,6 @@
 					Plain </a>
 				<ul class="nav">
 					<li><a th:href="@{/}" href="home.html"> Home </a></li>
-					<li><a th:href="@{/logout}" href="logout"> Logout </a></li>
 				</ul>
 			</div>
 		</div>
@@ -21,6 +20,9 @@
 		<div th:text="${message}">Fake content</div>
 		<div id="created" th:text="${#dates.format(date)}">July 11,
 			2012 2:17:16 PM CDT</div>
+        <form th:action="@{/logout}" method="post">
+            <input type="submit" value="Sign Out"/>
+        </form>
 	</div>
 </body>
 </html>