io.micronaut.security.endpoints.LogoutController
is annotated by @Secured(SecurityRule.IS_ANONYMOUS)
In general one would expect a user to be authenticated before logout. What am I missing?
io.micronaut.security.endpoints.LogoutController
is annotated by @Secured(SecurityRule.IS_ANONYMOUS)
In general one would expect a user to be authenticated before logout. What am I missing?
Copyright © 2021 Jogjafile Inc.
You're right that it doesn't make sense to logout without being logged in, but if there was a non-anonymous rule for the controller and you access it without being logged in, it would trigger a login. The best thing to do is to let it be a no-op for non-authenticated access.