marcelstoer/spring-security-logout-without-csrf.xml

## spring-security-logout-without-csrf.xml
  ...
  <!-- http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/#filter-stack -->
  <!-- logout w/o CSRF protection if logout filter is placed before the CSRF filter -->
  <security:custom-filter before="CSRF_FILTER" ref="logoutFilter" />
</security:http>

<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
  <constructor-arg name="logoutSuccessUrl" value="place-whatever-you-need-here" />
  <constructor-arg name="handlers">
    <list>
      <!-- no need to add org.springframework.security.web.csrf.CsrfLogoutHandler -->
      <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
    </list>
  </constructor-arg>
  <!-- default logout URL /logout is applied internally -->
</bean>
	...
	<!-- http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/#filter-stack -->
	<!-- logout w/o CSRF protection if logout filter is placed before the CSRF filter -->
	<security:custom-filter before="CSRF_FILTER" ref="logoutFilter" />
	</security:http>

	<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
	<constructor-arg name="logoutSuccessUrl" value="place-whatever-you-need-here" />
	<constructor-arg name="handlers">
	<list>
	<!-- no need to add org.springframework.security.web.csrf.CsrfLogoutHandler -->
	<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
	</list>
	</constructor-arg>
	<!-- default logout URL /logout is applied internally -->
	</bean>