1. 首頁
  2. 問答
  3. 春季安全註銷

春季安全註銷

2015-03-13 283 views
0

我遇到了Spring Security的麻煩。我可以登錄但不能登出(至少不是如預期的那樣)。春季安全註銷

登錄後,我將被重定向到/secure/home.xhtml < - 此工作正常,並按預期工作。但是我無法通過#{request.contextPath} /註銷註銷。 (我已經改變了春季安全配置註銷URL,但我也有一個默認試過)總有一個404

這裏至今代碼:

index.xhtm < - 工作正常

<form method="POST" id="loginForm" action="#{request.contextPath}/j_spring_security_check" class="form-signin" autocomplete="off"> 
      <div class="form-group"> 
       <label for="username" class="control-label">#{bundle["login.username"]}</label> 
       <input type="text" name="username" id="username" class="input-block-level form-control" 
         placeholder="#{bundle['label.username']}" required="true" tabindex="1" /> 
       <span class="help-block"></span> 
      </div> 
      <div class="form-group"> 
       <label for="password" class="control-label">#{bundle["login.password"]}</label> 
       <input type="password" class="input-block-level form-control" name="password" id="password" tabindex="2" 
         placeholder="#{bundle['label.password']}" required="true" /> 
       <span class="help-block"></span> 
      </div> 
      <button type="submit" tabindex="3" class="btn btn-success btn-block">#{bundle["login.action"]}</button> 
      <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> 
     </form>

彈簧security.xhtml,HTTP的conf

<security:http use-expressions="true" > 
     <security:intercept-url pattern="/secure/**" access="hasAnyRole('USER','ADMIN')" /> 
     <security:intercept-url pattern="/admin/**" access="hasRole('ADMIN')" /> 
     <!--<security:access-denied-handler error-page="/404.xhtml" />--> 
     <security:form-login 
      login-page="/index.xhtml" 
      default-target-url="/secure/home.xhtml" 
      authentication-failure-url="/index.xhtml?error" 
      username-parameter="username" 
      password-parameter="password" /> 
     <security:logout logout-url="/logout" logout-success-url="/index.xhtml?logout" invalidate-session="true" delete-cookies="JSESSIONID" /> 
     <security:csrf /> 
    </security:http>

這是我試圖執行關於向其他的答案在這裏STA註銷的方式ckoverflow:

<a href="#{request.contextPath}/logout">logout</a> 
        <h:outputLink value="#{request.contextPath}/logout">Logout</h:outputLink>

但這兩個鏈接都不起作用。我得到了404.我也讀過你應該用pageContext.request.contextPath替換request.contextPath,但那也不行。 (以代替localhost:8080/myContext /註銷鏈接將我重定向到本地主機:8080 /註銷)

一個教程給我看,說註銷可以用這個來還實施:

<form method="POST" id="loginForm" action="#{request.contextPath}/logout" class="form-signin" autocomplete="off"> 
         <button type="submit" tabindex="3" class="btn btn-success btn-block">#{bundle["logout.action"]}</button> 
         <input type="hidden" name="#{_csrf.parameterName}" value="#{_csrf.token}" /> 
        </form>

在開始它似乎解決了我的問題,但在向安全部分添加更多頁面(例如「profile.xhtml」)之後,我加入了在加載頁面後註銷的不受歡迎的行爲。 因此,如果我在我的home.xhtml中添加上面的註銷表單,即使我沒有點擊註銷,似乎也會註銷。如果我刷新頁面,即使沒有點擊註銷,我也會被重定向到index.xhtml(登錄)。所以,如果我點擊鏈接到profile.xhtml,我會自然重定向到index.xhtml,因爲春天認爲我退出了。沒有這個表單,我保持登錄狀態,但無法註銷!一團糟!

啊,如果我在註銷按鈕單擊窗體上,我得到以下錯誤:

HTTP Status 403 - Expected CSRF token not found. Has your session expired? 

type Status report 

messageExpected CSRF token not found. Has your session expired? 

descriptionAccess to the specified resource has been forbidden.

我也實在沒有想法什麼毛病我的配置:(

這裏是我的! web.xml中:

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" 
     version="3.1"> 
    <context-param> 
     <param-name>javax.faces.PROJECT_STAGE</param-name> 
     <param-value>Development</param-value> 
    </context-param> 
    <context-param> 
     <param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name> 
     <param-value>true</param-value> 
    </context-param> 
    <context-param> 
     <param-name>javax.faces.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL</param-name> 
     <param-value>true</param-value> 
    </context-param> 
    <context-param> 
     <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name> 
     <param-value>messages</param-value> 
    </context-param> 
    <context-param> 
     <param-name>javax.faces.STATE_SAVING_METHOD</param-name> 
     <param-value>server</param-value> 
    </context-param> 
    <context-param> 
     <param-name>javax.faces.DEFAULT_SUFFIX</param-name> 
     <param-value>.xhtml</param-value> 
    </context-param> 
    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value> 
      classpath:/application-context.xml 
      classpath:/application-security.xml 
     </param-value> 
    </context-param> 

    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 
    <listener> 
     <listener-class>com.sun.faces.config.ConfigureListener</listener-class> 
    </listener> 

    <!-- Predefined pages --> 
    <welcome-file-list> 
     <welcome-file>index.xhtml</welcome-file> 
    </welcome-file-list> 
    <!-- <error-page> 
     <error-code>403</error-code> 
     <location>/error.xhtml</location> 
    </error-page>--> 
    <error-page> 
     <error-code>404</error-code> 
     <location>/404.xhtml</location> 
    </error-page> 
    <error-page> 
     <error-code>500</error-code> 
     <location>/error.xhtml</location> 
    </error-page> 
    <error-page> 
     <exception-type>javax.faces.application.ServletException</exception-type> 
     <location>/index.xhtml</location> 
    </error-page> 
    <error-page> 
     <exception-type>java.lang.Exception</exception-type> 
     <location>/error.xhtml</location> 
    </error-page> 

    <session-config> 
     <session-timeout>30</session-timeout> 
    </session-config> 

    <servlet> 
     <servlet-name>Faces Servlet</servlet-name> 
     <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
     <servlet-name>Faces Servlet</servlet-name> 
     <url-pattern>*.xhtml</url-pattern> 
    </servlet-mapping> 

    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 
    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 
    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/logout</url-pattern> 
    </filter-mapping> 

    <!-- MIME TYPES --> 
    <mime-mapping> 
     <extension>css</extension> 
     <mime-type>text/css</mime-type> 
    </mime-mapping> 
    <mime-mapping> 
     <extension>eot</extension> 
     <mime-type>application/x-font-eot</mime-type> 
    </mime-mapping> 
    <mime-mapping> 
     <extension>js</extension> 
     <mime-type>text/javascript</mime-type> 
    </mime-mapping> 
    <mime-mapping> 
     <extension>latex</extension> 
     <mime-type>application/x-latex</mime-type> 
    </mime-mapping> 
    <mime-mapping> 
     <extension>otf</extension> 
     <mime-type>application/x-font-opentype</mime-type> 
    </mime-mapping> 
    <mime-mapping> 
     <extension>roff</extension> 
     <mime-type>application/x-troff</mime-type> 
    </mime-mapping> 
    <mime-mapping> 
     <extension>svg</extension> 
     <mime-type>application/svg+xml</mime-type> 
    </mime-mapping> 
    <mime-mapping> 
     <extension>ttf</extension> 
     <mime-type>application/x-font-ttf</mime-type> 
    </mime-mapping> 
    <mime-mapping> 
     <extension>woff</extension> 
     <mime-type>application/x-font-woff</mime-type> 
    </mime-mapping> 
    <mime-mapping> 
     <extension>woff2</extension> 
     <mime-type>application/x-font-woff2</mime-type> 
    </mime-mapping> 
</web-app>

使用的GlassFish 4.1,Spring Framework的版本4.1.2.RELEASE和春季安全版本3.2.5.RELEASE

我希望每一個答案。這個錯誤已經花了兩天,沒有任何解決方案:(

來源

2015-03-13 Mokuyobi

回答

0

使用Spring網址taglig或JSTL URL標籤庫寫下您的網址。This post是良好的學習春季安全配置

來源

2015-03-13 18:38:30

相關問題

 相關問題