我是春季安全新手。我在春季安全3中創建了一個示例。春季安全3註銷不起作用
我正面臨一個問題。我能夠使用默認的登錄頁面登錄成功,但是當我退出,我成功地重定向到我的loggedout.jsp但是當檢查與改變URL我看到,我還是登錄
春季security.xml
:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/loggedout.jsp" security="none" />
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
<logout logout-success-url="/loggedout.jsp" invalidate-session="true"
delete-cookies="JSESSIONID" />
<!-- <remember-me key="myAppKey" /> -->
<!-- <session-management invalid-session-url="/timeout.jsp">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="true" />
</session-management> -->
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="vrajesh" password="vrajesh"
authorities="ROLE_USER,ROLE_ADMIN" />
<user name="test" password="test"
authorities="ROLE_USER,ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
<!--
<http pattern="/loggedout.jsp" security="none"/>
<http use-expressions="true">
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login />
<logout logout-success-url="/loggedout.jsp"
delete-cookies="JSESSIONID"/>
<remember-me />
<session-management invalid-session-url="/timeout.jsp">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="true" />
</session-management>
</http>
-->
</beans:beans>
這是每一個頁面上我的退出鏈接:
<p><a href="j_spring_security_logout">Logout</a></p>
,這是我loggedout.jsp
:
<p>
You have been logged out. <a href="<c:url value='/'/>">Start again</a>.
</p>
在我的loggedout.jsp
,如果我點擊'重新開始'鏈接,它應該顯示登錄頁面,但它不。相反,我登錄了應用程序。
請幫助我,讓我知道我是否缺少任何東西。
請修復您發佈的HTML,並澄清您正在運行的實際配置文件。另請說明「重新開始」導致的鏈接。你有沒有啓用DEBUG日誌? –
您是否確認您仍然登錄到應用程序,而不只是看到該頁面的瀏覽器緩存版本? – atrain