2011-07-14 130 views
4

我是春季安全新手。我在春季安全3中創建了一個示例。春季安全3註銷不起作用

我正面臨一個問題。我能夠使用默認的登錄頁面登錄成功,但是當我退出,我成功地重定向到我的loggedout.jsp但是當檢查與改變URL我看到,我還是登錄

春季security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

    <http pattern="/loggedout.jsp" security="none" /> 

    <http auto-config='true'> 
     <intercept-url pattern="/**" access="ROLE_USER" /> 
     <logout logout-success-url="/loggedout.jsp" invalidate-session="true" 
      delete-cookies="JSESSIONID" /> 

     <!-- <remember-me key="myAppKey" /> --> 
     <!-- <session-management invalid-session-url="/timeout.jsp"> 
      <concurrency-control max-sessions="1" 
       error-if-maximum-exceeded="true" /> 
     </session-management> --> 
    </http> 

    <authentication-manager> 
     <authentication-provider> 
      <user-service> 
       <user name="vrajesh" password="vrajesh" 
        authorities="ROLE_USER,ROLE_ADMIN" /> 
       <user name="test" password="test" 
        authorities="ROLE_USER,ROLE_ADMIN" /> 
      </user-service> 
     </authentication-provider> 
    </authentication-manager> 

    <!-- 
     <http pattern="/loggedout.jsp" security="none"/> 
     <http use-expressions="true"> 
      <intercept-url pattern="/**" access="ROLE_USER" /> 
      <form-login /> 
      <logout logout-success-url="/loggedout.jsp" 
       delete-cookies="JSESSIONID"/> 
      <remember-me /> 
      <session-management invalid-session-url="/timeout.jsp"> 
       <concurrency-control max-sessions="1" 
        error-if-maximum-exceeded="true" /> 
      </session-management> 
     </http> 
    --> 

</beans:beans> 

這是每一個頁面上我的退出鏈接:

<p><a href="j_spring_security_logout">Logout</a></p> 

,這是我loggedout.jsp

<p> 
You have been logged out. <a href="<c:url value='/'/>">Start again</a>. 
</p> 

在我的loggedout.jsp,如果我點擊'重新開始'鏈接,它應該顯示登錄頁面,但它不。相反,我登錄了應用程序。

請幫助我,讓我知道我是否缺少任何東西。

+0

請修復您發佈的HTML,並澄清您正在運行的實際配置文件。另請說明「重新開始」導致的鏈接。你有沒有啓用DEBUG日誌? –

+1

您是否確認您仍然登錄到應用程序,而不只是看到該頁面的瀏覽器緩存版本? – atrain

回答

0

我引用j_spring_security_logout時有問題,所以我這樣做:

1.-在spring-security.xml加入部分:

<logout logout-url="/logout.html"/> 

2.-在我的控制器我只有:

@RequestMapping(value = "logout.html", method = RequestMethod.GET) 
    public String logout(ModelMap model, HttpServletRequest request) { 
     return "loginform"; 
    } 

3.-在我.JSP

<a href="${pageContext.request.contextPath}/logout.html"><fmt:message key="text.exit" /></a> 

它完美的作品:)

您可以檢查額外註銷配置here

4

每個網頁上登出的鏈接應該是:

<p><a href="/j_spring_security_logout">Logout</a></p>