1
我用彈簧4.1.6.RELEASE和春季安全4.0.1.RELEASE 我有以下的配置春季安全註銷不打成功處理程序,裁判
<http auto-config="false" entry-point-ref="customAuthenticationEntryPoint" create-session="ifRequired" >
<intercept-url pattern="/**" access="hasAuthority('Admin')" />
<custom-filter before="BASIC_AUTH_FILTER" ref="loginTokenFilter" />
<logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
<access-denied-handler error-page="/noaccess.html"/>
<headers>
<frame-options policy="SAMEORIGIN" />
</headers>
</http>
而且我註銷成功處理程序是
@Component("logoutSuccessHandler")
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
private static final Logger logger = LoggerFactory.getLogger(MyLogoutSuccessHandler.class);
private final MyRedirectHandler redirectHandler;
@Autowired
public MyLogoutSuccessHandler(
MyRedirectHandler redirectHandler) {
this.redirectHandler = redirectHandler;
}
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
if (response.isCommitted()) {
logger.debug("Won't redirect");
return;
}
redirectHandler.redirectToLogin(request, response, true);
}
}
登錄正常工作,但註銷不是。我在斷點MyLogoutSuccessHandler.onLogoutSuccess() 並從瀏覽器調用http://localhost:8080/myapp/logout。成功處理程序未被調用。
我做錯了什麼?我應該爲「/ logout」路徑提供特定的@RequestMapping嗎?
在web.xml中我有以下
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
是CSRF上?如果它是... –
CSRF不熟悉,所以不能確定...關於POST,我目前只發送一個GET請求。如果需要POST,POST主體中是否還有任何特定數據? – me1111