我在Spring 4.2.0.RELEASE中使用Spring Security 4.0.2.RELEASE。使用Java配置註銷Spring Security
我無法創建一個註銷鏈接(我maen什麼必須是href屬性的值)。
考慮:
配置的DelegatingFilterProxy在Java中與WebApplicationInitializer:
public class SecurityWebInitializer
extends AbstractSecurityWebApplicationInitializer {
}
簡單的配置類,使網絡安全的Spring MVC
@Configuration
@EnableWebSecurity
public class SecurityConfig
extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().and()
.authorizeRequests()
.antMatchers("/spitter/").authenticated()
.antMatchers(HttpMethod.GET, "/spitter/register").authenticated().and()
.logout().deleteCookies("remove")
.invalidateHttpSession(true).logoutUrl("/logout")
.logoutSuccessUrl("/");
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password")
.roles("USER").and().withUser("admin").password("password")
.roles("USER", "ADMIN");
}
}
控制器:
@Controller
@RequestMapping(value = "/spitter")
public class SpittrController {
private SpittleRepository spittleRepository;
@Autowired
public SpittrController(SpittleRepository spittleRepository) {
this.spittleRepository = spittleRepository;
}
@RequestMapping(value = "/register", method = RequestMethod.GET)
public String showRegistrationForm() {
return "registerForm";
}
@RequestMapping(value = "/register", method = RequestMethod.POST)
public String processingRegistration(@Valid Spitter spitter, Errors errors) {
if (errors.hasErrors()) {
return "registerForm";
}
spittleRepository.save(spitter);
return "redirect:/spitter/" + spitter.getUserName();
}
@RequestMapping(value = "/{username}", method = RequestMethod.GET)
public String showSpitterProfile(@PathVariable("username") String username,
Model model) {
Spitter spitter = spittleRepository.findByUsername(username);
if(spitter != null){
model.addAttribute(spitter);
}
return "profile";
}
}
registerForm.jsp:
<form method="post">
<table>
<tr>
<td>First Name:</td>
<td><input type="text" name="firstName" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type="text" name="lastName" /></td>
</tr>
<tr>
<td>User Name:</td>
<td><input type="text" name="userName" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input type="submit" value="Register" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}">
</form>
提交後registerForm.jsp,所述profile.jsp被示出給用戶:
profile.jsp:
<body>
<h1>Hello world!</h1>
<p>The time on the server is ${serverTime}.</p>
<h1>Your Profile</h1>
<h1><a href="/logout">Logout</a></h1>
<table>
<tr>
<td>First Name:</td>
<td><c:out value="${spitter.firstName}" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><c:out value="${spitter.lastName}" /></td>
</tr>
<tr>
<td>User Name:</td>
<td><c:out value="${spitter.userName}" /></td>
</tr>
</table>
</body>
當我打
我被重定向到登錄頁面。登錄並提交表格後,將顯示profile.jsp,其中包含一個註銷鏈接。在點擊,HTTP 404出現。
我已經通過Spring Security docs走了,但他們已經採取了thymeleaf考慮。我是一個簡單的JSP頁面。
而且,我也認爲考慮到這一點,
默認情況下POST請求需要註銷的URL。要執行的GET請求 註銷您需要:
HTTP .logout() .logoutRequestMatcher(新AntPathRequestMatcher( 「/註銷」));
1: http://docs.spring.io/spring-security/site/docs/3.2.x/guides/hellomvc.html
有什麼建議?
'/ logout'作爲一種形式的URL或行動纔有效。你需要包含'context-root'。使用該URL的標籤爲' '應該這樣做。 –
@Denium:你的意思是web/spitter /註銷。 –
如果'/ web/spitter'是你的應用程序的上下文根,是的,否則不......如上所述,使用URL標籤爲你做。 (同樣在答案中,這基本上是正確的,但包含錯誤的URL)。 –