春季安全記住logut不明確的cookie

（我的英文不太好，但我會盡我所能解釋清楚我的問題。）春季安全記住logut不明確的cookie

我只是想用記住使用Spring Security，所以我遵循Spring Security Reference中提到的步驟。

這裏是我的代碼：

@Configuration 
@EnableWebSecurity 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    UserMapper userMapper; 

    @Autowired 
    RoleMapper roleMapper; 

    @Bean 
    @Override 
    public AuthenticationManager authenticationManagerBean() throws Exception { 
     return super.authenticationManagerBean(); 
    } 

    @Override 
    public void configure(WebSecurity web) throws Exception { 
     web.ignoring().antMatchers("/frame/**", "/img/**", "/css/**"); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.authorizeRequests().antMatchers("/", "/login/**").permitAll() 
       .anyRequest().authenticated().and() 
       .addFilterAt(myUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).exceptionHandling() 
       .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login_page")).and() 
       .addFilterAt(rememberMeAuthenticationFilter(), RememberMeAuthenticationFilter.class) 
       .formLogin().loginPage("/login_page") 
       .loginProcessingUrl("/login").permitAll().and() 
       .logout().logoutUrl("/signout").logoutSuccessUrl("/login_page").permitAll().and() 
       // .rememberMe().key("testallKey").and() 
       .csrf().disable(); 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsServiceImpl()).passwordEncoder(new Md5PasswordEncoder()).and() 
       .authenticationProvider(rememberMeAuthenticationProvider()); 
    } 

    @Bean 
    public UserDetailsServiceImpl userDetailsServiceImpl() { 
     return new UserDetailsServiceImpl(userMapper, roleMapper); 
    } 

    @Bean 
    public MyUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter() throws Exception { 
     MyUsernamePasswordAuthenticationFilter myFilter = new MyUsernamePasswordAuthenticationFilter(); 
     myFilter.setAuthenticationManager(authenticationManagerBean()); 
     myFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler()); 
     myFilter.setAuthenticationFailureHandler(authenticationFailureHandler()); 
     myFilter.setRememberMeServices(tokenBasedRememberMeServices()); 
     return myFilter; 
    } 

    @Bean 
    public AuthenticationSuccessHandler authenticationSuccessHandler() { 
     return new SimpleUrlAuthenticationSuccessHandler("/login/success"); 
    } 

    @Bean 
    public AuthenticationFailureHandler authenticationFailureHandler() { 
     return new SimpleUrlAuthenticationFailureHandler("/login/failure"); 
    } 

    @Bean 
    public TokenBasedRememberMeServices tokenBasedRememberMeServices() { 
     TokenBasedRememberMeServices tbrms = new TokenBasedRememberMeServices("testallKey", userDetailsServiceImpl()); 
     tbrms.setTokenValiditySeconds(60 * 60 * 24 * 2); 
     tbrms.setParameter("rememberMe"); 
     return tbrms; 
    } 

    @Bean 
    public RememberMeAuthenticationProvider rememberMeAuthenticationProvider() { 
     RememberMeAuthenticationProvider rmap = new RememberMeAuthenticationProvider("testallKey"); 
     return rmap; 
    } 

    @Bean 
    public RememberMeAuthenticationFilter rememberMeAuthenticationFilter() throws Exception { 
     RememberMeAuthenticationFilter myFilter = new RememberMeAuthenticationFilter(authenticationManagerBean(), tokenBasedRememberMeServices()); 
     return myFilter; 
    } 

}

記住我是好的，但是當我退出，它沒有自動它應該清除「記住我」的cookie（所以我有。在手動註銷（）後使用deleteCookies（「記住我」）

任何人都可以告訴我爲什麼它不起作用？

而且我發現了另一個apporach，它的工作原理：

如果我使用「.rememberMe（）鍵（」testallKey「）」，而不是增加「rememberMeAuthenticationFilter」和「RememberMeAuthenticationProvider」 ,,這裏是代碼：

@Configuration 
@EnableWebSecurity 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    UserMapper userMapper; 

    @Autowired 
    RoleMapper roleMapper; 

    @Bean 
    @Override 
    public AuthenticationManager authenticationManagerBean() throws Exception { 
     return super.authenticationManagerBean(); 
    } 

    @Override 
    public void configure(WebSecurity web) throws Exception { 
     web.ignoring().antMatchers("/frame/**", "/img/**", "/css/**"); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.authorizeRequests().antMatchers("/", "/login/**").permitAll() 
       .anyRequest().authenticated().and() 
       .addFilterAt(myUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).exceptionHandling() 
       .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login_page")).and() 
       //.addFilterAt(rememberMeAuthenticationFilter(), RememberMeAuthenticationFilter.class) 
       .formLogin().loginPage("/login_page") 
       .loginProcessingUrl("/login").permitAll().and() 
       .logout().logoutUrl("/signout").logoutSuccessUrl("/login_page").permitAll().and() 
       .rememberMe().key("testallKey").and() 
       .csrf().disable(); 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsServiceImpl()).passwordEncoder(new Md5PasswordEncoder()); 
    } 

    @Bean 
    public UserDetailsServiceImpl userDetailsServiceImpl() { 
     return new UserDetailsServiceImpl(userMapper, roleMapper); 
    } 

    @Bean 
    public MyUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter() throws Exception { 
     MyUsernamePasswordAuthenticationFilter myFilter = new MyUsernamePasswordAuthenticationFilter(); 
     myFilter.setAuthenticationManager(authenticationManagerBean()); 
     myFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler()); 
     myFilter.setAuthenticationFailureHandler(authenticationFailureHandler()); 
     myFilter.setRememberMeServices(tokenBasedRememberMeServices()); 
     return myFilter; 
    } 

    @Bean 
    public AuthenticationSuccessHandler authenticationSuccessHandler() { 
     return new SimpleUrlAuthenticationSuccessHandler("/login/success"); 
    } 

    @Bean 
    public AuthenticationFailureHandler authenticationFailureHandler() { 
     return new SimpleUrlAuthenticationFailureHandler("/login/failure"); 
    } 

    @Bean 
    public TokenBasedRememberMeServices tokenBasedRememberMeServices() { 
     TokenBasedRememberMeServices tbrms = new TokenBasedRememberMeServices("testallKey", userDetailsServiceImpl()); 
     tbrms.setTokenValiditySeconds(60 * 60 * 24 * 2); 
     tbrms.setParameter("rememberMe"); 
     return tbrms; 
    } 


}

誰能告訴我這兩種方法有什麼區別嗎？（您也可以指出我的英語語法錯誤☺，謝謝！）

來源

2017-07-14 ansel

你就不能使用.deleteCookies在你的配置者？也看看LogoutConfigurer文檔

http.logout() 
.logoutSuccessUrl("/") 
.logoutUrl("/logout") 
.deleteCookies("JSESSIONID") 
.permitAll();

LogoutConfigurer

來源

2017-07-14 03:37:16 Boldbayar

是的，它炒菜鍋。但是像Spring Security Reference所說的：「TokenBasedRememberMeServices也實現了Spring Security的LogoutHandler接口，因此可以和LogoutFilter一起使用來自動清除cookie。」它應該被自動清除，我想知道爲什麼它沒有。（方法2可以自動清除它） – ansel

春季安全記住logut不明確的cookie

回答

相關問題