這是我使用Spring Boot和Spring Security的代碼。問題是,當我用於註銷(使用Thyemleaf)註銷不適合我。註銷不適用於Spring Boot和Spring Security
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("select username as principal, password as credentials,active from users where username=?")
.authoritiesByUsernameQuery("select username as principal,roles as role from users_roles where username=?")
.rolePrefix("ROLE_")
.passwordEncoder(new Md5PasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/login");
http
.authorizeRequests()
.antMatchers("/index1").permitAll();
http
.authorizeRequests()
.antMatchers("/user").hasRole("USER")
.and()
.logout();
http
.authorizeRequests()
.antMatchers("/adpage").hasRole("ADMIN");
http
.exceptionHandling().accessDeniedPage("/403");
http
.logout().permitAll();
}
}
鏈接使用Thyemleaf:
<li><a th:href="@{/login?logout}">logout</a></li>
一切正常,除了註銷註銷用戶支持非員額註銷,我的意思是會話不會過期,當我點擊註銷鏈接,例如我是一個用戶,我註冊(登錄),因此我註銷我仍然可以訪問用戶頁面 –
請參閱我的答案http://stackoverflow.com/questions/40885178/logout-是 - 不工作,在彈簧的安全性。你必須使用HTTP'POST'而URL只是'/ logout'。 – dur