0
我得春季安全配置做我想要的一切,除了成功登录我出去。当我点击我的注销链接时,它会抛出一个404或根据具体配置将我带到登录页面,而无需登录。另外值得注意的是,如果我在登录时进入登录页面,并输入了错误的用户名或密码,我已经注销。这表明拒绝访问正常运行。如果您发现错误或对如何更好地实施我的解决方案有任何建议,请发表评论。谢谢。不能使用Spring Security注销
web.xml中:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
APP-security.xml文件:
<security:http use-expressions="true" auto-config="true">
<security:intercept-url pattern="/app/login" access="permitAll" />
<security:intercept-url pattern="/app/logout" access="permitAll" />
<security:intercept-url pattern="/app/accessdenied" access="permitAll" />
<security:intercept-url pattern="/app/**" access="hasRole('USER')" />
<security:form-login login-page="/app/login" default-target-url="/app" authentication-failure-url="/app/login" />
<security:logout logout-success-url="/app/login" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="d" password="d" authorities="USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
HomeController中:
@RequestMapping(value = "/app/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "login";
}
@RequestMapping(value = "/app/accessdenied", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
model.addAttribute("error", "true");
return "denied";
}
@RequestMapping(value = "/app/logout", method = RequestMethod.GET)
public String logout(ModelMap model, HttpServletRequest request) {
return "logout";
}
在.jsp文件中注销链接:
<form class="form-inline" action="${pageContext.request.contextPath}/app/logout" method="get">
的可能重复[春季安全 - 不能注销(http://stackoverflow.com/questions/13920729/spring-security-cannot-logout) –
不要使用控制器,春天已经安全注销。代替'/应用程序/ logout'使用'/ j_spring_security_logout'和简单除去上你的控制器的方法。 –