这是我使用Spring Boot和Spring Security的代码。问题是,当我用于注销(使用Thyemleaf)注销不适合我。注销不适用于Spring Boot和Spring Security
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("select username as principal, password as credentials,active from users where username=?")
.authoritiesByUsernameQuery("select username as principal,roles as role from users_roles where username=?")
.rolePrefix("ROLE_")
.passwordEncoder(new Md5PasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/login");
http
.authorizeRequests()
.antMatchers("/index1").permitAll();
http
.authorizeRequests()
.antMatchers("/user").hasRole("USER")
.and()
.logout();
http
.authorizeRequests()
.antMatchers("/adpage").hasRole("ADMIN");
http
.exceptionHandling().accessDeniedPage("/403");
http
.logout().permitAll();
}
}
链接使用Thyemleaf:
<li><a th:href="@{/login?logout}">logout</a></li>
一切正常,除了注销注销用户支持非员额注销,我的意思是会话不会过期,当我点击注销链接,例如我是一个用户,我注册(登录),因此我注销我仍然可以访问用户页面 –
请参阅我的答案http://stackoverflow.com/questions/40885178/logout-是 - 不工作,在弹簧的安全性。你必须使用HTTP'POST'而URL只是'/ logout'。 – dur