spring 安全/注销不工作跨源请求 [英] spring security /logout not working cross origin requests
问题描述
我的 AngularJS 应用程序有一个登录和注销按钮.登录按钮工作正常,以及发送到我后端的所有其他请求.
My AngularJS application has a login and logout button. The login button works fine and also all other requests that are send to my backend.
当我尝试注销时出现问题.
The problem occurs when I try to logout.
我收到以下错误.
XMLHttpRequest 无法加载 http://localhost:8081/logout.请求被
重定向到'http://localhost:8081/login?logout',这对于
需要预检的跨域请求是不允许的.
这是我的代码:
'use strict';
angular.module('emifEkolFinderApp').controller('logoutController', ['$scope', 'CONFIGURATION', 'AccessToken', '$http', '$location', function ($scope, CONFIGURATION, AccessToken, $http, $location) {
$scope.logout = function () {
var userUrl = 'http://' + CONFIGURATION.OAUTH_SERVER_IP_AND_PORT + '/logout';
var data = AccessToken.set().access_token;
$http.post(userUrl,JSON.stringify("{}")).then(function (successCallback) {
AccessToken.destroy();
console.log("Revokin'");
$location.path("/");
}, function (errorCallback) {
console.log(errorCallback);
});
};
}]);
Spring 安全配置:
Spring security config:
@Configuration
public class ServerSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private AuthenticationManager authenticationManager;
@Override
protected void configure(final AuthenticationManagerBuilder auth)
throws Exception {
auth.parentAuthenticationManager(authenticationManager).userDetailsService(userDetailsService);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/logout").permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable()
.formLogin()
.loginPage("/login").permitAll()
.and()
.httpBasic()
.and()
.logout()
.permitAll()
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
}
}
我的 CORS 过滤器:
my CORS filter:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, HEAD");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, cache-control, content-type, Origin, key");
response.setHeader("Content-Type", "*");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
filterChain.doFilter(request, response);
}
}
}
我在这里的黑暗中真的很感动.非常感谢您的帮助.
I am really touching in the dark here. Help would be much appreciated.
推荐答案
我认为您的问题与注销后的重定向有关,请尝试通过实现 LogoutSuccessHandler 来关闭此重定向,例如问题:Spring 安全 - 禁用注销重定向
I think your problem is this related with the redirect after logout, try turn off this redirect by implementing a LogoutSuccessHandler, like the question: Spring security - Disable logout redirect
http.logout().logoutSuccessHandler((new HttpStatusReturningLogoutSuccessHandler (HttpStatus.OK)));
这篇关于spring 安全/注销不工作跨源请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!