使用Java配置通过Spring Security注销 [英] Logout with Spring Security with Java configuration
问题描述
我正在将Spring Security 4.0.2.RELEASE与Spring 4.2.0.RELEASE一起使用.
我无法创建注销链接(我必须将href属性的值设置为什么).
考虑:
使用 WebApplicationInitializer 在Java中配置 DelegatingFilterProxy :
public class SecurityWebInitializer
extends AbstractSecurityWebApplicationInitializer {
}
简单的配置类,为Spring MVC启用Web安全性
@Configuration
@EnableWebSecurity
public class SecurityConfig
extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().and()
.authorizeRequests()
.antMatchers("/spitter/").authenticated()
.antMatchers(HttpMethod.GET, "/spitter/register").authenticated().and()
.logout().deleteCookies("remove")
.invalidateHttpSession(true).logoutUrl("/logout")
.logoutSuccessUrl("/");
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password")
.roles("USER").and().withUser("admin").password("password")
.roles("USER", "ADMIN");
}
}
控制器:
@Controller
@RequestMapping(value = "/spitter")
public class SpittrController {
private SpittleRepository spittleRepository;
@Autowired
public SpittrController(SpittleRepository spittleRepository) {
this.spittleRepository = spittleRepository;
}
@RequestMapping(value = "/register", method = RequestMethod.GET)
public String showRegistrationForm() {
return "registerForm";
}
@RequestMapping(value = "/register", method = RequestMethod.POST)
public String processingRegistration(@Valid Spitter spitter, Errors errors) {
if (errors.hasErrors()) {
return "registerForm";
}
spittleRepository.save(spitter);
return "redirect:/spitter/" + spitter.getUserName();
}
@RequestMapping(value = "/{username}", method = RequestMethod.GET)
public String showSpitterProfile(@PathVariable("username") String username,
Model model) {
Spitter spitter = spittleRepository.findByUsername(username);
if(spitter != null){
model.addAttribute(spitter);
}
return "profile";
}
}
registerForm.jsp:
<form method="post">
<table>
<tr>
<td>First Name:</td>
<td><input type="text" name="firstName" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type="text" name="lastName" /></td>
</tr>
<tr>
<td>User Name:</td>
<td><input type="text" name="userName" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input type="submit" value="Register" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}">
</form>
提交 registerForm.jsp 后,向用户显示 profile.jsp :>
profile.jsp:
<body>
<h1>Hello world!</h1>
<p>The time on the server is ${serverTime}.</p>
<h1>Your Profile</h1>
<h1><a href="/logout">Logout</a></h1>
<table>
<tr>
<td>First Name:</td>
<td><c:out value="${spitter.firstName}" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><c:out value="${spitter.lastName}" /></td>
</tr>
<tr>
<td>User Name:</td>
<td><c:out value="${spitter.userName}" /></td>
</tr>
</table>
</body>
当我点击
我被重定向到登录页面.登录并提交表单后,显示 profile.jsp ,其中包括了 注销 链接.点击后,会出现 HTTP 404 .
我已经阅读了 Spring Security文档,但是他们已经考虑了 百里香叶 .我的页面很简单.
此外,我还考虑了这一点,
默认情况下,登出URL要求POST请求.去表演 注销您需要的GET请求:
http .登出() .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
1 : http://docs.spring.io/spring -security/site/docs/3.2.x/guides/hellomvc.html
有什么建议吗?
将profile.jsp中的代码更新为
<h1><a href="#" onclick="javascript:logoutForm.submit();">logout</a></h1>
<c:url var="logoutUrl" value="/logout" />
<form action="${logoutUrl}" method="post" id="logoutForm">
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
</form>
I am using Spring Security 4.0.2.RELEASE with Spring 4.2.0.RELEASE.
I am unable to create a logout link (I maen what must be the value of the href attribute).
Consider :
Configuring DelegatingFilterProxy in Java with WebApplicationInitializer:
public class SecurityWebInitializer
extends AbstractSecurityWebApplicationInitializer {
}
Simple configuration class to enable web security for Spring MVC
@Configuration
@EnableWebSecurity
public class SecurityConfig
extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().and()
.authorizeRequests()
.antMatchers("/spitter/").authenticated()
.antMatchers(HttpMethod.GET, "/spitter/register").authenticated().and()
.logout().deleteCookies("remove")
.invalidateHttpSession(true).logoutUrl("/logout")
.logoutSuccessUrl("/");
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password")
.roles("USER").and().withUser("admin").password("password")
.roles("USER", "ADMIN");
}
}
Controller:
@Controller
@RequestMapping(value = "/spitter")
public class SpittrController {
private SpittleRepository spittleRepository;
@Autowired
public SpittrController(SpittleRepository spittleRepository) {
this.spittleRepository = spittleRepository;
}
@RequestMapping(value = "/register", method = RequestMethod.GET)
public String showRegistrationForm() {
return "registerForm";
}
@RequestMapping(value = "/register", method = RequestMethod.POST)
public String processingRegistration(@Valid Spitter spitter, Errors errors) {
if (errors.hasErrors()) {
return "registerForm";
}
spittleRepository.save(spitter);
return "redirect:/spitter/" + spitter.getUserName();
}
@RequestMapping(value = "/{username}", method = RequestMethod.GET)
public String showSpitterProfile(@PathVariable("username") String username,
Model model) {
Spitter spitter = spittleRepository.findByUsername(username);
if(spitter != null){
model.addAttribute(spitter);
}
return "profile";
}
}
registerForm.jsp:
<form method="post">
<table>
<tr>
<td>First Name:</td>
<td><input type="text" name="firstName" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type="text" name="lastName" /></td>
</tr>
<tr>
<td>User Name:</td>
<td><input type="text" name="userName" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input type="submit" value="Register" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}">
</form>
After submission of registerForm.jsp, the profile.jsp is shown to the user:
profile.jsp:
<body>
<h1>Hello world!</h1>
<p>The time on the server is ${serverTime}.</p>
<h1>Your Profile</h1>
<h1><a href="/logout">Logout</a></h1>
<table>
<tr>
<td>First Name:</td>
<td><c:out value="${spitter.firstName}" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><c:out value="${spitter.lastName}" /></td>
</tr>
<tr>
<td>User Name:</td>
<td><c:out value="${spitter.userName}" /></td>
</tr>
</table>
</body>
When I hit
I am redirected to the login page. After login and submitting the form, the profile.jsp is shown in which I have included a Logout link. On clicking that, HTTP 404 comes up.
I have gone through Spring Security docs, but they have taken thymeleaf into consideration. My is a simple JSP page.
Furthermore, I have also considered taking this into account,
By default POST request is required to the logout url. To perform logout on GET request you need:
http .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
1: http://docs.spring.io/spring-security/site/docs/3.2.x/guides/hellomvc.html
Any suggestions?
Update the your code in profile.jsp as
<h1><a href="#" onclick="javascript:logoutForm.submit();">logout</a></h1>
<c:url var="logoutUrl" value="/logout" />
<form action="${logoutUrl}" method="post" id="logoutForm">
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
</form>
这篇关于使用Java配置通过Spring Security注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!