Oauth2 客户端注销不起作用 [英] Oauth2 client logout doesn't work
问题描述
我尝试使用这里描述的方法 https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout :
I try to use the approach, described here https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout :
所以我有以下后端代码库:
@EnableAutoConfiguration
@Configuration
@EnableOAuth2Sso
@Controller
public class ClientApplication extends WebSecurityConfigurerAdapter {
private Logger logger = LoggerFactory.getLogger(ClientApplication.class);
@RequestMapping("/hello")
public String home(Principal user, HttpServletRequest request, HttpServletResponse response, Model model) throws ServletException {
model.addAttribute("name", user.getName());
return "hello";
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.antMatcher("/**")
.authorizeRequests()
.antMatchers( "/login**", "/webjars/**", "/error**").permitAll()
.anyRequest()
.authenticated()
.and().logout().logoutSuccessUrl("/").permitAll()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
// @formatter:on
}
public static void main(String[] args) {
new SpringApplicationBuilder(ClientApplication.class)
.properties("spring.config.name=application").run(args);
}
}
和以下前端:
js:
<script type="text/javascript">
$.ajaxSetup({
beforeSend: function (xhr, settings) {
if (settings.type == 'POST' || settings.type == 'PUT'
|| settings.type == 'DELETE') {
if (!(/^http:.*/.test(settings.url) || /^https:.*/
.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-XSRF-TOKEN",
Cookies.get('XSRF-TOKEN'));
}
}
}
});
var logout = function () {
$.post("/client/logout", function () {
$("#user").html('');
$(".unauthenticated").show();
$(".authenticated").hide();
});
return true;
};
$(function() {
$("#logoutButton").on("click", function () {
logout();
});
});
</script>
和 html:
<input type="button" id="logoutButton" value="Logout"/>
但它不起作用.行为如下:
But it doesn't work. Behaviour the following:
成功登录应用程序后,我点击注销按钮它触发 POSThttp://localhost:9999/client/logout
http://localhost:9999/client/logout
重定向到 http://localhost:9999/client
但此页面不存在.然后我访问 localhost:8080/client/hello
- 我看到安全页面
After successfull login in application I click to the logout button
It fires the POSThttp://localhost:9999/client/logout
http://localhost:9999/client/logout
redirects to the http://localhost:9999/client
but this page doesn't exist. It then I access localhost:8080/client/hello
- I see secured page
/client
是应用程序上下文:
application.yml
片段:
server:
servlet:
context-path: /client
gitub 上的源代码:
客户端 - https://github.com/gredwhite/logour_social-auth-client(使用 localhost:9999/client/hello
url)
服务器 - https://github.com/gredwhite/logout_social-auth-server
推荐答案
注销端点应该是 /logout
而不是 /client/logout
.
The logout endpoint should be /logout
instead of /client/logout
.
这篇关于Oauth2 客户端注销不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!