Oauth2 客户端注销不起作用 [英] Oauth2 client logout doesn't work

问题描述

我尝试使用这里描述的方法 https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout :

I try to use the approach, described here https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout :

所以我有以下后端代码库:

@EnableAutoConfiguration
@Configuration
@EnableOAuth2Sso
@Controller
public class ClientApplication extends WebSecurityConfigurerAdapter {
    private Logger logger = LoggerFactory.getLogger(ClientApplication.class);

    @RequestMapping("/hello")
    public String home(Principal user, HttpServletRequest request, HttpServletResponse response, Model model) throws ServletException {
        model.addAttribute("name", user.getName());
        return "hello";
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http.antMatcher("/**")
                .authorizeRequests()
                .antMatchers( "/login**", "/webjars/**", "/error**").permitAll()
                .anyRequest()
                .authenticated()
                .and().logout().logoutSuccessUrl("/").permitAll()
                .and()
                    .csrf()
                    .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
        // @formatter:on
    }

    public static void main(String[] args) {
        new SpringApplicationBuilder(ClientApplication.class)
                .properties("spring.config.name=application").run(args);
    }
}

和以下前端:

js:

<script type="text/javascript">
        $.ajaxSetup({
            beforeSend: function (xhr, settings) {
                if (settings.type == 'POST' || settings.type == 'PUT'
                    || settings.type == 'DELETE') {
                    if (!(/^http:.*/.test(settings.url) || /^https:.*/
                            .test(settings.url))) {
                        // Only send the token to relative URLs i.e. locally.
                        xhr.setRequestHeader("X-XSRF-TOKEN",
                            Cookies.get('XSRF-TOKEN'));
                    }
                }
            }
        });
        var logout = function () {
            $.post("/client/logout", function () {
                $("#user").html('');
                $(".unauthenticated").show();
                $(".authenticated").hide();
            });
            return true;
        };
        $(function() {
            $("#logoutButton").on("click", function () {
                logout();
            });
        });

    </script>

和 html:

<input type="button" id="logoutButton" value="Logout"/>

但它不起作用.行为如下:

But it doesn't work. Behaviour the following:

成功登录应用程序后，我点击注销按钮它触发 POSThttp://localhost:9999/client/logout
http://localhost:9999/client/logout 重定向到 http://localhost:9999/client 但此页面不存在.然后我访问 localhost:8080/client/hello - 我看到安全页面

After successfull login in application I click to the logout button It fires the POSThttp://localhost:9999/client/logout
http://localhost:9999/client/logout redirects to the http://localhost:9999/client but this page doesn't exist. It then I access localhost:8080/client/hello - I see secured page

/client 是应用程序上下文:

application.yml 片段:

server:
  servlet:
    context-path: /client

gitub 上的源代码:
客户端 - https://github.com/gredwhite/logour_social-auth-client(使用 localhost:9999/client/hello url)
服务器 - https://github.com/gredwhite/logout_social-auth-server

推荐答案

注销端点应该是 /logout 而不是 /client/logout.

The logout endpoint should be /logout instead of /client/logout.

这篇关于Oauth2 客户端注销不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！