Spring Security Java配置不生成注销url [英] Spring Security Java Config not generating logout url
问题描述
我使用Spring 4.0.5.RELEASE 和Spring Security 3.2.4 。
尝试使用java config(基于Spring示例)创建一个简单的示例应用程序。应用程序启动并且身份验证正常工作,即访问受保护的网址 / settings / profile 时重定向到登录表单
但是没有生成 / logout 网址?如果我打localhost:8080 / logout我得到一个404。
我在以前的项目中使用过类似的代码,所以也许有版本? p>
保存我的安全配置
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)throws Exception {
auth.inMemoryAuthentication()。withUser(user)。 password(password)。roles(USER);
auth.inMemoryAuthentication()。withUser(admin)。password(password)。roles(ADMIN);
}
@Override
protected void configure(HttpSecurity http)throws Exception {
http.authorizeRequests()
.antMatchers(/ settings / * *)。hasRole(ROLE_ADMIN)
.and()
.formLogin()
.and()
.logout()
.deleteCookies删除)
.invalidateHttpSession(true)
.logoutUrl(/ logout)
.logoutSuccessUrl(/ logout-success)
.permitAll
}
}
这是我的WebAppInitializer引导应用程序
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?> [] getRootConfigClasses (){
return new Class<?> [] {SecurityConfig.class,MvcConfig.class};
}
@Override
protected Class<?> [] getServletConfigClasses(){
return null;
}
@Override
protected String [] getServletMappings(){
return new String [] {/};
}
}
最后我的MvcConfig
@EnableWebMvc
@Configuration
@ComponentScan(basePackages = {web})
public class MvcConfig extends WebMvcConfigurerAdapter {
@Bean
public ViewResolver viewResolver(){
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix(/ WEB-INF / views);
viewResolver.setSuffix(。jsp);
return viewResolver;
}
}
默认POST请求是注销url所必需的。要在GET请求上注销,您需要:
http
.logout()
.logoutRequestMatcher AntPathRequestMatcher(/ logout));
请参阅文档: http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/ (第6.5.3节。注销)
I am using Spring 4.0.5.RELEASE and Spring Security 3.2.4.
I am trying to create a simple sample app using java config (based on the Spring samples). The app starts up and the authentication works correctly, that is, I am redirected to a login form when accessing protected url /settings/profile
However there is no /logout url generated? if I hit localhost:8080/logout I get a 404.
I've used similar code on a previous project, so maybe has something to do with versions?
Heres my Security Config
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("password").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/settings/**").hasRole("ROLE_ADMIN")
.and()
.formLogin()
.and()
.logout()
.deleteCookies("remove")
.invalidateHttpSession(true)
.logoutUrl("/logout")
.logoutSuccessUrl("/logout-success")
.permitAll();
}
}
Here is my WebAppInitializer to bootstrap the app
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[] { SecurityConfig.class , MvcConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] {"/"};
}
}
and finally my MvcConfig
@EnableWebMvc
@Configuration
@ComponentScan(basePackages = {"web"})
public class MvcConfig extends WebMvcConfigurerAdapter {
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/views");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
}
By default POST request is required to the logout url. To perform logout on GET request you need:
http
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
See the Docs: http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/ (section 6.5.3. Logging Out)
这篇关于Spring Security Java配置不生成注销url的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!