spring 调用 j_spring_security_logout 不起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11050840/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Call to j_spring_security_logout not working
提问by carcaret
I'm trying to setup the logut of my application with j_spring_security_logout but for some reason it's not working, I keep getting a 404 error.
我正在尝试使用 j_spring_security_logout 设置我的应用程序的注销,但由于某种原因它不起作用,我不断收到 404 错误。
I'm calling the function like this:
我这样调用函数:
<a href="<c:url value="/j_spring_security_logout"/>"><img border="0" id="logout" src="./img/logout.png" /></a>
<a href="<c:url value="/j_spring_security_logout"/>"><img border="0" id="logout" src="./img/logout.png" /></a>
I have in WebContent/jsp/ my application main page, and the login and logout pages are in WebContent/login/.
我的应用程序主页在 WebContent/jsp/ 中,登录和注销页面在 WebContent/login/ 中。
I've also checked this other post Problem with Spring security's logoutbut the solution given there is not working for me.
我还检查了另一个帖子Spring security 的注销问题,但给出的解决方案对我不起作用。
Here you can see my web.xml
在这里你可以看到我的 web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
And here my spring-security.xml
这里是我的 spring-security.xml
<http auto-config="true">
<intercept-url pattern="/*" access="ROLE_USER" />
<form-login login-page="/login/login.jsp"
authentication-failure-url="/login/errorLogin.jsp"/>
<logout logout-success-url="/" logout-url="/login/logout.jsp" />
</http>
<beans:bean id="myAuthenticationProvider"
class="myapp.web.authentication.WSAuthenticationProvider">
</beans:bean>
<authentication-manager>
<authentication-provider ref="myAuthenticationProvider"/>
</authentication-manager>
Thanks in advance.
提前致谢。
回答by Ravi Kadaboina
the logout-url refers to a virtual URL, you need not have any resource by that name. You can do either this:
logout-url 指的是虚拟 URL,您不需要具有该名称的任何资源。你可以这样做:
<logout logout-success-url="/" logout-url="/j_spring_security_logout" />
and the link on your page like this
和你页面上的链接像这样
<c:url value="/j_spring_security_logout" var="logoutUrl" />
<a href="${logoutUrl}">Log Out</a>
OR this:
或这个:
<logout logout-success-url="/" logout-url="/logout" />
and the link as follows:
和链接如下:
<c:url value="/logout" var="logoutUrl" />
<a href="${logoutUrl}">Log Out</a>
You were mixing both thats why you were getting 404 error.
您混合了这两种情况,这就是您收到 404 错误的原因。
回答by Jason Hao
check whether csrf is enabled. If csrf enabled, need to use post method to logout, add csrf token as hidden field. then use JavaScript to post the form to logout
检查 csrf 是否启用。如果启用了 csrf,需要使用 post 方法注销,添加 csrf token 作为隐藏字段。然后使用 JavaScript 将表单发布到注销
回答by vimal krishna
With spring security 4Logout has to be done through form button. CSRF token has to be submitted along. j_spring_security_logoutdoes not work any longer. After spending one day i got following to be working.
Step 1:In your JSP page
使用spring security 4注销必须通过表单按钮完成。CSRF 令牌必须一起提交。j_spring_security_logout不再起作用。花了一天后,我开始工作。
第 1 步:在您的 JSP 页面中
<c:url var="logoutUrl" value="/logout"/>
<form action="${logoutUrl}" method="post">
<input type="submit" value="Logout"/>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>
Step 2
第2步
<security:http use-expressions="true">
<security:form-login login-page="/login" authentication-failure-url="/login?error=true" />
<security:logout logout-success-url="/login" invalidate-session="true" logout-url="/logout" />
</security:http>
Step 3In your login controller
第 3 步在您的登录控制器中
//Logout mapping
@RequestMapping("/logout")
public String showLoggedout(){
return "logout";
}
Step 4You must have one logout.jsp
步骤 4你必须有一个 logout.jsp
Important to see that it will land onto login page after logout.
重要的是要看到它会在注销后登陆登录页面。
<security:form-login login-page="/login" authentication-failure-url="/login?error=true" />
So this login page must be there with corresponding mappping to login.jsp or whatever to map in your controller.
因此,此登录页面必须与 login.jsp 或要映射到控制器中的任何内容对应的映射存在。
回答by Dwight Theodis Taylor
also heres what your controller should look like
也继承人你的控制器应该是什么样子
@RequestMapping("/logout")
public String logoutUrl(){
return "logout";
}
回答by torikraju
first set security-context.xml the following code...
首先设置 security-context.xml 以下代码...
<security:logout logout-success-url="/"
invalidate-session="true" />
then add this code to your jsp file..
然后将此代码添加到您的jsp文件中..
<script>
function formSubmit() {
document.getElementById("logoutForm").submit();
}
</script>
<c:url var="logoutUrl" value="/logout" />
<a href="javascript:formSubmit()"> Logout</a>
</li>
<form action="${logoutUrl}" method="post" id="logoutForm">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
回答by Krystian
In JAVA-BASED Spring MVC config, you have to configure it in your security config class:
在基于 JAVA 的 Spring MVC 配置中,您必须在安全配置类中配置它:
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.servletApi().rolePrefix("");
http
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
}
This answer is doubled from, and is working on my case: Spring Security Java Config not generating logout url
这个答案是翻倍的,并且正在处理我的案例: Spring Security Java Config not generate logout url
