Java Spring Security:注销时出现 404
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23187109/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring Security: 404 on logout
提问by Thom Wiggers
When I try to access the logout URL of my spring application, I get a 404 error and No mapping found for HTTP Request with URI [/logout] in DispatcherServlet with name 'mvc-dispatcher'in my server log.
当我尝试访问 spring 应用程序的注销 URL 时,出现 404 错误并出现No mapping found for HTTP Request with URI [/logout] in DispatcherServlet with name 'mvc-dispatcher'在我的服务器日志中。
I have already tried Call to j_spring_security_logout not working, Issue with Spring security's logoutand pretty much all of the related results on SO.
我已经尝试过Call to j_spring_security_logout not working,Spring security 的注销问题以及几乎所有关于 SO 的相关结果。
I'm including the complete configuration files as the Spring xml structure isn't quite clear to me yet.
我包括完整的配置文件,因为 Spring xml 结构对我来说还不是很清楚。
My security configuration:
我的安全配置:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http pattern="/resources/**" security="none" />
<http auto-config="true">
<intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/"/>
<logout logout-url="/logout" />
<csrf />
</http>
<global-method-security secured-annotations="enabled" />
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService" />
</authentication-manager>
</beans:beans>
My web.xmlis this:
我的web.xml是这个:
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>XYZ</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/*-config.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
How do I make the logout page work?
如何使注销页面工作?
采纳答案by Rob Winch
If you are using logout with CSRF you must perform a POST. See http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#csrf-logout
如果您使用 CSRF 注销,则必须执行 POST。见http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#csrf-logout
回答by Tom Saleeba
I had the same problem after migrating from Spring 3.2 to 4 but I wanted to logout using a link on the view.
从 Spring 3.2 迁移到 4 后,我遇到了同样的问题,但我想使用视图上的链接注销。
The Spring doco (http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#csrf-include-csrf-token-form) explains how to do it in the view.
Spring doco ( http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#csrf-include-csrf-token-form) 解释了如何在视图中执行此操作。
I used this snippet in the JSP to do the logout:
我在 JSP 中使用了这个片段来进行注销:
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<form:form action="${pageContext.request.contextPath}/logout" method="POST">
<input type="submit" value="Logout" />
</form:form>
回答by gdrt
In order to solve this, it's usually required to convert a logout link into a POST form button with hidden CSRF token, which can be achieved by:
为了解决这个问题,通常需要将注销链接转换为带有隐藏CSRF令牌的POST表单按钮,可以通过以下方式实现:
<a href="#" onclick="document.getElementById('logout-form').submit();"> Logout </a>
<form id="logout-form" action="<c:url value="/logout"/>" method="post">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>
