Spring Security Java Config 不生成注销 url
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24108585/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring Security Java Config not generating logout url
提问by Ayub Malik
I am using Spring 4.0.5.RELEASEand Spring Security 3.2.4.
我正在使用 Spring 4.0.5.RELEASE和 Spring Security 3.2.4。
I am trying to create a simple sample app using java config (based on the Spring samples). The app starts up and the authentication works correctly, that is, I am redirected to a login form when accessing protected url /settings/profile
我正在尝试使用 java 配置(基于 Spring 示例)创建一个简单的示例应用程序。应用程序启动并且身份验证正常工作,也就是说,我在访问受保护的 url /settings/profile时被重定向到登录表单
However there is no /logouturl generated? if I hit localhost:8080/logout I get a 404.
但是没有生成/logouturl?如果我点击 localhost:8080/logout 我得到一个 404。
I've used similar code on a previous project, so maybe has something to do with versions?
我在以前的项目中使用过类似的代码,所以可能与版本有关?
Heres my Security Config
这是我的安全配置
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("password").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/settings/**").hasRole("ROLE_ADMIN")
.and()
.formLogin()
.and()
.logout()
.deleteCookies("remove")
.invalidateHttpSession(true)
.logoutUrl("/logout")
.logoutSuccessUrl("/logout-success")
.permitAll();
}
}
Here is my WebAppInitializer to bootstrap the app
这是我的 WebAppInitializer 来引导应用程序
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[] { SecurityConfig.class , MvcConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] {"/"};
}
}
and finally my MvcConfig
最后是我的 MvcConfig
@EnableWebMvc
@Configuration
@ComponentScan(basePackages = {"web"})
public class MvcConfig extends WebMvcConfigurerAdapter {
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/views");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
}
采纳答案by Evgeni Dimitrov
By default POST request is required to the logout url. To perform logout on GET request you need:
默认情况下,注销 url 需要 POST 请求。要对 GET 请求执行注销,您需要:
http
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
Or if you want to support PUTor other method, pass this as a parameter:
或者,如果您想支持PUT或其他方法,请将其作为参数传递:
http
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "PUT"));
See the Docs: http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/(section 6.5.3. Logging Out)
请参阅文档:http: //docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/(第 6.5.3 节。注销)
