gpt4 book ai didi

java - spring security logout 没有达到 success-handler-ref

转载 作者:行者123 更新时间:2023-11-30 08:47:53 26 4
gpt4 key购买 nike

我使用 spring 4.1.6.RELEASE 和 spring-security 4.0.1.RELEASE我有以下配置

<http auto-config="false" entry-point-ref="customAuthenticationEntryPoint"  create-session="ifRequired" >
<intercept-url pattern="/**" access="hasAuthority('Admin')" />
<custom-filter before="BASIC_AUTH_FILTER" ref="loginTokenFilter" />
<logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
<access-denied-handler error-page="/noaccess.html"/>
<headers>
<frame-options policy="SAMEORIGIN" />
</headers>
</http>

我的注销成功处理程序是

@Component("logoutSuccessHandler")
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {

private static final Logger logger = LoggerFactory.getLogger(MyLogoutSuccessHandler.class);

private final MyRedirectHandler redirectHandler;

@Autowired
public MyLogoutSuccessHandler(
MyRedirectHandler redirectHandler) {
this.redirectHandler = redirectHandler;
}


@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
if (response.isCommitted()) {
logger.debug("Won't redirect");
return;
}

redirectHandler.redirectToLogin(request, response, true);
}
}

登录工作正常,但注销不是。我在 MyLogoutSuccessHandler.onLogoutSuccess() 中设置了一个断点并调用http://localhost:8080/myapp/logout从浏览器。未调用成功处理程序。

我做错了什么吗?我应该为“/注销”路径提供特定的@RequestMapping 吗?

在 web.xml 中我有以下内容

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

最佳答案

默认情况下,Spring 安全性启用 CSRF,注销必须是 POST 请求,因为它需要一个 csrf token 。检查Spring CSRF documentation ..另一个类似SO question

如果你希望注销与 GET 请求一起工作,你可以在你的配置中像这样关闭 CSRF..

<http auto-config="false">
<csrf disabled="true"/>

如果你不想关闭 CSRF,你必须像这样 POST 注销

<c:url var="logoutUrl" value="/logout"/>
<form action="${logoutUrl}" method="post">
<input type="submit" value="Log out" />
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>

关于java - spring security logout 没有达到 success-handler-ref,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32220879/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com