spring security在重定向到logout.jsp时发出错误

时间:2016-11-01 20:29:20

标签: java spring jsp spring-security spring-boot

我有

  

ERR_TOO_MANY_REDIRECTS

重定向到logout.jsp页面时出现

异常。我想由于错误的Spring安全配置文件而给出了这个例外,但我不知道它在哪里。如果有人知道,如何解决它,请告诉我。 这是什么意思?我的代码:

spring security config:

MyClass

logout buttom:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                    .antMatchers("/**").access("IS_AUTHENTICATED_ANONYMOUSLY")
                    .antMatchers("/**").access("hasRole('ROLE_USER')")
                    .antMatchers("/login").permitAll()
                    .antMatchers("/register").permitAll()
                    .antMatchers("/logout").permitAll()
                    .antMatchers("/js/**", "/css/**").permitAll()
                    .anyRequest().authenticated()
                    .and()
                .formLogin()
                    .loginPage("/login")
                    .loginProcessingUrl("/j_spring_security_check")
                    .failureForwardUrl("/login?error=true")
                    .permitAll()
                    .and()
                .logout()
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/logout")
                    .permitAll();

    }
}

控制器:

  <div class="navbar navbar-default navbar-fixed-top" role="navigation">
        <div class="container">
            <a class="navbar-brand">Contacts List</a>

            <div class="collapse navbar-collapse">
                <form class="navbar-form navbar-right">
                    <li>
                                <a class="btn btn-primary" role="button" href="logout">Logout</a>
                    </li>
                </form>
            </div>
        </div>
    </div>

and login.jsp:
<html>
    <jsp:include page="headTag.jsp"/>
<body>
<div class="navbar navbar-default navbar-fixed-top" role="navigation">
    <div class="container">
        <div class="navbar-collapse collapse">
            <ul class="nav navbar-nav navbar-right">
                <li>
                    <c:url value="/j_spring_security_check" var="loginUrl"/>
                    <form:form class="navbar-form" role="form" action="${loginUrl}"
                         method="post">
                        <div class="form-group">
                            <label for="username"> Login: </label>
                            <div class="col-sm-3">
                                <input type="text" placeholder="Login" class="form-control" name='username' id="username">
                            </div>
                        </div>
                        <div class="form-group">
                            <label for="password"> Password: </label>
                            <div class="col-sm-3">
                                <input type="password" placeholder="Password" class="form-control" name='password' id="password">
                            </div>
                        </div>
                        <div class="form-group">
                        <button type="submit" class="btn btn-success">Sign in</button>
                        </div>
                    </form:form>
                    <br/>
                    <form class="navbar-form" action="<c:url value="register.jsp" />">
                        <button class="btn btn-sm btn-block btn-primary" role="button">Register</button>
                    </form>
                </li>
                </ul>
            </div>
    </div>
</div>
<div class="jumbotron">
    <div class="container">
        <c:if test="${not empty error}">
            <div class="error">${error}</div>
        </c:if>
        <c:if test="${not empty logout}">
            <div class="message">${logout}</div>
        </c:if>

        <p>
            <br/><br/><br/><br/>
        <p>User login: <b> Bill </b></p>
        <p>User password: <b> 112233 </b></p>

        <p>Стек технологий: <a href="http://projects.spring.io/spring-security/">Spring Security</a>,
            <a href="http://docs.spring.io/spring/docs/current/spring-framework-reference/html/mvc.html">Spring MVC</a>,
            <a href="http://projects.spring.io/spring-data-jpa/">Spring Data JPA</a>,
            <a href="http://spring.io/blog/2014/05/07/preview-spring-security-test-method-security">Spring Security
                Test</a>,
            <a href="http://hibernate.org/orm/">Hibernate ORM</a>,
            <a href="http://hibernate.org/validator/">Hibernate Validator</a>,
            <a href="http://www.slf4j.org/">SLF4J</a>,
            <a href="https://github.com/FasterXML/jackson">Json Jackson</a>,
            <a href="http://ru.wikipedia.org/wiki/JSP">JSP</a>,
            <a href="http://en.wikipedia.org/wiki/JavaServer_Pages_Standard_Tag_Library">JSTL</a>,
            <a href="http://tomcat.apache.org/">Apache Tomcat</a>,
            <a href="http://www.webjars.org/">WebJars</a>,
            <a href="http://datatables.net/">DataTables plugin</a>,
            <a href="http://ehcache.org">Ehcache</a>,
            <a href="http://www.postgresql.org/">PostgreSQL</a>,
            <a href="http://junit.org/">JUnit</a>,
            <a href="http://hamcrest.org/JavaHamcrest/">Hamcrest</a>,
            <a href="http://jquery.com/">jQuery</a>,
            <a href="http://ned.im/noty/">jQuery notification</a>,
            <a href="http://getbootstrap.com/">Bootstrap</a>.</p>
    </div>
</div>
<jsp:include page="footer.jsp"/>
</body>
</html>

谢谢你们。

1 个答案:

答案 0 :(得分:2)

使用请求sed -i '100000,$ d' file.txt 处理注销并在注销成功后重定向到/logout,然后尝试另一次注销。

请参阅LogoutConfigurer#logoutUrl

  

触发注销的URL(默认为“/ logout”)。如果启用了CSRF保护(默认),则该请求也必须是POST。这意味着默认情况下需要POST“/ logout”来触发注销。如果禁用CSRF保护,则允许任何HTTP方法。

LogoutConfigurer#logoutSuccessUrl

  

发生注销后重定向到的URL。

您必须使用两个不同的URL进行处理和成功注销。第一个网址必须不存在,且仅适用于LogoutFilter。第二个必须由您的应用程序实现。

相关问题
最新问题