我正在开发一个利用Spring Security进行授权的Spring Boot应用程序。现在,当我迁移到Spring Boot 2.0时,我注意到服务器已停止检测注销请求。
这是我的安全配置:
@Configuration
@EnableWebSecurity
@EnableResourceServer
public class ResourceServerConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public MyLogoutSuccessHandler myLogoutSuccessHandler() {
return new MyLogoutSuccessHandler();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic();
http.cors().and().csrf().disable();
http.authorizeRequests().antMatchers("/login", "/logout").permitAll().anyRequest()
.authenticated();
http.logout().logoutUrl("/logout").permitAll().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessHandler(myLogoutSuccessHandler());
}
在我向/ logout发送POST请求后-我收到代码302的响应转发到/ login?logout。
您知道问题出在哪里吗?