我已经将Spring Security配置为执行我想要的一切,除非成功登出我。当我单击我的注销链接时,它会抛出404或者将我带到登录页面,而不会根据具体配置将我注销。另外值得注意的是,如果我在登录时进入登录页面并输入错误的用户名或密码,我就会退出。这向我表明拒绝访问是正常的。如果您发现错误或就如何更好地实施我的解决方案提出建议,请发表评论。感谢。
的web.xml:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
APP-security.xml文件:
<security:http use-expressions="true" auto-config="true">
<security:intercept-url pattern="/app/login" access="permitAll" />
<security:intercept-url pattern="/app/logout" access="permitAll" />
<security:intercept-url pattern="/app/accessdenied" access="permitAll" />
<security:intercept-url pattern="/app/**" access="hasRole('USER')" />
<security:form-login login-page="/app/login" default-target-url="/app" authentication-failure-url="/app/login" />
<security:logout logout-success-url="/app/login" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="d" password="d" authorities="USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
HomeController中:
@RequestMapping(value = "/app/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "login";
}
@RequestMapping(value = "/app/accessdenied", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
model.addAttribute("error", "true");
return "denied";
}
@RequestMapping(value = "/app/logout", method = RequestMethod.GET)
public String logout(ModelMap model, HttpServletRequest request) {
return "logout";
}
.jsp文件中的注销链接:
<form class="form-inline" action="${pageContext.request.contextPath}/app/logout" method="get">
答案 0 :(得分:0)
作为@M。 Denium指出,您只需将退出链接指向/j_spring_security_logout。
如果您想要“漂亮”的退出网址,可以使用logout-url security:logout atrribute来过滤/app/logout网址。
<security:logout logout-url="/app/logout" .... />