Spring Security注销不会破坏Web片段中定义的SESSION IS

Question

我正在使用Spring安全性来保护我的其余API。以下是我的配置;

弹簧secutiry.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:security="http://www.springframework.org/schema/security"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    <security:http auto-config="true">
        <!-- Authentication Type and Intercepter Configurations -->
        <security:http-basic />
        <security:intercept-url pattern="/**" />
        <security:anonymous enabled="false" />

        <security:session-management invalid-session-url="/">
            <security:concurrency-control max-sessions="1" />
        </security:session-management>
        <security:logout logout-url="/signOff" invalidate-session="true" 
            delete-cookies="JSESSIONID" logout-success-url="/" />
    </security:http>

    <bean id="myAuthenticationProvider" 
    class="com.myauthenticator.spring.secutiry.MyAuthenticationProvider" />
    <security:authentication-manager>
        <security:authentication-provider ref="myAuthenticationProvider" />
    </security:authentication-manager>
</beans>

自定义注销没有此类实现。我期待Spring拦截对/signOff的调用并销毁令牌并将我重定向到/，因为logout-success-url 中的配置应该再次挑战BASIC身份验证但是它的加载我的主页。

似乎我的弹簧配置不正确，即并非所有调用都被Spring过滤器截获。我在我的web.xml中有以下配置，以优先考虑我的网页片段，其中包含我的Spring Security Filter;

的web.xml

<absolute-ordering> 
    <name>MyAuthenticator</name> 
    <others/> 
</absolute-ordering> 

注意：我的过滤器和自定义身份验证是作为Web片段实现的，如下所示;

网络-fragement.xml

    <web-fragment
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns="http://java.sun.com/xml/ns/javaee"
        xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
        xmlns:webfragment="http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"
        id="T24Authenticator" version="3.0">
    <display-name>T24 Authentication Provider</display-name>
    <name>MyAuthenticator</name>

    <!-- Spring Security --> 
    <filter> 
        <filter-name>springSecurityFilterChain</filter-name>   
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter>
    <filter-mapping> 
        <filter-name>springSecurityFilterChain</filter-name> 
        <url-pattern>/*</url-pattern> 
    </filter-mapping>
.....

我认为我的配置有问题！但我无法发现它，任何人都可以吗？