Spring安全会话毁灭

时间:2015-09-23 18:16:32

标签: spring security session cookies jsessionid

在注销后,有人可以为会话销毁提供spring安全命名空间配置吗?它似乎我的工作,我不知道为什么。

弹簧security.xml文件

<security:global-method-security
    secured-annotations="enabled" />
<security:http auto-config="true" use-expressions="true">
    <security:csrf disabled="true" />
    <security:intercept-url pattern="/selectRolePage"
        access="hasAnyRole('ROLE_AUTHOR','ROLE_ADMIN','ROLE_EDITOR',
        'ROLE_EDITOR_IN_CHIEF','ROLE_REVIEWER','ROLE_PROOFREADER','ROLE_TECHNICAL_EDITOR')" />
    <security:intercept-url pattern="/author"
        access="hasRole('ROLE_AUTHOR')" />
    <security:intercept-url pattern="/editor"
        access="hasRole('ROLE_EDITOR')" />
    <security:intercept-url pattern="/editorinchief"
        access="hasRole('ROLE_EDITOR_IN_CHIEF')" />
    <security:intercept-url pattern="/reviewer"
        access="hasRole('ROLE_REVIEWER')" />
    <security:intercept-url pattern="/proofreader"
        access="hasRole('ROLE_PROOFREADER')" />
    <security:intercept-url pattern="/admin"
        access="hasRole('ROLE_ADMIN')" />
    <security:intercept-url pattern="/technicaleditor"
        access="hasRole('ROLE_TECHNICAL_EDITOR')" />
    <security:form-login login-page="/login-page" login-processing-url="/login"
        default-target-url="/selectRolePage" />
    <security:logout logout-url="/logout" logout-success-url="/login-page" invalidate-session="true" delete-cookies="JSESSIONID" />


</security:http>

<!-- <security:authentication-manager> -->
<!-- <security:authentication-provider> -->
<!-- <security:user-service> -->
<!-- <security:user name="jimi" password="jimispassword" -->
<!-- authorities="ROLE_AUTHOR, ROLE_ADMIN" /> -->
<!-- <security:user name="bob" password="bobspassword" -->
<!-- authorities="ROLE_AUTHOR" /> -->
<!-- <security:user name="hirannor" password="hirannorspassword" -->
<!-- authorities="ROLE_AUTHOR, ROLE_ADMIN, ROLE_EDITOR_IN_CHIEF" /> -->
<!-- </security:user-service> -->
<!-- </security:authentication-provider> -->
<!-- </security:authentication-manager> -->

<security:authentication-manager>
    <security:authentication-provider>
        <security:jdbc-user-service
            data-source-ref="dataSource"
            users-by-username-query="select username,password, enabled from users where username=?"
            authorities-by-username-query="select username, role from user_roles where username =? " />
        <security:password-encoder hash="bcrypt" />
    </security:authentication-provider>
</security:authentication-manager>

<bean id="encoder"
    class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    <constructor-arg name="strength" value="10" />
</bean>


<li><a href="/web/logout" ><i
                            class="fa fa-sign-out fa-fw"></i> Logout</a></li>

它将我重定向到/ web / login-page,但我仍然得到了JSESSIONID

0 个答案:

没有答案
相关问题
最新问题