我正在使用Spring Security,尝试设置基本的登录\注销功能。登录工作正常,我将用户存储在MySQL数据库中,并且我能够登录,但是我在登出时遇到问题。在主页上我做了一个注销链接,看起来像这样,但当我点击它时,我得到403访问被拒绝,用户没有注销:
<a href="<c:url value="j_spring_security_logout" />" > Logout</a>
这是我的security-context.xml:
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource" />
</security:authentication-provider>
</security:authentication-manager>
<security:http use-expressions="true">
<security:intercept-url pattern="/static/**" access="permitAll" />
<security:intercept-url pattern="/loggedout" access="permitAll" />
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/createoffer" access="isAuthenticated()" />
<security:intercept-url pattern="/docreate" access="isAuthenticated()" />
<security:intercept-url pattern="/offercreated" access="isAuthenticated()" />
<security:intercept-url pattern="/newaccount" access="permitAll" />
<security:intercept-url pattern="/createaccount" access="permitAll" />
<security:intercept-url pattern="/accountcreated" access="permitAll" />
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/offers" access="permitAll" />
<security:intercept-url pattern="/**" access="denyAll" />
<security:logout logout-success-url="/loggedout"/>
<security:form-login login-page="/login"
authentication-failure-url="/login?error=true" />
</security:http>
和/ loggedout映射到基本的.jsp页面,只是说&#34;你已经注销了。&#34;
此外,当我未登录时点击退出链接时,会转到登录页面。
我做错了什么?
答案 0 :(得分:1)
将此添加为<security:http use-expressions="true">部分中的第一条规则:
<security:intercept-url pattern="/j_spring_security_logout" access="permitAll" />
答案 1 :(得分:0)
我刚加了 注销-URL =&#34; / j_spring_security_logout&#34;
到了 安全:注销 它现在应该正常工作..但我认为如果我使用/ j_spring_security_logout作为注销链接,即使没有这个参数它也会工作。答案 2 :(得分:0)
在<security:http use-expressions="true">部分下添加:
<security:csrf disabled="true"/>
为我工作。