我只能第一次登录,而这一切都是。我无法退出。我试图删除JSESSIONID cookie,但它们总是在浏览器中?如果我用手删除JSESSIONID - 一切都很完美。
这是我的security-context.xml
<intercept-url pattern="/adm/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/red/**" access="hasRole('ROLE_REDADMIN')" />
<intercept-url pattern="/cus/**" access="hasRole('ROLE_USER')" />
<!-- access denied page -->
<access-denied-handler error-page="/index" />
<form-login login-page="/login" default-target-url="/index"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/login?error"
username-parameter="email"
password-parameter="password" />
<logout logout-success-url="/login?logout" delete-cookies="JSESSIONID" invalidate-session="true"/>
<csrf disabled="true"/>
</http>
<beans:bean id="UserDetailsServiceImplementation"
class="com.softserveinc.ita.redplatform.business.service.UserDetailsServiceImplementation">
<beans:property name="userService" ref="userService"></beans:property>
</beans:bean>
<beans:bean id="userFilter" class="com.softserveinc.ita.redplatform.web.filters.UserFilter">
<beans:property name="userService" ref="userService"></beans:property>
</beans:bean>
<beans:bean id="bcryptEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider user-service-ref="UserDetailsServiceImplementation">
<password-encoder ref="bcryptEncoder"/>
</authentication-provider>
</authentication-manager>
<global-method-security secured-annotations="enabled"/>
登录控制器类
@Controller
public class LoginController {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public final ModelAndView login(
@RequestParam(value = "error", required = false)final String error) {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken)) {
/* The user is logged in :) */
return new ModelAndView("forward:/index");
}
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid username or password!");
}
model.setViewName("common/login");
return model;
}
@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
public final String loginerror(final Model model) {
model.addAttribute("error", "true");
return "common/login";
}
}
的web.xml
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>