对于这个Spring Boot应用程序,我写的是我实现了Spring Security,登录工作,只有注销功能不想让我退出..虽然它确实将我重定向到logoutSuccessURL但它没有清除SecurityContext我相信..
@Configuration
@EnableWebSecurity
public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/bower_components/**").permitAll()
.antMatchers("/index.html", "/").permitAll()
.antMatchers("/#/overview").hasAnyRole("ROLE_ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/")
.loginProcessingUrl("/authenticate")
.usernameParameter("username").passwordParameter("password")
.defaultSuccessUrl("/#/overview")
.successHandler(new LoginSuccessHandler(new SavedRequestAwareAuthenticationSuccessHandler()))
.failureHandler(new LoginFailureHandler())
.permitAll()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/#/login?yes").deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.permitAll()
.and()
.exceptionHandling().accessDeniedPage("/#/access_denied?error")
.and()
.httpBasic()
.and()
.csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("joeri").password("joeri").roles("USER");
}
}
主要方法
@SpringBootApplication
public class MyApp {
public static void main(String[] args) {
SpringApplication.run(MyApp.class, args);
}
}
登录处理程序
public class LoginFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException ex) throws IOException, ServletException {
System.out.println("made it here failure" + ex.getMessage());
if ("true".equals(request.getHeader("X-Login-Ajax-call"))) {
response.getWriter().print("{\"status\": " + HttpStatus.BAD_REQUEST.value()
+ ", \"success\" : false, \"message\" : \"" + ex.getMessage() + "\"}");
response.getWriter().flush();
}
}
}
成功处理程序
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
private AuthenticationSuccessHandler defaultHandler;
public LoginSuccessHandler(AuthenticationSuccessHandler defaultHandler) {
this.defaultHandler = defaultHandler;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth)
throws IOException, ServletException {
System.out.println("made it here, success");
if ("true".equals(request.getHeader("X-Login-Ajax-call"))) {
response.getWriter().print("{\"status\": " + HttpStatus.OK.value()
+ ", \"success\" : true, \"message\" : \"Authentication Succesful\"}");
response.getWriter().flush();
} else {
defaultHandler.onAuthenticationSuccess(request, response, auth);
}
}
}
Angular Code:
$scope.preparePostData = function() {
var username = $scope.username != undefined ? $scope.username : '';
var password = $scope.password != undefined ? $scope.password : '';
return 'username=' + username + '&password=' + password;
}
$scope.login = function() {
var postData = $scope.preparePostData();
$http({
method : 'POST',
url : 'authenticate',
data : postData,
headers : {
"Content-Type" : "application/x-www-form-urlencoded",
"X-Login-Ajax-call" : 'true'
}
}).then(function(response) {
if (response.status == 200) {
if (response.data.status == 200) {
$state.go('overview');
} else {
$scope.error_message = "Bad login credentials";
}
}
})
}
$scope.logout = function() {
$http({
method : 'POST',
url : 'logout',
headers : {
"Content-Type" : "application/x-www-form-urlencoded",
"X-Logout-Ajax-call" : 'true'
}
}).then(function(response) {
console.log(response);
if (response.status == 200) {
console.log(response);
$state.go('login');
} else {
console.log("Logout failed!");
}
})
}
我错过了什么......虽然我看不清楚。如果有人能指出我正确的方向,那就太棒了。