注销链接不会与Spring Security和Thymeleaf

时间:2016-07-03 18:50:26

标签: java spring spring-mvc spring-security thymeleaf

我使用Spring SecurityThymeleaf根据Logout link with Spring and Thymeleaf的答案提供退出功能:

<form class="pull-xs-right" method="post"
    th:action="@{/logout}"
>
    <button class="nav-item nav-link" type="submit">Logout</button>
</form>

使用Spring Security config:

http
    .formLogin()
    .successHandler(
        new DifferentRoleBasedStartingURLsAuthenticationSuccessHandler()
    )
    .and()
    .logout()
    .logoutUrl("/logout")
    .logoutSuccessUrl("/")
    .and()
    .httpBasic()
    .and()
    .authorizeRequests()
    .antMatchers("/jobs/**").authenticated()
    .antMatchers("/interviews/**").authenticated()
    .anyRequest().permitAll()
;

它工作得很好 - 请求已发送,它是POST /hire-platform/logout(其中hire-platform是我项目的部署URL)。但它也应该重定向到/我想,什么也没发生。我认为注销是正确的,因为如果我再次单击注销按钮,我会获得403状态的页面,或者如果我使用F5刷新页面,它会将我重定向到/。但它应该在点击后立即重定向,并且它没有。我最终得到了一个旁路解决方案,它创建了我自己的logoutSuccessHandler

public final class RedirectToPageLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
    private final String url;

    public RedirectToPageLogoutSuccessHandler(final String url) {
        this.url = url;
    }

    @Override
    public void onLogoutSuccess(final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse, final Authentication authentication) throws IOException, ServletException {
        httpServletResponse.sendRedirect("/hire-platform" + url);
    }
}

但这是一个糟糕的解决方案,我认为不必要的复杂(我很确定它应该更简单),并且它具有硬编码的/hire-platform字符串。我的代码有什么问题,我看不到,这导致POST后logout重定向没有发生?如果有人会帮助我,我将非常感激,谢谢你。

0 个答案:

没有答案