重定向注销Spring Security

时间:2017-05-04 04:25:46

标签: java spring

我为@Override

使用以下Spring安全配置 
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/login").permitAll()
        .and()
        .authorizeRequests()
            .antMatchers("/signup").permitAll()
        .and()
        .authorizeRequests()
            .anyRequest().authenticated()
        .and()
            .logout().logoutUrl("/logout").logoutSuccessUrl("/login").deleteCookies("auth_code").invalidateHttpSession(true)
        .and()
        // We filter the api/signup requests
        .addFilterBefore(
            new JWTSignupFilter("/signup", authenticationManager(),
                    accountRepository, passwordEncoder),
            UsernamePasswordAuthenticationFilter.class)
        // We filter the api/login requests
        .addFilterBefore(
            new JWTLoginFilter("/login", authenticationManager()),
            UsernamePasswordAuthenticationFilter.class)
        // And filter other requests to check the presence of JWT in
        // header
        .addFilterBefore(new JWTAuthenticationFilter(userDetailsServiceBean()),
            UsernamePasswordAuthenticationFilter.class);
}

我希望浏览器在注销成功后重定向到/login网址。但我得到了这样的答复:

{
  "timestamp": 1493871686489,
  "status": 404,
  "error": "Not Found",
  "message": "No message available",
  "path": "/login"
}

修改1

我有一个登录过滤器,用于捕获对/login端点的POST请求:

public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {


    public JWTLoginFilter(String url, AuthenticationManager authManager) {
        super(new AntPathRequestMatcher(url, "POST"));
        setAuthenticationManager(authManager);
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest req,
            HttpServletResponse res) throws AuthenticationException,
            IOException, ServletException {

        CustomUserDetails creds = new ObjectMapper().readValue(
                req.getInputStream(), CustomUserDetails.class);

        return getAuthenticationManager().authenticate(
                new UsernamePasswordAuthenticationToken(creds.getUsername(),
                        creds.getPassword()));
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest req,
            HttpServletResponse res, FilterChain chain, Authentication auth) {
        TokenAuthenticationService.addAuthentication(res, auth.getName());
    }
}

编辑2

以下休息控制器没有被击中! 

@RestController
public class UserAcccountController {
    @Autowired
    AccountRepository accountRepository;

    @RequestMapping(path = "/login", method = RequestMethod.GET)
    public String loginGet() {
        return "/login";
    }

    @RequestMapping(path = "/login", method = RequestMethod.POST)
    public void loginPost(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Location", "/home");
    }

}

1 个答案:

答案 0 :(得分:0)

解决方案是添加编辑2中包含的控制器,我还必须将登录过滤器中的successfulAuthentication编辑为以下内容:

@Override
protected void successfulAuthentication(HttpServletRequest req,
        HttpServletResponse res, FilterChain chain, Authentication auth) {
    TokenAuthenticationService.addAuthentication(res, auth.getName());
    chain.doFilter(req, res);
}
相关问题
最新问题