您好,我在春季启动应用程序中表达了弹簧安全性。但是在点击退出时,它需要一些重定向网址。如何避免呢?
我的WebSecurityConfig是
@Override
protected void configure( HttpSecurity http ) throws Exception
{
http.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/rest/auth/**").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/dist/**").permitAll()
.antMatchers("/node_modules/**").permitAll()
.antMatchers("/src/**").permitAll()
.anyRequest().authenticated()
.and()
.logout().addLogoutHandler(logoutHandler)
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()));
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
我的LogoutHandler是
@Override
public void logout( HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
Authentication authentication )
{
try
{
SecurityContextHolder.getContext().setAuthentication(null);
SecurityContextHolder.clearContext();
String responseValue = new ObjectMapper().writeValueAsString("success");
httpServletResponse.setStatus(HttpServletResponse.SC_ACCEPTED);
httpServletResponse.addHeader("Content-Type", "application/json");
httpServletResponse.getWriter().print(responseValue);
}
catch( Exception e )
{
LOGGER.error("Error", e);
String responseValue;
try
{
responseValue = new ObjectMapper().writeValueAsString("failed");
httpServletResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
httpServletResponse.addHeader("Content-Type", "application/json");
httpServletResponse.getWriter().print(responseValue);
}
catch( IOException e1 )
{
LOGGER.error("Error", e1);
}
}
}
我只想将响应发送到LogoutHandler中配置的客户端。但成功注销后,它将重定向到/login。我不希望它被重定向到任何其他网址。我只想将响应发送到客户端。怎么做到这一点?
答案 0 :(得分:2)
试试这个:
...
.and()
.logout().logoutSuccessHandler(logoutHandler)
.and()
...