Question

我正在将Spring boot 2与spring securit结合使用，并且对MVC和REST使用不同的安全性

在我的类MultiHttpSecurityConfig中

@Configuration
    @Order(1)
    public class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Override
        public void configure(WebSecurity web) throws Exception {
            web.ignoring().antMatchers("/css/**", "/webjars/**", "/js/**", "/img/**", "/vendors/**");
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.authenticationEventPublisher(authenticationEventPublisher).userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .authorizeRequests()
                    .antMatchers("/css/**", "/webjars/**", "/js/**", "/img/**", "/vendors/**", "/").permitAll()
                    .anyRequest().authenticated()
                    .and()
                    .formLogin().loginPage("/login").permitAll()
                    .successHandler(customAuthenticationSuccessHandler)
                    .and()
                    .logout()
                    .logoutUrl("/logout")
                    .logoutSuccessHandler(new CustomLogoutHandler())
                    .logoutSuccessUrl("/login")
                    .and().csrf().disable();
        }
    }

    @Configuration
    @Order(2)
    public class RestWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.authenticationEventPublisher(authenticationEventPublisher).userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/rest/**")
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .formLogin().loginPage("/login").permitAll()
                    .successHandler(customAuthenticationSuccessHandler)
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .csrf().disable();
        }
    }

我关闭标签后尝试注销会话。

var valid = false;

function force_logout() {

    $.ajax({
        url: 'logout',
        type: 'POST',
        success: function(data) {
            window.location = "/";
        },
        error : function(data) {
            console.log(data);
        }
    });
}

window.onbeforeunload = function(e) {
    if (!valid) {
        force_logout();
    }
}

$("button").on("click", function() {
    valid = true;
});

$("a").bind("click", function() {
    valid = true;
});

$(document.body).on("keydown", this,
    function(event) {

        if (event.keyCode == 116) {
            valid = true;
        }
        if (event.keyCode == 82 && event.ctrlKey) {
            valid = true;
        }
        if (event.keyCode == 82 && event.ctrlKey && event.shiftKey) {
            valid = true;
        }
    });

function setValidtrue() {
    valid = true;
}

但是它似乎不能完全正常工作。

如果我打开了一个表，然后又打开了一个表。我关闭第一个。注销似乎可行，但是在第二个选项卡上，我可以继续使用应用程序。

关闭选项卡上的注销无法正常工作

0 个答案: