我正在尝试注销我的springboot应用程序中的用户,但仍然再次使我登录 我已经提到了这一点,但没有为我Spring Security logout does not work - does not clear security context and authenticated user still exists
这是我的SecurityMiddleware代码
@EnableWebSecurity
public class SecurityMiddleware implements WebSecurityConfigurer {
@Autowired
private UserRepository userRepository;
@Override
public void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.csrf()
.disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.anonymous()
.disable()
.addFilterAt(new JWTAuthorizationFilter(userRepository), BasicAuthenticationFilter.class)
.logout().clearAuthentication(true).logoutUrl("/logout").logoutSuccessUrl("/login").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.and()
.exceptionHandling()
.authenticationEntryPoint(new Http401ForbiddenEntryPoint());
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/login/**");
}
}```