Fatal编程技术网
  • java/
  • Java Spring security HttpServletRequest和SecurityContextHolder注销不工作

Java Spring security HttpServletRequest和SecurityContextHolder注销不工作

java spring-security

Java Spring security HttpServletRequest和SecurityContextHolder注销不工作,java,spring-security,logout,Java,Spring Security,Logout,我对Spring Security相对较新,我正在尝试创建一个用于注销用户的端点。到目前为止,我尝试过的代码是: public ResponseEntity<String> logout(HttpServletRequest request, HttpServletResponse response) { // Authentication auth = SecurityContextHolder.getContext().getAuthentication(); //

我对Spring Security相对较新,我正在尝试创建一个用于注销用户的端点。到目前为止,我尝试过的代码是:

  public ResponseEntity<String> logout(HttpServletRequest request, HttpServletResponse response) {
//    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
//    if (auth != null) {
//      new SecurityContextLogoutHandler().logout(request, response, auth);
//      System.out.println("logging out");
//      return new ResponseEntity<>(HttpStatus.OK);
//    }
    try {
      request.logout();
      System.out.println("successful logout");
    } catch (ServletException e) {
      e.printStackTrace();
    }
    return new ResponseEntity<>(HttpStatus.OK);
  }
我的安全配置:

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.cors().and().csrf().disable().authorizeRequests()
        .antMatchers(HttpMethod.POST, securityConstraintsProperties.getSignUpUrl()).permitAll()
        .anyRequest().authenticated()
        .and()
        .addFilter(new JWTAuthenticationFilter(authenticationManager(), getApplicationContext(), securityConstraintsProperties))
        .addFilter(new JWTAuthorizationFilter(authenticationManager(), securityConstraintsProperties))
        // this disables session creation on Spring Security
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
  }
我在不同的答案中看到了这两种可能性,但不幸的是,它们都不适合我。当我在注销后执行请求时,请求仍然是可能的。这怎么可能

提前谢谢你

你的UserDetails服务实现是什么?我已经添加了我的UserDetails服务你的spring安全配置是什么?在这里,它解决了问题吗?@Erwin你还在吗? 
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.cors().and().csrf().disable().authorizeRequests()
        .antMatchers(HttpMethod.POST, securityConstraintsProperties.getSignUpUrl()).permitAll()
        .anyRequest().authenticated()
        .and()
        .addFilter(new JWTAuthenticationFilter(authenticationManager(), getApplicationContext(), securityConstraintsProperties))
        .addFilter(new JWTAuthorizationFilter(authenticationManager(), securityConstraintsProperties))
        // this disables session creation on Spring Security
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
  }