Java Spring security HttpServletRequest和SecurityContextHolder注销不工作
我对Spring Security相对较新,我正在尝试创建一个用于注销用户的端点。到目前为止,我尝试过的代码是:Java Spring security HttpServletRequest和SecurityContextHolder注销不工作,java,spring-security,logout,Java,Spring Security,Logout,我对Spring Security相对较新,我正在尝试创建一个用于注销用户的端点。到目前为止,我尝试过的代码是: public ResponseEntity<String> logout(HttpServletRequest request, HttpServletResponse response) { // Authentication auth = SecurityContextHolder.getContext().getAuthentication(); //
public ResponseEntity<String> logout(HttpServletRequest request, HttpServletResponse response) {
// Authentication auth = SecurityContextHolder.getContext().getAuthentication();
// if (auth != null) {
// new SecurityContextLogoutHandler().logout(request, response, auth);
// System.out.println("logging out");
// return new ResponseEntity<>(HttpStatus.OK);
// }
try {
request.logout();
System.out.println("successful logout");
} catch (ServletException e) {
e.printStackTrace();
}
return new ResponseEntity<>(HttpStatus.OK);
}
我的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST, securityConstraintsProperties.getSignUpUrl()).permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager(), getApplicationContext(), securityConstraintsProperties))
.addFilter(new JWTAuthorizationFilter(authenticationManager(), securityConstraintsProperties))
// this disables session creation on Spring Security
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
我在不同的答案中看到了这两种可能性,但不幸的是,它们都不适合我。当我在注销后执行请求时,请求仍然是可能的。这怎么可能
提前谢谢你 你的UserDetails服务实现是什么?我已经添加了我的UserDetails服务你的spring安全配置是什么?在这里,它解决了问题吗?@Erwin你还在吗?
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST, securityConstraintsProperties.getSignUpUrl()).permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager(), getApplicationContext(), securityConstraintsProperties))
.addFilter(new JWTAuthorizationFilter(authenticationManager(), securityConstraintsProperties))
// this disables session creation on Spring Security
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}