Java Spring安全注销呼叫
我试图使用Java配置设置Spring Security+mvc,但由于某些原因,它不起作用,我得到了一个404错误 在我实现的WebApplicationInitializer类中,我下一步注册了安全过滤器Java Spring安全注销呼叫,java,spring-mvc,spring-security,logout,Java,Spring Mvc,Spring Security,Logout,我试图使用Java配置设置Spring Security+mvc,但由于某些原因,它不起作用,我得到了一个404错误 在我实现的WebApplicationInitializer类中,我下一步注册了安全过滤器 @Override public void onStartup(ServletContext servletContext) throws ServletException { ... FilterRegistration.Dynamic securityFilte
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
...
FilterRegistration.Dynamic securityFilterChain = servletContext.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class);
securityFilterChain.addMappingForUrlPatterns(null, false, "/*");
..
SecurityContext的列表
@Configuration
@EnableWebSecurity
public class SecurityContext extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
// BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
// auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/assets/**").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/profile/**").hasAnyRole("ADMIN", "USER")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/profile")
.failureUrl("/login?error")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
// .and()
// .logout()
// .logoutUrl("/logout")
// .logoutSuccessUrl("/")
// .permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403");
}
}
对于logoutUrl,我尝试了所有组合,但没有成功。。。
当我试图在jsp页面中使用此链接时
<c:url value='/j_spring_security_check' />
我得到404找不到异常
我花了一整天的时间试图让它发挥作用。有人知道如何解决这个问题吗
PS例如,如果我将logoutUrl设置为“/logout”,我是否应该制作一个控制器来处理此url?您的注销机制不起作用。。。这是否意味着您的登录机制正常工作? 在这种情况下,请尝试处理您的“/logOut”url:
public LogInController{
...
@RequestMapping(value = "/logOut", method = RequestMethod.GET)
public String logOut(ModelMap model) {
//Redirect to your start page (mapping the url '/welcome' for example)
return "redirect:welcome";
}
...
}
如果没有,请检查是否已将安全配置文件添加到“onStartup”方法:
public void onStartup(ServletContext servletContext) throws ServletException {
AnnotationConfigWebApplicationContext rootContext =
new AnnotationConfigWebApplicationContext();
//adding your main config class
rootContext.register(WebAppConfig.class);
//adding your security config class
rootContext.register(SecurityConfiguration.class);
...
}
然后您可以尝试在http之后添加。在“配置”方法中(如果您在授权之前不使用csrf令牌):
并检查其他bean:
@Bean
public ProviderManager providerManager() {
List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
list.add(daoAuthenticationProvider());
return new ProviderManager(list);
}
//If you use this filter (I think so, because you've defined 'username' and 'password' in
'configure' method)
@Bean
public UsernamePasswordAuthenticationFilter filter() {
UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
filter.setAuthenticationManager(providerManager());
return filter;
}
@Bean
公共ProviderManager ProviderManager(){
列表=新的ArrayList();
添加(daoAuthenticationProvider());
返回新的ProviderManager(列表);
}
//如果你使用这个过滤器(我想是的,因为你在
“配置”方法)
@豆子
公共用户名PasswordAuthenticationFilter(){
UsernamePasswordAuthenticationFilter=新的UsernamePasswordAuthenticationFilter();
setAuthenticationManager(providerManager());
回流过滤器;
}
添加csrf().disable()解决了这个问题!!!我不知道为什么默认启用它,我读到它只是SpringJava配置特性(没有XML)
@Bean
public ProviderManager providerManager() {
List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
list.add(daoAuthenticationProvider());
return new ProviderManager(list);
}
//If you use this filter (I think so, because you've defined 'username' and 'password' in
'configure' method)
@Bean
public UsernamePasswordAuthenticationFilter filter() {
UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
filter.setAuthenticationManager(providerManager());
return filter;
}