Java Spring安全注销呼叫
我试图使用Java配置设置Spring Security+mvc,但由于某些原因,它不起作用,我得到了一个404错误 在我实现的WebApplicationInitializer类中,我下一步注册了安全过滤器Java Spring安全注销呼叫,java,spring-mvc,spring-security,logout,Java,Spring Mvc,Spring Security,Logout,我试图使用Java配置设置Spring Security+mvc,但由于某些原因,它不起作用,我得到了一个404错误 在我实现的WebApplicationInitializer类中,我下一步注册了安全过滤器 @Override public void onStartup(ServletContext servletContext) throws ServletException { ... FilterRegistration.Dynamic securityFilte
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
...
FilterRegistration.Dynamic securityFilterChain = servletContext.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class);
securityFilterChain.addMappingForUrlPatterns(null, false, "/*");
..
@Configuration
@EnableWebSecurity
public class SecurityContext extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
// BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
// auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/assets/**").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/profile/**").hasAnyRole("ADMIN", "USER")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/profile")
.failureUrl("/login?error")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
// .and()
// .logout()
// .logoutUrl("/logout")
// .logoutSuccessUrl("/")
// .permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403");
}
}
<c:url value='/j_spring_security_check' />
PS例如,如果我将logoutUrl设置为“/logout”,我是否应该制作一个控制器来处理此url?您的注销机制不起作用。。。这是否意味着您的登录机制正常工作? 在这种情况下,请尝试处理您的“/logOut”url:
public LogInController{
...
@RequestMapping(value = "/logOut", method = RequestMethod.GET)
public String logOut(ModelMap model) {
//Redirect to your start page (mapping the url '/welcome' for example)
return "redirect:welcome";
}
...
}
public void onStartup(ServletContext servletContext) throws ServletException {
AnnotationConfigWebApplicationContext rootContext =
new AnnotationConfigWebApplicationContext();
//adding your main config class
rootContext.register(WebAppConfig.class);
//adding your security config class
rootContext.register(SecurityConfiguration.class);
...
}
@Bean
public ProviderManager providerManager() {
List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
list.add(daoAuthenticationProvider());
return new ProviderManager(list);
}
//If you use this filter (I think so, because you've defined 'username' and 'password' in
'configure' method)
@Bean
public UsernamePasswordAuthenticationFilter filter() {
UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
filter.setAuthenticationManager(providerManager());
return filter;
}
@Bean
公共ProviderManager ProviderManager(){
列表=新的ArrayList();
添加(daoAuthenticationProvider());
返回新的ProviderManager(列表);
}
//如果你使用这个过滤器(我想是的,因为你在
“配置”方法)
@豆子
公共用户名PasswordAuthenticationFilter(){
UsernamePasswordAuthenticationFilter=新的UsernamePasswordAuthenticationFilter();
setAuthenticationManager(providerManager());
回流过滤器;
}
@Bean
public ProviderManager providerManager() {
List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
list.add(daoAuthenticationProvider());
return new ProviderManager(list);
}
//If you use this filter (I think so, because you've defined 'username' and 'password' in
'configure' method)
@Bean
public UsernamePasswordAuthenticationFilter filter() {
UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
filter.setAuthenticationManager(providerManager());
return filter;
}