Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/335.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java spring安全注销未命中成功处理程序ref_Java_Spring_Spring Mvc_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java spring安全注销未命中成功处理程序ref

Java spring安全注销未命中成功处理程序ref

java spring spring-mvc spring-security

Java spring安全注销未命中成功处理程序ref,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,我使用spring 4.1.6.RELEASE和spring security 4.0.1.RELEASE 我有以下配置 <http auto-config="false" entry-point-ref="customAuthenticationEntryPoint" create-session="ifRequired" > <intercept-url pattern="/**" access="hasAuthority('Admin')" />

我使用spring 4.1.6.RELEASE和spring security 4.0.1.RELEASE 我有以下配置

<http auto-config="false" entry-point-ref="customAuthenticationEntryPoint"  create-session="ifRequired" >
        <intercept-url pattern="/**" access="hasAuthority('Admin')" />
        <custom-filter before="BASIC_AUTH_FILTER"  ref="loginTokenFilter" />
        <logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
        <access-denied-handler error-page="/noaccess.html"/>
        <headers>
            <frame-options policy="SAMEORIGIN" />
        </headers>
    </http>
登录效果很好,但注销效果不好。我在MyLogoutSuccessHandler.onLogoutSuccess()中设置了一个断点 并从浏览器中调用。未调用成功处理程序

我做错什么了吗?我应该为“/注销”路径提供特定的@RequestMapping吗

在web.xml中,我有以下内容

<filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
默认情况下,Spring security启用CSRF,注销必须是POST请求,因为它需要CSRF令牌。 检查。。 另一个类似的

如果希望注销以处理GET请求,可以在配置中这样关闭CSRF

<http auto-config="false">
        <csrf disabled="true"/>
如果你不想关闭CSRF,你必须像这样注销

<c:url var="logoutUrl" value="/logout"/>
<form action="${logoutUrl}" method="post">
  <input type="submit" value="Log out" />
  <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>
CSRF是否开启?你需要张贴注销表,如果它是…不熟悉CSRF,所以不能肯定地说。。。关于POST,我目前只发送一个GET请求。如果需要POST,POST正文中是否也应该有任何特定的数据? 
<c:url var="logoutUrl" value="/logout"/>
<form action="${logoutUrl}" method="post">
  <input type="submit" value="Log out" />
  <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>