Spring security Spring安全重定向和注销问题

我在Spring Security中面临以下问题：

（1） 我有一个url“/welcome”，当用户登录时调用它，即我的默认成功url是“/welcome”。无论用户的角色如何，登录后都应重定向到此url。问题是，若我不登录直接访问这个url，那个么它并没有重定向到登录页面

（2） 注销后，我被重定向到正确的登录页面。但当我点击浏览器后退按钮时，我将重定向到上一页，而不是停留在登录页上

下面是我的代码：

DesertLampSecurityConfiguration.java

@Configuration
@EnableWebSecurity
public class DesertLampSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationMgr) throws Exception {
        authenticationMgr.inMemoryAuthentication()
            .withUser("subodh.ranadive@desertlamp.com")
            .password("Dlpl123#")
            .authorities("SUPER_USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .antMatchers("/", "/home").permitAll()
            .and()
                .formLogin().loginPage("/login")
                .failureUrl("/login?error")
                .defaultSuccessUrl("/welcome", true)
                .usernameParameter("email").passwordParameter("password")
            .and()
                .logout()
                    .logoutSuccessUrl("/login?logout")
            .and()
                .csrf()
            .and()
                .exceptionHandling().accessDeniedPage("/Access_Denied");
    }
}

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .antMatchers("/", "/home").permitAll()
        .anyRequest().authenticated()
            .and()
                .formLogin().loginPage("/login").permitAll()
                .failureUrl("/login?error")
                .defaultSuccessUrl("/welcome", true)
                .usernameParameter("email").passwordParameter("password")
            .and()
                .logout()
                    .logoutSuccessUrl("/login?logout")
            .and()
                .csrf()
            .and()
                .exceptionHandling().accessDeniedPage("/Access_Denied");
    }

DefaultController.java

@Controller
public class DefaultController {

    @RequestMapping(value = { "/", "/home" }, method = RequestMethod.GET)
    public ModelAndView defaultPage() {
        ModelAndView model = new ModelAndView();
        model.setViewName("common/pgDefault");
        return model;
    }

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public ModelAndView loginPage(@RequestParam(value = "error",required = false) String error,
            @RequestParam(value = "logout", required = false) String logout) {

        ModelAndView model = new ModelAndView();
        if (error != null) {
            model.addObject("error", "Invalid Email OR Password");
        }

        if (logout != null) {
            model.addObject("message", "You are successfully logged out");
        }

        model.setViewName("common/pgLogin");
        return model;
    }

    @RequestMapping(value="/welcome", method = RequestMethod.GET)
    public String welcomePage(ModelMap model){
        return "common/pgWelcome";
    }
}

incLogout.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

</head>
<body>
    <div align="right">
        <c:url value="/logout" var="logoutUrl" />
        <form id="logout" action="${logoutUrl}" method="post" >
            <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
        </form>
        <c:if test="${pageContext.request.userPrincipal.name != null}">
            <a href="javascript:document.getElementById('logout').submit()">Logout</a>
        </c:if>
    </div>
</body>
</html>

---

提前谢谢。

我已经得到了解决方案。在DesertLampSecurityConfiguration.java的configure（）方法中添加了.anyRequest（）.authenticated（），解决了上述（1）和（2）个查询

DesertLampSecurityConfiguration.java

@Configuration
@EnableWebSecurity
public class DesertLampSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationMgr) throws Exception {
        authenticationMgr.inMemoryAuthentication()
            .withUser("subodh.ranadive@desertlamp.com")
            .password("Dlpl123#")
            .authorities("SUPER_USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .antMatchers("/", "/home").permitAll()
            .and()
                .formLogin().loginPage("/login")
                .failureUrl("/login?error")
                .defaultSuccessUrl("/welcome", true)
                .usernameParameter("email").passwordParameter("password")
            .and()
                .logout()
                    .logoutSuccessUrl("/login?logout")
            .and()
                .csrf()
            .and()
                .exceptionHandling().accessDeniedPage("/Access_Denied");
    }
}

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .antMatchers("/", "/home").permitAll()
        .anyRequest().authenticated()
            .and()
                .formLogin().loginPage("/login").permitAll()
                .failureUrl("/login?error")
                .defaultSuccessUrl("/welcome", true)
                .usernameParameter("email").passwordParameter("password")
            .and()
                .logout()
                    .logoutSuccessUrl("/login?logout")
            .and()
                .csrf()
            .and()
                .exceptionHandling().accessDeniedPage("/Access_Denied");
    }