Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/spring-boot/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
无法使用JdbcTokenStore在Spring OAuth2中注销_Spring_Spring Boot_Spring Oauth2 - Fatal编程技术网
Fatal编程技术网
  • spring/
  • 无法使用JdbcTokenStore在Spring OAuth2中注销

无法使用JdbcTokenStore在Spring OAuth2中注销

spring spring-boot

无法使用JdbcTokenStore在Spring OAuth2中注销,spring,spring-boot,spring-oauth2,Spring,Spring Boot,Spring Oauth2,使用了SpringOAuth2withJDBCTokenStore-自定义登录页面,如下面的代码段所示 @Configuration @Order(-20) protected static class LoginConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Override protec

使用了SpringOAuth2withJDBCTokenStore-自定义登录页面,如下面的代码段所示

@Configuration
@Order(-20)
protected static class LoginConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http.sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.NEVER)
            .invalidSessionUrl("/login")
            .sessionAuthenticationErrorUrl("/login")
            .and()
                .formLogin().loginPage("/login").permitAll().defaultSuccessUrl("/homepage", false)
                .failureUrl("/login?error=true")
            .and()
                .requestMatchers()
                .antMatchers("/", "/login", "/logout", "/homepage", "/login?error=true", "/oauth/authorize", "/oauth/confirm_access")
            .and()
                .logout().logoutUrl("/logout").logoutSuccessUrl("/login").invalidateHttpSession(true)
                .permitAll()
            .and().authorizeRequests()
                .antMatchers("/login**")
                .permitAll().anyRequest().authenticated();
        // @formatter:on
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.parentAuthenticationManager(authenticationManager);
    }
}
来自不同的在线资源,例如Spring Security似乎有一个内置的端点/注销来注销用户,但这似乎对我不起作用。当我点击该端点时,它会重定向回自定义登录页面,这很好,但不一致。使用多个选项卡时,它有时有效,但不是每次都有效。还注意到Spring创建的cookie也没有清除

下面定义的Web安全配置适配器是否有问题

@Configuration
@Order(-20)
protected static class LoginConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
            .formLogin()
            .loginPage("/login")
            .permitAll()
            .defaultSuccessUrl("/homepage", false)
            .failureUrl("/login?error=true")    
        .and()
            .requestMatchers().antMatchers("/login", "/homepage", "/login?error=true", "/oauth/authorize", "/oauth/confirm_access")
        .and()
            .authorizeRequests().anyRequest().authenticated();
        // @formatter:on
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.parentAuthenticationManager(authenticationManager);
    }
}
一旦内置注销功能开始工作,最好也删除数据库中创建的令牌。尝试了一些可能的答案,但不起作用。如果有任何建议,我们将不胜感激

我可以发布更多的代码片段,如果这有助于提供更清晰的信息。

最终我们实现了这一点——希望这对其他同舟共济的人有所帮助

如果在下面的代码段中不需要会话管理配置,则可以忽略该配置

@Configuration
@Order(-20)
protected static class LoginConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http.sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.NEVER)
            .invalidSessionUrl("/login")
            .sessionAuthenticationErrorUrl("/login")
            .and()
                .formLogin().loginPage("/login").permitAll().defaultSuccessUrl("/homepage", false)
                .failureUrl("/login?error=true")
            .and()
                .requestMatchers()
                .antMatchers("/", "/login", "/logout", "/homepage", "/login?error=true", "/oauth/authorize", "/oauth/confirm_access")
            .and()
                .logout().logoutUrl("/logout").logoutSuccessUrl("/login").invalidateHttpSession(true)
                .permitAll()
            .and().authorizeRequests()
                .antMatchers("/login**")
                .permitAll().anyRequest().authenticated();
        // @formatter:on
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.parentAuthenticationManager(authenticationManager);
    }
}
创建一个注销控制器以及上面的步骤就可以了

@Controller
public class LogoutController {

    @RequestMapping(value = "/logout", method = RequestMethod.GET)
    public String logout(HttpServletRequest request, HttpServletResponse response, Model model) {
        /* Getting session and then invalidating it */
        HttpSession session = request.getSession();
        if (session != null) {
            session.invalidate();
        }
        HandleLogOutResponse(response, request);
        return "logout";
    }

    private void HandleLogOutResponse(HttpServletResponse response, HttpServletRequest request) {
        Cookie[] cookies = request.getCookies();
        for (Cookie cookie : cookies) {
            cookie.setMaxAge(0);
            cookie.setValue(null);
            cookie.setPath("/");
            response.addCookie(cookie);
        }
    }
您可以使用下面的简单函数注册视图

public void addViewControllers(ViewControllerRegistry registry) {
    registry.addViewController("/").setViewName("login");
    registry.addViewController("/login").setViewName("login");
    registry.addViewController("/homepage").setViewName("homepage");
    registry.addViewController("/logout").setViewName("logout");
}
最后我们实现了这一点——希望这对其他同舟共济的人有所帮助

如果在下面的代码段中不需要会话管理配置,则可以忽略该配置

@Configuration
@Order(-20)
protected static class LoginConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http.sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.NEVER)
            .invalidSessionUrl("/login")
            .sessionAuthenticationErrorUrl("/login")
            .and()
                .formLogin().loginPage("/login").permitAll().defaultSuccessUrl("/homepage", false)
                .failureUrl("/login?error=true")
            .and()
                .requestMatchers()
                .antMatchers("/", "/login", "/logout", "/homepage", "/login?error=true", "/oauth/authorize", "/oauth/confirm_access")
            .and()
                .logout().logoutUrl("/logout").logoutSuccessUrl("/login").invalidateHttpSession(true)
                .permitAll()
            .and().authorizeRequests()
                .antMatchers("/login**")
                .permitAll().anyRequest().authenticated();
        // @formatter:on
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.parentAuthenticationManager(authenticationManager);
    }
}
创建一个注销控制器以及上面的步骤就可以了

@Controller
public class LogoutController {

    @RequestMapping(value = "/logout", method = RequestMethod.GET)
    public String logout(HttpServletRequest request, HttpServletResponse response, Model model) {
        /* Getting session and then invalidating it */
        HttpSession session = request.getSession();
        if (session != null) {
            session.invalidate();
        }
        HandleLogOutResponse(response, request);
        return "logout";
    }

    private void HandleLogOutResponse(HttpServletResponse response, HttpServletRequest request) {
        Cookie[] cookies = request.getCookies();
        for (Cookie cookie : cookies) {
            cookie.setMaxAge(0);
            cookie.setValue(null);
            cookie.setPath("/");
            response.addCookie(cookie);
        }
    }
您可以使用下面的简单函数注册视图

public void addViewControllers(ViewControllerRegistry registry) {
    registry.addViewController("/").setViewName("login");
    registry.addViewController("/login").setViewName("login");
    registry.addViewController("/homepage").setViewName("homepage");
    registry.addViewController("/logout").setViewName("logout");
}