一尘不染

使用Java配置通过Spring Security注销

jsp

我正在将Spring Security 4.0.2.RELEASE与Spring 4.2.0.RELEASE一起使用。

我无法创建注销链接(我必须设置href属性的值)。

考虑:

使用 WebApplicationInitializer 在Java中配置 DelegatingFilterProxy
__

public class SecurityWebInitializer
    extends AbstractSecurityWebApplicationInitializer {

}

简单的配置类为Spring MVC启用Web安全性

@Configuration
@EnableWebSecurity
public class SecurityConfig
    extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.formLogin().and()
            .authorizeRequests()
            .antMatchers("/spitter/").authenticated()   
            .antMatchers(HttpMethod.GET, "/spitter/register").authenticated().and()

            .logout().deleteCookies("remove")
            .invalidateHttpSession(true).logoutUrl("/logout")
            .logoutSuccessUrl("/");

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
        throws Exception {

        auth.inMemoryAuthentication().withUser("user").password("password")
            .roles("USER").and().withUser("admin").password("password")
            .roles("USER", "ADMIN");
    }

}

控制器:

@Controller
@RequestMapping(value = "/spitter")
public class SpittrController {

    private SpittleRepository spittleRepository;

    @Autowired
    public SpittrController(SpittleRepository spittleRepository) {

        this.spittleRepository = spittleRepository;
    }

    @RequestMapping(value = "/register", method = RequestMethod.GET)
    public String showRegistrationForm() {

        return "registerForm";
    }

    @RequestMapping(value = "/register", method = RequestMethod.POST)
    public String processingRegistration(@Valid Spitter spitter, Errors errors) {

        if (errors.hasErrors()) {
            return "registerForm";
        }

        spittleRepository.save(spitter);
        return "redirect:/spitter/" + spitter.getUserName();

    }

    @RequestMapping(value = "/{username}", method = RequestMethod.GET)
    public String showSpitterProfile(@PathVariable("username") String username,
                                     Model model) {

        Spitter spitter = spittleRepository.findByUsername(username);
        if(spitter != null){
            model.addAttribute(spitter);
        }

        return "profile";
    }
}

registerForm.jsp:

<form method="post">
        <table>
            <tr>
                <td>First Name:</td>
                <td><input type="text" name="firstName" /></td>
            </tr>
            <tr>
                <td>Last Name:</td>
                <td><input type="text" name="lastName" /></td>
            </tr>
            <tr>
                <td>User Name:</td>
                <td><input type="text" name="userName" /></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type="password" name="password" /></td>
            </tr>
            <tr>

                <td><input type="submit" value="Register" /></td>
            </tr>
        </table>
        <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}">
    </form>

提交 registerForm.jsp之后 profile.jsp 将显示给用户:

profile.jsp:

<body>
    <h1>Hello world!</h1>

    <p>The time on the server is ${serverTime}.</p>

    <h1>Your Profile</h1>
    <h1><a href="/logout">Logout</a></h1>


    <table>
        <tr>
            <td>First Name:</td>
            <td><c:out value="${spitter.firstName}" /></td>
        </tr>
        <tr>
            <td>Last Name:</td>
            <td><c:out value="${spitter.lastName}" /></td>
        </tr>
        <tr>
            <td>User Name:</td>
            <td><c:out value="${spitter.userName}" /></td>
        </tr>
    </table>    
</body>

当我打

http:// localhost:8080 / web / spitter /
register

我被重定向到登录页面。登录并提交表单后,显示 profile.jsp ,其中包含一个 注销 链接。点击后,出现 HTTP
404

我已经阅读过Spring Security文档,但是他们已经考虑了 百里香 。我的页面很简单。

此外,我还考虑了这一点,

默认情况下,登出URL要求POST请求。要对GET请求执行注销,您需要:

http .logout().logoutRequestMatcher(new AntPathRequestMatcher(“ / logout”));

1http//docs.spring.io/spring-
security/site/docs/3.2.x/guides/hellomvc.html

有什么建议么?


阅读 307

收藏
2020-06-10

共1个答案

一尘不染

将您在profile.jsp中的代码更新为

<h1><a href="#" onclick="javascript:logoutForm.submit();">logout</a></h1>

        <c:url var="logoutUrl" value="/logout" />
        <form action="${logoutUrl}" method="post" id="logoutForm">
            <input type="hidden" name="${_csrf.parameterName}"
                value="${_csrf.token}" />
        </form>
2020-06-10