我正在将Spring Security 4.0.2.RELEASE与Spring 4.2.0.RELEASE一起使用。
我无法创建注销链接(我必须设置href属性的值)。
考虑:
使用 WebApplicationInitializer 在Java中配置 DelegatingFilterProxy : __
public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer { }
简单的配置类为Spring MVC启用Web安全性
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin().and() .authorizeRequests() .antMatchers("/spitter/").authenticated() .antMatchers(HttpMethod.GET, "/spitter/register").authenticated().and() .logout().deleteCookies("remove") .invalidateHttpSession(true).logoutUrl("/logout") .logoutSuccessUrl("/"); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("user").password("password") .roles("USER").and().withUser("admin").password("password") .roles("USER", "ADMIN"); } }
控制器:
@Controller @RequestMapping(value = "/spitter") public class SpittrController { private SpittleRepository spittleRepository; @Autowired public SpittrController(SpittleRepository spittleRepository) { this.spittleRepository = spittleRepository; } @RequestMapping(value = "/register", method = RequestMethod.GET) public String showRegistrationForm() { return "registerForm"; } @RequestMapping(value = "/register", method = RequestMethod.POST) public String processingRegistration(@Valid Spitter spitter, Errors errors) { if (errors.hasErrors()) { return "registerForm"; } spittleRepository.save(spitter); return "redirect:/spitter/" + spitter.getUserName(); } @RequestMapping(value = "/{username}", method = RequestMethod.GET) public String showSpitterProfile(@PathVariable("username") String username, Model model) { Spitter spitter = spittleRepository.findByUsername(username); if(spitter != null){ model.addAttribute(spitter); } return "profile"; } }
registerForm.jsp:
<form method="post"> <table> <tr> <td>First Name:</td> <td><input type="text" name="firstName" /></td> </tr> <tr> <td>Last Name:</td> <td><input type="text" name="lastName" /></td> </tr> <tr> <td>User Name:</td> <td><input type="text" name="userName" /></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password" /></td> </tr> <tr> <td><input type="submit" value="Register" /></td> </tr> </table> <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"> </form>
提交 registerForm.jsp之后 , profile.jsp 将显示给用户:
profile.jsp:
<body> <h1>Hello world!</h1> <p>The time on the server is ${serverTime}.</p> <h1>Your Profile</h1> <h1><a href="/logout">Logout</a></h1> <table> <tr> <td>First Name:</td> <td><c:out value="${spitter.firstName}" /></td> </tr> <tr> <td>Last Name:</td> <td><c:out value="${spitter.lastName}" /></td> </tr> <tr> <td>User Name:</td> <td><c:out value="${spitter.userName}" /></td> </tr> </table> </body>
当我打
http:// localhost:8080 / web / spitter / register
我被重定向到登录页面。登录并提交表单后,显示 profile.jsp ,其中包含一个 注销 链接。点击后,出现 HTTP 404 。
我已经阅读过Spring Security文档,但是他们已经考虑了 百里香 。我的页面很简单。
此外,我还考虑了这一点,
默认情况下,登出URL要求POST请求。要对GET请求执行注销,您需要: http .logout().logoutRequestMatcher(new AntPathRequestMatcher(“ / logout”)); 1:http: //docs.spring.io/spring- security/site/docs/3.2.x/guides/hellomvc.html
默认情况下,登出URL要求POST请求。要对GET请求执行注销,您需要:
http .logout().logoutRequestMatcher(new AntPathRequestMatcher(“ / logout”));
1:http: //docs.spring.io/spring- security/site/docs/3.2.x/guides/hellomvc.html
有什么建议么?
将您在profile.jsp中的代码更新为
<h1><a href="#" onclick="javascript:logoutForm.submit();">logout</a></h1> <c:url var="logoutUrl" value="/logout" /> <form action="${logoutUrl}" method="post" id="logoutForm"> <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> </form>
