我正试图编写一个注销函数,将用户返回到主页("/"(,但当我按下按钮时,它什么也没做。我一直在学习教程,但他们似乎都有同样的问题,那就是它对我不起作用
安全配置代码
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login")
.permitAll()
.antMatchers("/admin")
.hasAnyRole("ADMIN", "USER")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/admin")
.failureUrl("/login?error=true")
.permitAll()
.and()
.logout().logoutUrl("/login")
.permitAll()
.and()
.csrf()
.disable()
;
return;
}
控制器
@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null){
new SecurityContextLogoutHandler().logout(request, response, auth);
}
return "redirect:/login?logout";
}
最后存储JSP注销
<body>
<form th:action="@{/logout}" method="post">
<input type="submit" value="Sign Out"/>
</form>
</body>
任何帮助都将不胜感激。以及任何其他提示,因为这是我在这里的第一篇帖子:(
logout((配置:
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/logout.done")
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
或在控制器中编程:
@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
HttpSession session= request.getSession(false);
SecurityContextHolder.clearContext();
session= request.getSession(false);
if(session != null) {
session.invalidate();
}
for(Cookie cookie : request.getCookies()) {
cookie.setMaxAge(0);
}
return "logout";
选择其中一种方式,如果您已经创建了自定义路由,则不应添加.logout((配置
在jsp:上
<a href="${pageContext.request.contextPath}/logout?${_csrf.parameterName}=${_csrf.token}">Logout</a>
这样修改您的SecurityConfig:
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
.permitAll()