堆栈内存溢出
  简体   繁体   English

Spring Security中的注销不起作用

[英]Logout in Spring Security does not work

 原文  2013-05-29 12:09:23       spring/ jsp/ spring-security

问题描述

I have created an application with Spring Security. 我已经用Spring Security创建了一个应用程序。 In the Spring Security Context file I have added the following piece of code: 在Spring Security Context文件中,我添加了以下代码: 

<http auto-config="true">
    <intercept-url pattern="/index.jsp" access="ROLE_ADMIN" />
    <intercept-url pattern="/metrics.jsp#chart" access="ROLE_ADMIN" />
    <intercept-url pattern="/metrics.jsp" access="ROLE_ADMIN" />
    <intercept-url pattern="/j_spring_security_logout#chart" access="ROLE_ADMIN" />
    <form-login login-page="/login.jsp" authentication-failure-url="/loginerror.jsp"  default-target-url="/index.jsp" />
    <logout logout-success-url="/login.jsp" invalidate-session="true" delete-cookies="JSESSIONID" />
</http>

In the application context file I have added the following code: 在应用程序上下文文件中,我添加了以下代码: 

<bean id="webContentInterceptor" class="org.springframework.web.servlet.mvc.WebContentInterceptor">
    <property name="cacheSeconds" value="0" />
    <property name="useExpiresHeader" value="true" />
    <property name="useCacheControlHeader" value="true" />
    <property name="useCacheControlNoStore" value="true" />
</bean>

In the pages of the application (I use JSP), I have added the following code for the logout button: 在应用程序的页面(我使用JSP)中,我为注销按钮添加了以下代码: 

 <a href="j_spring_security_logout" class="ui-btn-right">Logout</a>

Well, when the user clicks the button, he is redirected to the login page, however he can still go to other pages of the application, which should not happen, Does anyone know where the problem may be? 好了,当用户单击按钮时,他将被重定向到登录页面,但是他仍然可以转到应用程序的其他页面,这不应该发生。有人知道问题出在哪里吗? Am I missing something? 我想念什么吗? Thanks in advance! 提前致谢!

2 个解决方案

解决方案1
 1  2013-05-29 12:17:16

采用

<a href="/j_spring_security_logout" class="ui-btn-right">Logout</a>

解决方案2
 0  2013-10-21 10:44:25

In Servlet-context write this : 在Servlet上下文中编写以下代码: 

<mvc:interceptors>
    <bean id="webContentInterceptor"class="org.springframework.web.servlet.mvc.WebContentInterceptor">
            <property name="cacheSeconds" value="0"/>
            <property name="useExpiresHeader" value="false"/>
            <property name="useCacheControlHeader" value="true"/>
            <property name="useCacheControlNoStore" value="true"/>
    </bean>     
</mvc:interceptors>

Its same as: 与以下内容相同: 

response.setHeader("pragma", "no-cache");              
response.setHeader("Cache-control", "no-cache, no-store, must-revalidate");
response.setHeader("Expires", "0");

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用JSP作为视图引擎注销的Spring Boot安全性不起作用 - spring boot security using JSP as view engine logout does not work 春季安全性:相对路径较长时,注销不起作用 - spring security : logout does not work when having long relative path Spring Security 3.2.0.RC1中的注销不起作用 - Logout in spring security 3.2.0.RC1 does not work Spring Security 注销不起作用 - 不清除安全上下文并且经过身份验证的用户仍然存在 - Spring Security logout does not work - does not clear security context and authenticated user still exists Spring Security不起作用 - Spring security does not work Spring Security Logout不适用于Spring 4 CORS - Spring Security Logout doesn't work with Spring 4 CORS Spring 安全注销不起作用 - Spring security logout not working 春季安全性注销 - Spring Security Logout 通过Spring 3 Security注销 - logout via Spring 3 Security Spring 安全注销处理 - Spring security logout handling
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM