[英]Log out doesn't work in Spring Boot application (POST method not supported)
I have a Spring Boot application with the following configuration 我有一个具有以下配置的Spring Boot应用程序
@Configuration
@EnableWebSecurity
open class WebSecurityConfig : WebSecurityConfigurerAdapter() {
override fun configure(http:HttpSecurity) {
http
.authorizeRequests()
.antMatchers("/css/**", "/js/**", "/fonts/**")
.permitAll().and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessUrl("/login")
.permitAll()
.and().csrf().disable()
}
@Autowired
fun configureGlobal(auth:AuthenticationManagerBuilder) {
auth
.inMemoryAuthentication()
.withUser("usr@provider.com").password("test").roles("USER")
}
}
When I try to log out, I get the error 当我尝试注销时,我收到错误
There was an unexpected error (type=Method Not Allowed, status=405). 出现意外错误(type = Method Not Allowed,status = 405)。 Request method 'POST' not supported 请求方法“POST”不受支持
How can I fix it? 我该如何解决?
How to reproduce 如何重现
gradle bootRun
http://localhost:8080
, enter usr@provider.com
and test
as user name and password, respectively. 转到http://localhost:8080
,输入usr@provider.com
并分别作为用户名和密码进行test
。 Update 1: This doesn't work, either. 更新1:这也不起作用。
http
.authorizeRequests()
.antMatchers("/css/**", "/js/**", "/fonts/**", "/logout")
.permitAll().and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.csrf().disable()
I'm not familiar with Thymeleaf, but at least this will give you some idea. 我对Thymeleaf并不熟悉,但至少这会给你一些想法。
The problem is not your SecurityConfig but the 问题不是你的SecurityConfig而是
th:action="@{/logout}" 个:行动= “@ {/注销}”
(not redirect to /logout, check Network tab in Chrome or Firefox). (不是重定向到/注销,请检查Chrome或Firefox中的“网络”标签)。
If I replace it with 如果我用它替换它
action="/logout" 行动=“/登出”
Then it work perfectly. 然后它完美地工作。
Have you tried specifying the logout path? 您是否尝试过指定注销路径?
.logout()
.logoutSuccessUrl("/login")
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
You can add "/logout"
to the first section of allowed paths. 您可以将"/logout"
添加到允许路径的第一部分。
But why do you use a with a for the logout at all? 但是你为什么要用a来注销呢? You can use a simple link () that will issue a GET request. 您可以使用将发出GET请求的简单链接()。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.