[英]Spring security logout does not clear authenticated user
我正在使用 Spring security 的默认注销机制来注销用户。 从我的前端应用程序(一个 React 应用程序)中,我在后端服务的“\/注销”上调用 GET。 但是,我看到注销后未清除身份验证详细信息,并且报告同一用户从上次登录时登录。 但是当从 Postman 调用相同的 '\/logout' URL 时,身份验证被清除。 这是我的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
corsConfiguration.setAllowedOriginPatterns(Arrays.asList("*"));
corsConfiguration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PUT","OPTIONS","PATCH", "DELETE"));
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setExposedHeaders(Arrays.asList("Authorization"));
http
.cors()
.configurationSource(request -> corsConfiguration)
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS,"/**").permitAll()
.antMatchers("/notes/**")
.authenticated()
.antMatchers("/register")
.permitAll()
.and()
.logout(logout -> logout
.permitAll()
.logoutSuccessHandler((request, response, authentication) -> {
response.setStatus(HttpServletResponse.SC_OK);
}
)
.invalidateHttpSession(true)
.clearAuthentication(true)
)
.httpBasic();
}
Spring Security 注销不起作用 - 不清除安全上下文并且经过身份验证的用户仍然存在
[英]Spring Security logout does not work - does not clear security context and authenticated user still exists
对于经过身份验证且未经过身份验证的用户,Spring Security会在休息服务中获取用户信息
[英]Spring Security get user info in rest service, for authenticated and not authenticated users
Spring安全匿名用户和具有弹簧安全性的经过身份验证的用户
[英]spring secuirty anonymous user and authenticated user with spring security
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.