[英]Redirect for logout Spring Security
我為@Override使用以下Spring安全配置
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/login").permitAll()
.and()
.authorizeRequests()
.antMatchers("/signup").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/login").deleteCookies("auth_code").invalidateHttpSession(true)
.and()
// We filter the api/signup requests
.addFilterBefore(
new JWTSignupFilter("/signup", authenticationManager(),
accountRepository, passwordEncoder),
UsernamePasswordAuthenticationFilter.class)
// We filter the api/login requests
.addFilterBefore(
new JWTLoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// And filter other requests to check the presence of JWT in
// header
.addFilterBefore(new JWTAuthenticationFilter(userDetailsServiceBean()),
UsernamePasswordAuthenticationFilter.class);
}
我希望瀏覽器成功注銷后重定向到/login
URL。 但我得到了這樣的答復:
{
"timestamp": 1493871686489,
"status": 404,
"error": "Not Found",
"message": "No message available",
"path": "/login"
}
編輯1
我有一個登錄過濾器,它捕獲對/login
端點的POST請求:
public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {
public JWTLoginFilter(String url, AuthenticationManager authManager) {
super(new AntPathRequestMatcher(url, "POST"));
setAuthenticationManager(authManager);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest req,
HttpServletResponse res) throws AuthenticationException,
IOException, ServletException {
CustomUserDetails creds = new ObjectMapper().readValue(
req.getInputStream(), CustomUserDetails.class);
return getAuthenticationManager().authenticate(
new UsernamePasswordAuthenticationToken(creds.getUsername(),
creds.getPassword()));
}
@Override
protected void successfulAuthentication(HttpServletRequest req,
HttpServletResponse res, FilterChain chain, Authentication auth) {
TokenAuthenticationService.addAuthentication(res, auth.getName());
}
}
編輯2
以下休息控制器不會被擊中!
@RestController
public class UserAcccountController {
@Autowired
AccountRepository accountRepository;
@RequestMapping(path = "/login", method = RequestMethod.GET)
public String loginGet() {
return "/login";
}
@RequestMapping(path = "/login", method = RequestMethod.POST)
public void loginPost(HttpServletResponse httpServletResponse) {
httpServletResponse.setHeader("Location", "/home");
}
}
解決的辦法是增加我列入編輯2控制器和我也有編輯successfulAuthentication
在登錄過濾器為以下內容:
@Override
protected void successfulAuthentication(HttpServletRequest req,
HttpServletResponse res, FilterChain chain, Authentication auth) {
TokenAuthenticationService.addAuthentication(res, auth.getName());
chain.doFilter(req, res);
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.