2

我正在尝试找到一种方法来设置一个 URL,该 URL 将从系统中注销我的用户。这仅用于测试。现在我们在 spring secuirty 中使用默认登录页面

这是我的 spring-secuirty.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.1.xsd">


    <global-method-security pre-post-annotations="enabled" />

    <http use-expressions="true">
        <intercept-url access="hasRole('ROLE_VERIFIED_MEMBER')" pattern="/ask-union**" />
        <intercept-url access="hasRole('ROLE_VERIFIED_MEMBER')" pattern="/ask-welfare**" />
        <intercept-url pattern='/*' access='permitAll' />

        <form-login default-target-url="/ask-union" />

        <logout logout-success-url="/" />

        <session-management session-fixation-protection="newSession">
            <concurrency-control max-sessions="1"/>
        </session-management>

    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="xxxxx@aol.com.dev" password="testing" authorities="ROLE_VERIFIED_MEMBER" />
               ser-service>

        </authentication-provider>
    </authentication-manager>
</beans:beans>
4

4 回答 4

2

将此行添加到您的配置中

<logout logout-url="/sign-out"/>

然后,如果您有指向该 URL 的链接,那么它会将您注销

(在您的注销成功配置下方添加它)

于 2013-04-25T19:12:02.953 回答
1

I am a bit late on this. But answer may help others.

Use following code. logout-success-url is the URL you want take user after logging out.

<http auto-config="true" use-expressions="true" access-denied-page="/denied">       
    <logout invalidate-session="true" logout-success-url="/landing" delete-cookies="JSESSIONID" />
</http>
于 2013-07-05T11:44:51.650 回答
0

your-domain/projectPath/sign-out仔细检查您正在使用的 URL -根据 SJS 的示例,绝对路径应该是。如果你的 spring-security.xml 文件的相关部分如下所示,它应该可以工作:

<http use-expressions="true">

. . .

    <logout
        logout-success-url="/"
        logout-url="/sign-out"/>

如果您能够进行身份验证,则只需浏览到该路径,它就会将您注销。如果它仍然没有尝试使用 URL 中指定的中间子目录,即your-domain/projectPath/some-subdirectory/log-out.

你能认证吗?失败的可能不仅仅是注销方面......

于 2013-04-25T20:15:45.187 回答
0

迟到了,但供将来参考——如果您有兴趣了解如何从 XML 实例化和配置安全过滤器,请查看以下包:

org.springframework.security.config.annotation.web.configurers

对于注销过滤器配置,这将是 LogoutConfigurer 类。如果您查看LogoutConfigurer.createLogoutFilter()方法,您将看到默认的注销过滤器是如何创建的。这意味着您可以在 @Configuration 类中执行以下操作:

@Bean
public LogoutFilter logoutFilter() {
    // NOTE: See org.springframework.security.config.annotation.web.configurers.LogoutConfigurer 
    // for details on setting up a LogoutFilter
    SecurityContextLogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler();
    securityContextLogoutHandler.setInvalidateHttpSession(true);

    LogoutFilter logoutFilter = new LogoutFilter("/", securityContextLogoutHandler);
    logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/logout"));
    return logoutFilter;
}

如果你有这个,那么你可以通过 bean 进一步配置,或者让该 bean 自动拾取,因为它的方法名称是logoutFilter()

于 2014-06-26T22:44:27.350 回答