无法使用 Spring 安全/注销资源
Can't use Spring security /logout resource
我有一个 spring 安全应用程序。当我尝试通过我的 angular 前端注销时,我将收到 404(未找到)。
我已经尝试了很多 spring WebSecurityConfigurerAdapter 配置,所有配置都出现 404。我正在使用 POST 来提出请求。(见下文)
logout() {
this.http.post('/logout', "").pipe(
finalize(() => {
this.app.authenticated.next(false);
})
).subscribe();
}
使用 Postman,我在尝试访问资源时收到 403(禁止)
其实你只需要添加一个注销成功处理器
@Component
public class LogoutSuccess implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication)
throws IOException, ServletException {
if (authentication != null && authentication.getDetails() != null) {
try {
httpServletRequest.getSession().invalidate();
// you can add more codes here when the user successfully logs
// out,
// such as updating the database for last active.
} catch (Exception e) {
e.printStackTrace();
e = null;
}
}
httpServletResponse.setStatus(HttpServletResponse.SC_OK);
}
}
并向您的安全配置添加成功处理程序
http.authorizeRequests().anyRequest().authenticated().and().logout().logoutSuccessHandler(logoutSuccess).deleteCookies("JSESSIONID").invalidateHttpSession(false).permitAll();
或者你也可以试试这个:
logout() {
this.http.post('/logout').pipe(
finalize(() => {
this.app.authenticated.next(false);
})
).subscribe();
}
我有一个 spring 安全应用程序。当我尝试通过我的 angular 前端注销时,我将收到 404(未找到)。
我已经尝试了很多 spring WebSecurityConfigurerAdapter 配置,所有配置都出现 404。我正在使用 POST 来提出请求。(见下文)
logout() {
this.http.post('/logout', "").pipe(
finalize(() => {
this.app.authenticated.next(false);
})
).subscribe();
}
使用 Postman,我在尝试访问资源时收到 403(禁止)
其实你只需要添加一个注销成功处理器
@Component
public class LogoutSuccess implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication)
throws IOException, ServletException {
if (authentication != null && authentication.getDetails() != null) {
try {
httpServletRequest.getSession().invalidate();
// you can add more codes here when the user successfully logs
// out,
// such as updating the database for last active.
} catch (Exception e) {
e.printStackTrace();
e = null;
}
}
httpServletResponse.setStatus(HttpServletResponse.SC_OK);
}
}
并向您的安全配置添加成功处理程序
http.authorizeRequests().anyRequest().authenticated().and().logout().logoutSuccessHandler(logoutSuccess).deleteCookies("JSESSIONID").invalidateHttpSession(false).permitAll();
或者你也可以试试这个:
logout() {
this.http.post('/logout').pipe(
finalize(() => {
this.app.authenticated.next(false);
})
).subscribe();
}