sim*_*bro 3 java spring-security spring-boot
我有一个用 Spring Boot 和 Spring Security 构建的 REST API。我从文档中读到 Spring Security 默认在当前用户请求/logout. 但是,我似乎无法让它发挥作用。
这是我的安全配置:
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.httpBasic()
.and()
.csrf().disable();
}
}
但是,当我向 发出请求时/logout,收到以下错误:
{
"timestamp": 1485096094269,
"status": 404,
"error": "Not Found",
"message": "No message available",
"path": "/login"
}
也许现在回答这个问题有点晚了,但任何人都可能有用。
在configure()方法中缺少logout()调用,例如:
http.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.httpBasic()
.and()
.logout() // This is missing and is important
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login");
您也可以配置自己的登录页面:
http.authorizeRequests()
// this allows the root and resources to be available without logging in
.antMatchers("/", "/resources/**").permitAll()
// any other type of request will need the credentials
.anyRequest().authenticated()
.and()
// uses the custom login form
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/home") // redirect to home page
.failureUrl("/login?error") // redirect to error page
.permitAll()
.and()
// logout and redirect to login page
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login");
| 归档时间: |
|
| 查看次数: |
4727 次 |
| 最近记录: |