1. 首頁
  2. 問答
  3. 重定向註銷春季安全

重定向註銷春季安全

2017-05-04 140 views
1

我用下面的春季安全configuraiton我的@覆蓋重定向註銷春季安全

protected void configure(HttpSecurity http) throws Exception { 
    http 
     .csrf().disable() 
     .authorizeRequests() 
      .antMatchers("/login").permitAll() 
     .and() 
     .authorizeRequests() 
      .antMatchers("/signup").permitAll() 
     .and() 
     .authorizeRequests() 
      .anyRequest().authenticated() 
     .and() 
      .logout().logoutUrl("/logout").logoutSuccessUrl("/login").deleteCookies("auth_code").invalidateHttpSession(true) 
     .and() 
     // We filter the api/signup requests 
     .addFilterBefore(
      new JWTSignupFilter("/signup", authenticationManager(), 
        accountRepository, passwordEncoder), 
      UsernamePasswordAuthenticationFilter.class) 
     // We filter the api/login requests 
     .addFilterBefore(
      new JWTLoginFilter("/login", authenticationManager()), 
      UsernamePasswordAuthenticationFilter.class) 
     // And filter other requests to check the presence of JWT in 
     // header 
     .addFilterBefore(new JWTAuthenticationFilter(userDetailsServiceBean()), 
      UsernamePasswordAuthenticationFilter.class); 
}

我想瀏覽器中成功退出的結果被重定向至/login URL。但是,我得到這樣的響應:

{ 
    "timestamp": 1493871686489, 
    "status": 404, 
    "error": "Not Found", 
    "message": "No message available", 
    "path": "/login" 
}

編輯1

我有一個登錄過濾器捕獲POST請求到/login端點:

public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter { 


    public JWTLoginFilter(String url, AuthenticationManager authManager) { 
     super(new AntPathRequestMatcher(url, "POST")); 
     setAuthenticationManager(authManager); 
    } 

    @Override 
    public Authentication attemptAuthentication(HttpServletRequest req, 
      HttpServletResponse res) throws AuthenticationException, 
      IOException, ServletException { 

     CustomUserDetails creds = new ObjectMapper().readValue(
       req.getInputStream(), CustomUserDetails.class); 

     return getAuthenticationManager().authenticate(
       new UsernamePasswordAuthenticationToken(creds.getUsername(), 
         creds.getPassword())); 
    } 

    @Override 
    protected void successfulAuthentication(HttpServletRequest req, 
      HttpServletResponse res, FilterChain chain, Authentication auth) { 
     TokenAuthenticationService.addAuthentication(res, auth.getName()); 
    } 
}

EDIT 2

下面的其他控制器不會被擊中!

@RestController 
public class UserAcccountController { 
    @Autowired 
    AccountRepository accountRepository; 

    @RequestMapping(path = "/login", method = RequestMethod.GET) 
    public String loginGet() { 
     return "/login"; 
    } 

    @RequestMapping(path = "/login", method = RequestMethod.POST) 
    public void loginPost(HttpServletResponse httpServletResponse) { 
     httpServletResponse.setHeader("Location", "/home"); 
    } 

}

來源

2017-05-04 Arian Hosseinzadeh

+0

你真的有代碼設置爲「 /登錄」?你可以發佈你的控制器樣本嗎? – ThrawnCA

+0

我把它作爲一個過濾器。我會在一秒鐘之內將它添加到帖子中。 –

+0

實際將「/ login」URL映射到您的控制器的是什麼? AFAIK,只是重寫身份驗證方法將無法實現。 – ThrawnCA

回答

0

解決的辦法是增加我列入編輯2控制器和我也有在登錄過濾器來編輯successfulAuthentication以下幾點:

@Override 
protected void successfulAuthentication(HttpServletRequest req, 
     HttpServletResponse res, FilterChain chain, Authentication auth) { 
    TokenAuthenticationService.addAuthentication(res, auth.getName()); 
    chain.doFilter(req, res); 
}

來源

2017-05-04 08:09:26

相關問題

 相關問題