在 Spring Grails 安全 Rest 插件中注销时出现 404
404 when do logout in Spring Security Rest Plugin for Grails
我正在使用 Spring Security Rest Plugin v1.5.4 (using spring security core 2.0.0) for Grails 2.4.4. Doc about this plugin can be found here.
在我的项目 (Grails - Angularjs) 上设置安全系统
我正在使用 postman chrome rest client 测试登录和注销,我可以正常登录,但是当我注销时收到 404。
文档中明确说:
The logout filter exposes an endpoint for deleting tokens. It will
read the token from an HTTP header. If found, will delete it from the
storage, sending a 200 response. Otherwise, it will send a 404
response
You can configure it in Config.groovy using this properties:
Config key...................................................................................Default
value
grails.plugin.springsecurity.rest.logout.endpointUrl....................../api/logout
grails.plugin.springsecurity.rest.token.validation.headerName....X-Auth-Token
因此,在成功登录后,我尝试使用 GET 方法注销 url (my_host_url/api/logout) 并发送header X-Auth-Token 使用我之前从登录获得的令牌。
但我一直收到 404。请参见下图
编辑:我正在这样设置链图(为了获得无状态行为):
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter', // Stateless chain
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
所以。我在这里做错了什么,或者我错过了什么?
提前致谢!
您错过了文档的另一个摘录。这是一条警告消息,字面意思是在您引用的块之前,并说:
Logout is not possible when using JWT tokens (the default strategy), as no state is kept in the server.
If you still want to have logout, you can provide your own implementation by creating a subclass of JwtTokenStorageService and overriding the methods storeToken and removeToken. Then, register your implementation in resources.groovy as tokenStorageService.
我正在使用 Spring Security Rest Plugin v1.5.4 (using spring security core 2.0.0) for Grails 2.4.4. Doc about this plugin can be found here.
在我的项目 (Grails - Angularjs) 上设置安全系统我正在使用 postman chrome rest client 测试登录和注销,我可以正常登录,但是当我注销时收到 404。
文档中明确说:
The logout filter exposes an endpoint for deleting tokens. It will read the token from an HTTP header. If found, will delete it from the storage, sending a 200 response. Otherwise, it will send a 404 response
You can configure it in Config.groovy using this properties:
Config key...................................................................................Default value
grails.plugin.springsecurity.rest.logout.endpointUrl....................../api/logout grails.plugin.springsecurity.rest.token.validation.headerName....X-Auth-Token
因此,在成功登录后,我尝试使用 GET 方法注销 url (my_host_url/api/logout) 并发送header X-Auth-Token 使用我之前从登录获得的令牌。
但我一直收到 404。请参见下图
编辑:我正在这样设置链图(为了获得无状态行为):
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter', // Stateless chain
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
所以。我在这里做错了什么,或者我错过了什么?
提前致谢!
您错过了文档的另一个摘录。这是一条警告消息,字面意思是在您引用的块之前,并说:
Logout is not possible when using JWT tokens (the default strategy), as no state is kept in the server.
If you still want to have logout, you can provide your own implementation by creating a subclass of
JwtTokenStorageServiceand overriding the methodsstoreTokenandremoveToken. Then, register your implementation inresources.groovyastokenStorageService.