在 spring 安全注销而不重定向到任何地方
Logout in spring security without redirecting anywhere
您好,我在 spring 启动应用程序中实现了 spring 安全性。但是在点击注销时它需要一些重定向 url。如何避免?
我的WebSecurityConfig是
@Override
protected void configure( HttpSecurity http ) throws Exception
{
http.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/rest/auth/**").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/dist/**").permitAll()
.antMatchers("/node_modules/**").permitAll()
.antMatchers("/src/**").permitAll()
.anyRequest().authenticated()
.and()
.logout().addLogoutHandler(logoutHandler)
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()));
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
我的LogoutHandler是
@Override
public void logout( HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
Authentication authentication )
{
try
{
SecurityContextHolder.getContext().setAuthentication(null);
SecurityContextHolder.clearContext();
String responseValue = new ObjectMapper().writeValueAsString("success");
httpServletResponse.setStatus(HttpServletResponse.SC_ACCEPTED);
httpServletResponse.addHeader("Content-Type", "application/json");
httpServletResponse.getWriter().print(responseValue);
}
catch( Exception e )
{
LOGGER.error("Error", e);
String responseValue;
try
{
responseValue = new ObjectMapper().writeValueAsString("failed");
httpServletResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
httpServletResponse.addHeader("Content-Type", "application/json");
httpServletResponse.getWriter().print(responseValue);
}
catch( IOException e1 )
{
LOGGER.error("Error", e1);
}
}
}
我只想将响应发送到 LogoutHandler 中配置的客户端。但在成功注销后,它正在重定向到 /login。我不希望它被重定向到任何其他 url。我只想将响应发送到客户端。如何实现?
试试这个:
...
.and()
.logout().logoutSuccessHandler(logoutHandler)
.and()
...
您好,我在 spring 启动应用程序中实现了 spring 安全性。但是在点击注销时它需要一些重定向 url。如何避免?
我的WebSecurityConfig是
@Override
protected void configure( HttpSecurity http ) throws Exception
{
http.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/rest/auth/**").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/dist/**").permitAll()
.antMatchers("/node_modules/**").permitAll()
.antMatchers("/src/**").permitAll()
.anyRequest().authenticated()
.and()
.logout().addLogoutHandler(logoutHandler)
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()));
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
我的LogoutHandler是
@Override
public void logout( HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
Authentication authentication )
{
try
{
SecurityContextHolder.getContext().setAuthentication(null);
SecurityContextHolder.clearContext();
String responseValue = new ObjectMapper().writeValueAsString("success");
httpServletResponse.setStatus(HttpServletResponse.SC_ACCEPTED);
httpServletResponse.addHeader("Content-Type", "application/json");
httpServletResponse.getWriter().print(responseValue);
}
catch( Exception e )
{
LOGGER.error("Error", e);
String responseValue;
try
{
responseValue = new ObjectMapper().writeValueAsString("failed");
httpServletResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
httpServletResponse.addHeader("Content-Type", "application/json");
httpServletResponse.getWriter().print(responseValue);
}
catch( IOException e1 )
{
LOGGER.error("Error", e1);
}
}
}
我只想将响应发送到 LogoutHandler 中配置的客户端。但在成功注销后,它正在重定向到 /login。我不希望它被重定向到任何其他 url。我只想将响应发送到客户端。如何实现?
试试这个:
...
.and()
.logout().logoutSuccessHandler(logoutHandler)
.and()
...