当前位置: 首页 > 知识库问答 >
问题:

无法从Spring Security HTTP基本身份验证示例注销?为什么?

齐建安
2023-03-14

我是Spring Security的新手。我正在从链接重新开发应用程序:http://www.mkyong.com/spring-security/spring-security-http-basic-authentication-example/.我使用了最新的依赖项,我可以简单地进行身份验证(Simple HTTP Basic Auth),但是当我尝试注销时,单击注销按钮后,我无处可去,并且还记录了以下内容。我如何解决这个问题?

正在调用URL:http://localhost:8080/spring-安全http basic auth/j\u spring\u security\u注销

日志显示没有找到映射,但为什么?

2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@84010cb9: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@84010cb9: Principal: org.springframework.security.core.userdetails.User@c01cbded: Username: mkyong; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /j_spring_security_logout' doesn't match 'POST /logout
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /j_spring_security_logout' doesn't match 'POST /login
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'mkyong'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@84010cb9: Principal: org.springframework.security.core.userdetails.User@c01cbded: Username: mkyong; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/j_spring_security_logout'; against '/welcome*'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Public object - authentication not attempted
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout reached end of additional filter chain; proceeding with original chain
2016-08-11 21:07:09 DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/spring-security-http-basic-auth/j_spring_security_logout]
2016-08-11 21:07:09 WARN  o.s.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/spring-security-http-basic-auth/j_spring_security_logout] in DispatcherServlet with name 'mvc-dispatcher'
2016-08-11 21:07:09 DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@54855a73
2016-08-11 21:07:09 DEBUG o.s.web.servlet.DispatcherServlet - Successfully completed request
2016-08-11 21:07:09 DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
2016-08-11 21:07:09 DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

Spring安全。xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">

    <http use-expressions="true" auto-config="true">
        <intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')"  />
        <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" />
        <logout logout-success-url="/logout" /> 
        <http-basic />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="mkyong" password="123456" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans> 

LoginController。Java语言

@Controller
public class LoginController {

    @RequestMapping(value="/welcome", method = RequestMethod.GET)
    public String printWelcome(ModelMap model, Principal principal ) {
        String name = principal.getName();
        model.addAttribute("username", name);
        model.addAttribute("message", "Spring Security Custom Form example");
        return "hello";
    }

    @RequestMapping(value="/login", method = RequestMethod.GET)
    public String login(ModelMap model) {
        return "login";
    }

    @RequestMapping(value="/loginfailed", method = RequestMethod.GET)
    public String loginerror(ModelMap model) {
        model.addAttribute("error", "true");
        return "login";
    }

    @RequestMapping(value="/logout", method = RequestMethod.GET)
    public String logout(ModelMap model) {
        return "login";
    }
}

pom。xml

<properties>
        <java.version>1.8</java.version>
        <spring.version>4.3.0.RELEASE</spring.version>
        <spring.security.version>4.1.1.RELEASE</spring.security.version>
        <logback.version>1.1.7</logback.version>
        <jcl-over-slf4j.version>1.7.21</jcl-over-slf4j.version>
    </properties>

    <dependencies>

        <!-- Spring 3 dependencies -->
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <!-- Spring Security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${spring.security.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring.security.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${spring.security.version}</version>
        </dependency>

        <!-- logging, slf4j -->
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>jcl-over-slf4j</artifactId>
            <version>${jcl-over-slf4j.version}</version>
        </dependency>

        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
            <version>${logback.version}</version>
        </dependency>

        <!-- jstl -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>

        <!-- Servlet and JSP -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.1.0</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet.jsp</groupId>
            <artifactId>jsp-api</artifactId>
            <version>2.2</version>
        </dependency>
    </dependencies>

    <build>
        <finalName>spring-security-http-basic-auth</finalName>
        <plugins>
            <plugin>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>${java.version}</source>
                    <target>${java.version}</target>
                </configuration>
            </plugin>
        </plugins>
    </build>

编辑-:

<http auto-config="true">
        <intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')"  />
        <logout logout-url="/j_spring_security_logout"/>
        <http-basic />
    </http>

共有2个答案

王亮
2023-03-14

谢谢你的帮助。我只需要在下面使用。完成!!

<http auto-config="true">
        <intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')"  />
        <http-basic />
</http>

你好jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
    <h3>Message : ${message}</h3>   
    <h3>Username : ${username}</h3> 

    <%-- <a href="<c:url value="/j_spring_security_logout" />" > Logout</a> --%>
    <a href="<c:url value="/logout" />">Logout</a>
</body>
</html>
荀辰钊
2023-03-14

该教程使用了旧版本的Spring。

正如Spring 3的迁移文档中所报告的那样。x到4。x(第6.4段):

logout@logout-url属性默认值从“/j_spring_security_logout”更改为“/logout”。如果应用程序显式提供该属性,则迁移不需要任何操作。

尝试根据迁移文档更改应用程序。

 类似资料:
  • 问题内容: 从HttpClient 4.3开始,我一直在使用HttpClientBuilder。我正在连接到具有基本身份验证的REST服务。我将凭据设置如下: 但是,这不起作用(我正在使用的REST服务返回401)。怎么了? 问题答案: 从此处的 抢先身份验证 文档中: http://hc.apache.org/httpcomponents-client- ga/tutorial/html/aut

  • 我使用下面的文章在我的laravel项目中创建JWT身份验证。但是现在我不能再使用Basic身份验证了。有没有办法使用基本身份验证?我需要它为我的网络界面。 https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps Route::get('auth/login','Auth\AuthC

  • 我是角的新手。我正在尝试使用基本的身份验证标头向服务器发送GET请求,但它不起作用。这是我的代码, 当我从控制器调用服务时,浏览器的控制台中显示了2个错误, 选项http://xxx.xxx.xxx.xxx/api/getusers XMLHttpRequest无法加载http://xxx.xxx.xxx.xxx/api/getusers.请求的资源上不存在“访问控制允许源”标头。起源http:/

  • 目前我正在开发一个Java工具,它应该可以更新Confluence服务器页面。使用Curl一切都像一个符咒,但是当使用Postman或Java代码(HttpClient Java11)时,我得到了一个 HTTP状态401–未经授权 反应。 在下面的语句中使用curl curl--basic-u user:password-X PUT-H“内容类型:application/json”-d“@test

  • 几天没有任何进展,我需要你的帮助。 使用GWT,我试图与REST服务器通信,服务器位于不同的URL上(需要CORS)<我的配置:服务器spring boot 1.3.3 客户端-GWT 1.7-restygwt 2.0.3 当我在Spring中禁用安全性时,我可以在我的GWT客户端中获取数据。 但是当我启用它时,我总是收到401个请求。REST URL请求直接在Web浏览器中工作(带有其身份验证对

  • 我正在尝试使用OAuth2实现开发一个带有Spring Security性的rest api。但是如何删除基本身份验证呢。我只想向body发送用户名和密码,并在postman上获取令牌。 要删除基本身份验证,并从邮递员的get token中发送body标记中的用户名密码吗 我遇到了一些问题{"错误":"未经授权","error_description":"没有客户端身份验证。尝试添加适当的身份验证