问题：

无法从Spring Security HTTP基本身份验证示例注销？为什么？

齐建安

2023-03-14

我是Spring Security的新手。我正在从链接重新开发应用程序：http://www.mkyong.com/spring-security/spring-security-http-basic-authentication-example/.我使用了最新的依赖项，我可以简单地进行身份验证（Simple HTTP Basic Auth），但是当我尝试注销时，单击注销按钮后，我无处可去，并且还记录了以下内容。我如何解决这个问题？

正在调用URL:http://localhost:8080/spring-安全http basic auth/j\u spring\u security\u注销

日志显示没有找到映射，但为什么？

2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@84010cb9: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@84010cb9: Principal: org.springframework.security.core.userdetails.User@c01cbded: Username: mkyong; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /j_spring_security_logout' doesn't match 'POST /logout
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /j_spring_security_logout' doesn't match 'POST /login
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'mkyong'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@84010cb9: Principal: org.springframework.security.core.userdetails.User@c01cbded: Username: mkyong; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/j_spring_security_logout'; against '/welcome*'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Public object - authentication not attempted
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout reached end of additional filter chain; proceeding with original chain
2016-08-11 21:07:09 DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/spring-security-http-basic-auth/j_spring_security_logout]
2016-08-11 21:07:09 WARN  o.s.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/spring-security-http-basic-auth/j_spring_security_logout] in DispatcherServlet with name 'mvc-dispatcher'
2016-08-11 21:07:09 DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@54855a73
2016-08-11 21:07:09 DEBUG o.s.web.servlet.DispatcherServlet - Successfully completed request
2016-08-11 21:07:09 DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
2016-08-11 21:07:09 DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

Spring安全。xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">

    <http use-expressions="true" auto-config="true">
        <intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')"  />
        <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" />
        <logout logout-success-url="/logout" /> 
        <http-basic />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="mkyong" password="123456" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

LoginController。Java语言

@Controller
public class LoginController {

    @RequestMapping(value="/welcome", method = RequestMethod.GET)
    public String printWelcome(ModelMap model, Principal principal ) {
        String name = principal.getName();
        model.addAttribute("username", name);
        model.addAttribute("message", "Spring Security Custom Form example");
        return "hello";
    }

    @RequestMapping(value="/login", method = RequestMethod.GET)
    public String login(ModelMap model) {
        return "login";
    }

    @RequestMapping(value="/loginfailed", method = RequestMethod.GET)
    public String loginerror(ModelMap model) {
        model.addAttribute("error", "true");
        return "login";
    }

    @RequestMapping(value="/logout", method = RequestMethod.GET)
    public String logout(ModelMap model) {
        return "login";
    }
}

pom。xml

<properties>
        <java.version>1.8</java.version>
        <spring.version>4.3.0.RELEASE</spring.version>
        <spring.security.version>4.1.1.RELEASE</spring.security.version>
        <logback.version>1.1.7</logback.version>
        <jcl-over-slf4j.version>1.7.21</jcl-over-slf4j.version>
    </properties>

    <dependencies>

        <!-- Spring 3 dependencies -->
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <!-- Spring Security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${spring.security.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring.security.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${spring.security.version}</version>
        </dependency>

        <!-- logging, slf4j -->
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>jcl-over-slf4j</artifactId>
            <version>${jcl-over-slf4j.version}</version>
        </dependency>

        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
            <version>${logback.version}</version>
        </dependency>

        <!-- jstl -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>

        <!-- Servlet and JSP -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.1.0</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet.jsp</groupId>
            <artifactId>jsp-api</artifactId>
            <version>2.2</version>
        </dependency>
    </dependencies>

    <build>
        <finalName>spring-security-http-basic-auth</finalName>
        <plugins>
            <plugin>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>${java.version}</source>
                    <target>${java.version}</target>
                </configuration>
            </plugin>
        </plugins>
    </build>

编辑-：

<http auto-config="true">
        <intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')"  />
        <logout logout-url="/j_spring_security_logout"/>
        <http-basic />
    </http>

共有2个答案

王亮

2023-03-14

谢谢你的帮助。我只需要在下面使用。完成！！

<http auto-config="true">
        <intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')"  />
        <http-basic />
</http>

你好jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
    <h3>Message : ${message}</h3>   
    <h3>Username : ${username}</h3> 

    <%-- <a href="<c:url value="/j_spring_security_logout" />" > Logout</a> --%>
    <a href="<c:url value="/logout" />">Logout</a>
</body>
</html>

荀辰钊

2023-03-14

该教程使用了旧版本的Spring。

正如Spring 3的迁移文档中所报告的那样。x到4。x（第6.4段）：

logout@logout-url属性默认值从“/j_spring_security_logout”更改为“/logout”。如果应用程序显式提供该属性，则迁移不需要任何操作。

尝试根据迁移文档更改应用程序。

无法从Spring Security HTTP基本身份验证示例注销？为什么？

共有2个答案

相关问答

相关文章

相关阅读

相关工具

相关文档