spring security 在重定向到 logout.jsp 时给出错误
Posted
技术标签:
【中文标题】spring security 在重定向到 logout.jsp 时给出错误【英文标题】:spring security gives the error while redirecting to logout.jsp 【发布时间】:2017-03-15 01:38:01 【问题描述】:我有
ERR_TOO_MANY_REDIRECTS
重定向到 logout.jsp 页面时出现异常。我想我给这个例外是因为错误的弹簧安全配置文件,但我不知道它在哪里。如果有人知道如何解决它,请告诉我。 这是什么意思?我的代码:
弹簧安全配置:
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/**").access("IS_AUTHENTICATED_ANONYMOUSLY")
.antMatchers("/**").access("hasRole('ROLE_USER')")
.antMatchers("/login").permitAll()
.antMatchers("/register").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/js/**", "/css/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/j_spring_security_check")
.failureForwardUrl("/login?error=true")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/logout")
.permitAll();
注销按钮:
<div class="navbar navbar-default navbar-fixed-top" role="navigation">
<div class="container">
<a class="navbar-brand">Contacts List</a>
<div class="collapse navbar-collapse">
<form class="navbar-form navbar-right">
<li>
<a class="btn btn-primary" role="button" href="logout">Logout</a>
</li>
</form>
</div>
</div>
</div>
and login.jsp:
<html>
<jsp:include page="headTag.jsp"/>
<body>
<div class="navbar navbar-default navbar-fixed-top" role="navigation">
<div class="container">
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li>
<c:url value="/j_spring_security_check" var="loginUrl"/>
<form:form class="navbar-form" role="form" action="$loginUrl"
method="post">
<div class="form-group">
<label for="username"> Login: </label>
<div class="col-sm-3">
<input type="text" placeholder="Login" class="form-control" name='username' id="username">
</div>
</div>
<div class="form-group">
<label for="password"> Password: </label>
<div class="col-sm-3">
<input type="password" placeholder="Password" class="form-control" name='password' id="password">
</div>
</div>
<div class="form-group">
<button type="submit" class="btn btn-success">Sign in</button>
</div>
</form:form>
<br/>
<form class="navbar-form" action="<c:url value="register.jsp" />">
<button class="btn btn-sm btn-block btn-primary" role="button">Register</button>
</form>
</li>
</ul>
</div>
</div>
</div>
<div class="jumbotron">
<div class="container">
<c:if test="$not empty error">
<div class="error">$error</div>
</c:if>
<c:if test="$not empty logout">
<div class="message">$logout</div>
</c:if>
<p>
<br/><br/><br/><br/>
<p>User login: <b> Bill </b></p>
<p>User password: <b> 112233 </b></p>
<p>Стек технологий: <a href="http://projects.spring.io/spring-security/">Spring Security</a>,
<a href="http://docs.spring.io/spring/docs/current/spring-framework-reference/html/mvc.html">Spring MVC</a>,
<a href="http://projects.spring.io/spring-data-jpa/">Spring Data JPA</a>,
<a href="http://spring.io/blog/2014/05/07/preview-spring-security-test-method-security">Spring Security
Test</a>,
<a href="http://hibernate.org/orm/">Hibernate ORM</a>,
<a href="http://hibernate.org/validator/">Hibernate Validator</a>,
<a href="http://www.slf4j.org/">SLF4J</a>,
<a href="https://github.com/FasterXML/jackson">Json Jackson</a>,
<a href="http://ru.wikipedia.org/wiki/JSP">JSP</a>,
<a href="http://en.wikipedia.org/wiki/JavaServer_Pages_Standard_Tag_Library">JSTL</a>,
<a href="http://tomcat.apache.org/">Apache Tomcat</a>,
<a href="http://www.webjars.org/">WebJars</a>,
<a href="http://datatables.net/">DataTables plugin</a>,
<a href="http://ehcache.org">Ehcache</a>,
<a href="http://www.postgresql.org/">PostgreSQL</a>,
<a href="http://junit.org/">JUnit</a>,
<a href="http://hamcrest.org/JavaHamcrest/">Hamcrest</a>,
<a href="http://jquery.com/">jQuery</a>,
<a href="http://ned.im/noty/">jQuery notification</a>,
<a href="http://getbootstrap.com/">Bootstrap</a>.</p>
</div>
</div>
<jsp:include page="footer.jsp"/>
</body>
</html>
控制器:
@Controller
public class RootController extends AbstractUserController implements ErrorController
private static final String PATH = "/error";
@RequestMapping(value = "/", method = RequestMethod.GET)
public String root()
return "redirect:/contacts";
@RequestMapping(value = "/contacts", method = RequestMethod.GET)
public String contactList()
return "contacts";
@RequestMapping(value = "/login", method = RequestMethod.GET, RequestMethod.POST)
@PreAuthorize("hasRole('ROLE_USER')")
public String login(Model model, @RequestParam(value = "error", required = false) boolean error)
model.addAttribute("error", error);
return "login";
@RequestMapping(value="/logout", method = RequestMethod.GET, RequestMethod.POST)
public String logoutPage (HttpServletRequest request, HttpServletResponse response)
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null)
new SecurityContextLogoutHandler().logout(request, response, auth);
return "logout";
@RequestMapping(value = "/register", method = RequestMethod.GET)
public String register(ModelMap model)
model.addAttribute("userDTO", new UserDTO());
model.addAttribute("register", true);
return "register";
@RequestMapping(value = PATH)
public String error()
return "redirect:/login";
@RequestMapping(value = "/register", method = RequestMethod.POST)
public String saveRegister(@Valid UserDTO userDTO, BindingResult result, SessionStatus status, ModelMap model)
if (!result.hasErrors())
try
super.create(UserUtil.createNewUserFromDTO(userDTO));
status.setComplete();
return "redirect:login?message=app.registered";
catch (DataIntegrityViolationException ex)
result.rejectValue("Login", "---");
model.addAttribute("register", true);
return "contacts";
@Override
public String getErrorPath()
return PATH;
谢谢大家。
【问题讨论】:
可能存在某种重定向循环..检查 /logout 是否再次重定向到 /logout 或类似...您也可以尝试将.logoutSuccessUrl("/logout")
更改为 .logoutSuccessUrl("/login")
..这可能会修复任何循环..
出现意外错误(类型=未找到,状态=404)。 /logout.jsp
【参考方案1】:
使用请求/logout
you 处理注销并在成功注销后重定向到/logout
,它会尝试再次注销。
见LogoutConfigurer#logoutUrl
触发注销的 URL(默认为“/logout”)。如果启用 CSRF 保护(默认),则请求也必须是 POST。这意味着默认情况下需要 POST "/logout" 来触发注销。如果禁用 CSRF 保护,则允许任何 HTTP 方法。
和LogoutConfigurer#logoutSuccessUrl
注销后重定向到的 URL。
您必须使用两个不同的 URL 来处理和成功注销。第一个 URL 不能存在,并且仅适用于 LogoutFilter
。第二个必须由您的应用程序实现。
【讨论】:
以上是关于spring security 在重定向到 logout.jsp 时给出错误的主要内容,如果未能解决你的问题,请参考以下文章
spring-security login?logout 重定向到登录
Spring security *always* 重定向到登录表单
使用 Spring Security 登录后重定向到不同的页面
成功的 ajax 发布到 Spring Security 不会重定向