您的位置: 首页  >  技术问答  >  无法从Spring Security HTTP基本身份验证示例注销?为什么?

无法从Spring Security HTTP基本身份验证示例注销?为什么?

分类: 技术问答 2022-09-29 09:56:22
问题描述:

我是新手到Spring Security。我正在从链接重新开发应用程序:http://www.mkyong.com/spring-security/spring-security-http-basic-authentication-example/。我使用了最新的依赖关系,我只是能够进行身份验证(简单HTTP基本身份验证),但是当我尝试注销时,单击注销按钮后,我没有去哪里,并且日志中还有以下内容。我该如何解决这个问题?无法从Spring Security HTTP基本身份验证示例注销?为什么?

网址获取调用:http://localhost:8080/spring-security-http-basic-auth/j_spring_security_logout

和日志说,没有发现映射,但是为什么呢?

2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2016-08-11 21:07:09 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '[email protected]010cb9: Authentication: org.springframew[email protected]84010cb9: Principal: [email protected]: Username: mkyong; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER' 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter' 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter' 
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /j_spring_security_logout' doesn't match 'POST /logout 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /j_spring_security_logout' doesn't match 'POST /login 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
2016-08-11 21:07:09 DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'mkyong' 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2016-08-11 21:07:09 DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframew[email protected]84010cb9: Principal: [email protected]: Username: mkyong; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER' 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter' 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/j_spring_security_logout'; against '/welcome*' 
2016-08-11 21:07:09 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Public object - authentication not attempted 
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout reached end of additional filter chain; proceeding with original chain 
2016-08-11 21:07:09 DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/spring-security-http-basic-auth/j_spring_security_logout] 
2016-08-11 21:07:09 WARN o.s.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/spring-security-http-basic-auth/j_spring_security_logout] in DispatcherServlet with name 'mvc-dispatcher' 
2016-08-11 21:07:09 DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]54855a73 
2016-08-11 21:07:09 DEBUG o.s.web.servlet.DispatcherServlet - Successfully completed request 
2016-08-11 21:07:09 DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally 
2016-08-11 21:07:09 DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

弹簧的security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security.xsd"> 

    <http use-expressions="true" auto-config="true"> 
     <intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')" /> 
     <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" /> 
     <logout logout-success-url="/logout" /> 
     <http-basic /> 
    </http> 

    <authentication-manager> 
     <authentication-provider> 
      <user-service> 
       <user name="mkyong" password="123456" authorities="ROLE_USER" /> 
      </user-service> 
     </authentication-provider> 
    </authentication-manager> 
</beans:beans>

LoginController.java

@Controller 
public class LoginController { 

    @RequestMapping(value="/welcome", method = RequestMethod.GET) 
    public String printWelcome(ModelMap model, Principal principal) { 
     String name = principal.getName(); 
     model.addAttribute("username", name); 
     model.addAttribute("message", "Spring Security Custom Form example"); 
     return "hello"; 
    } 

    @RequestMapping(value="/login", method = RequestMethod.GET) 
    public String login(ModelMap model) { 
     return "login"; 
    } 

    @RequestMapping(value="/loginfailed", method = RequestMethod.GET) 
    public String loginerror(ModelMap model) { 
     model.addAttribute("error", "true"); 
     return "login"; 
    } 

    @RequestMapping(value="/logout", method = RequestMethod.GET) 
    public String logout(ModelMap model) { 
     return "login"; 
    } 
}

的pom.xml

<properties> 
     <java.version>1.8</java.version> 
     <spring.version>4.3.0.RELEASE</spring.version> 
     <spring.security.version>4.1.1.RELEASE</spring.security.version> 
     <logback.version>1.1.7</logback.version> 
     <jcl-over-slf4j.version>1.7.21</jcl-over-slf4j.version> 
    </properties> 

    <dependencies> 

     <!-- Spring 3 dependencies --> 
     <dependency> 
      <groupId>org.springframework</groupId> 
      <artifactId>spring-core</artifactId> 
      <version>${spring.version}</version> 
     </dependency> 

     <dependency> 
      <groupId>org.springframework</groupId> 
      <artifactId>spring-web</artifactId> 
      <version>${spring.version}</version> 
     </dependency> 

     <dependency> 
      <groupId>org.springframework</groupId> 
      <artifactId>spring-webmvc</artifactId> 
      <version>${spring.version}</version> 
     </dependency> 

     <!-- Spring Security --> 
     <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-core</artifactId> 
      <version>${spring.security.version}</version> 
     </dependency> 

     <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-web</artifactId> 
      <version>${spring.security.version}</version> 
     </dependency> 

     <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-config</artifactId> 
      <version>${spring.security.version}</version> 
     </dependency> 

     <!-- logging, slf4j --> 
     <dependency> 
      <groupId>org.slf4j</groupId> 
      <artifactId>jcl-over-slf4j</artifactId> 
      <version>${jcl-over-slf4j.version}</version> 
     </dependency> 

     <dependency> 
      <groupId>ch.qos.logback</groupId> 
      <artifactId>logback-classic</artifactId> 
      <version>${logback.version}</version> 
     </dependency> 

     <!-- jstl --> 
     <dependency> 
      <groupId>javax.servlet</groupId> 
      <artifactId>jstl</artifactId> 
      <version>1.2</version> 
     </dependency> 

     <!-- Servlet and JSP --> 
     <dependency> 
      <groupId>javax.servlet</groupId> 
      <artifactId>javax.servlet-api</artifactId> 
      <version>3.1.0</version> 
     </dependency> 
     <dependency> 
      <groupId>javax.servlet.jsp</groupId> 
      <artifactId>jsp-api</artifactId> 
      <version>2.2</version> 
     </dependency> 
    </dependencies> 

    <build> 
     <finalName>spring-security-http-basic-auth</finalName> 
     <plugins> 
      <plugin> 
       <artifactId>maven-compiler-plugin</artifactId> 
       <configuration> 
        <source>${java.version}</source> 
        <target>${java.version}</target> 
       </configuration> 
      </plugin> 
     </plugins> 
    </build>

enter image description here

编辑 - :

<http auto-config="true"> 
     <intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')" /> 
     <logout logout-url="/j_spring_security_logout"/> 
     <http-basic /> 
    </http>
+0

该教程似乎很老了......您使用的这些弹簧安全的版本? 4.1? – javatutorial

+0

我正在使用4.1.1.RELEASE。我的帖子中也显示了相同的内容。以上在pom.xml – Prateek

谢谢JavaTutorial的帮助。我只需要在下面使用。完成!

<http auto-config="true"> 
     <intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')" /> 
     <http-basic /> 
</http>

的hello.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<html> 
<body> 
    <h3>Message : ${message}</h3> 
    <h3>Username : ${username}</h3> 

    <%-- <a href="<c:url value="/j_spring_security_logout" />" > Logout</a> --%> 
    <a href="<c:url value="/logout" />">Logout</a> 
</body> 
</html>

该教程使用旧版本的春天。

正如migrating documents报道从春到3.x的4.x版(第6.4段):

注销@注销-url属性默认从 “/ j_spring_security_logout” 到 “/注销” 改变价值。如果应用程序显式提供该属性,则迁移不需要任何操作。

尝试根据迁移文档更改您的应用程序。

+0

请参阅上面的编辑,但仍然不会工作。 – Prateek

相关推荐