Spring Security 注销失败 http-bio-8080“-exec-5” java.lang.StackOverflowError 错误
我看过一些 Spring 注销的例子,对我来说似乎有点抽象。我有一个带有 href="appcontext_path/auth/logout.html" 的链接。我见过的例子在 auth 文件夹中没有心理 logout.html 。所以我假设这是一个幕后任务。我希望能够单击注销链接,使会话和任何关联的 cookie 无效并导航到登录页面 (auth/login.html)。当我尝试以下配置时,我在线程“”http-bio-8080”-exec-5” java.lang.StackOverflowError 中收到异常
<global-method-security secured-annotations="enabled">
</global-method-security>
<http security="none" pattern="/javax.faces.resource/**" />
<http security="none" pattern="/services/rest-api/1.0/**" />
<http security="none" pattern="/preregistered/**" />
<http access-denied-page="/auth/denied.html">
<intercept-url
pattern="/**/*.xhtml"
access="ROLE_NONE_GETS_ACCESS" />
<intercept-url
pattern="/auth/*"
access="ROLE_ANONYMOUS" />
<intercept-url
pattern="/registered/*"
access="ROLE_USER" />
<form-login
login-processing-url="/j_spring_security_check.html"
login-page="/auth/login.html"
default-target-url="/registered/home.html"
authentication-failure-url="/auth/login.html" />
<logout logout-url="/auth/logout.html"
logout-success-url="/auth/login.html" />
<anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
<remember-me user-service-ref="userManager" key="ddddd23aferq3f3qrf"/>
</http>
<!-- Configure the authentication provider -->
<authentication-manager>
<authentication-provider user-service-ref="userManager">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager>
I've seen a few examples of Spring's logout and it seems a bit abstract to me. I have a link with the href="appcontext_path/auth/logout.html". The examples I've seen don't have a psychical logout.html in the auth folder. So I'm assuming this is a behind the scenes task. I want to be able to click a log out link that invalidates the session and any associated cookies and navigates to the login page (auth/login.html). When I try the below config, I get a Exception in thread ""http-bio-8080"-exec-5" java.lang.StackOverflowError
<global-method-security secured-annotations="enabled">
</global-method-security>
<http security="none" pattern="/javax.faces.resource/**" />
<http security="none" pattern="/services/rest-api/1.0/**" />
<http security="none" pattern="/preregistered/**" />
<http access-denied-page="/auth/denied.html">
<intercept-url
pattern="/**/*.xhtml"
access="ROLE_NONE_GETS_ACCESS" />
<intercept-url
pattern="/auth/*"
access="ROLE_ANONYMOUS" />
<intercept-url
pattern="/registered/*"
access="ROLE_USER" />
<form-login
login-processing-url="/j_spring_security_check.html"
login-page="/auth/login.html"
default-target-url="/registered/home.html"
authentication-failure-url="/auth/login.html" />
<logout logout-url="/auth/logout.html"
logout-success-url="/auth/login.html" />
<anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
<remember-me user-service-ref="userManager" key="ddddd23aferq3f3qrf"/>
</http>
<!-- Configure the authentication provider -->
<authentication-manager>
<authentication-provider user-service-ref="userManager">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
只需删除标签
j_spring_security_logout作为注销功能的链接即可。Just remove the tag
<logout/>and usej_spring_security_logoutas a link to the logout functionality.配置错误
logout.html向logout.html请求(即向其自身) - 这会导致 SOE。您应该为
logout-url和logout-success-url使用不同的 URL。You have error in configuration
<logout logout-url="/auth/logout.html" logout-success-url="/auth/login.html" />causes Spring logout filter that catcheslogout.htmlrequests tologout.html(i.e. to itself) - and this causes SOE.You should use different URLs for
logout-urlandlogout-success-url.