如何解决春季安全性HttpServletRequest和SecurityContextHolder注销无法正常工作
我是Spring Security的新手,我正在尝试创建一个用于注销用户的端点。到目前为止我尝试过的代码:
public ResponseEntity<String> logout(HttpServletRequest request,HttpServletResponse response) {
// Authentication auth = SecurityContextHolder.getContext().getAuthentication();
// if (auth != null) {
// new SecurityContextlogoutHandler().logout(request,response,auth);
// System.out.println("logging out");
// return new ResponseEntity<>(HttpStatus.OK);
// }
try {
request.logout();
System.out.println("successful logout");
} catch (servletexception e) {
e.printstacktrace();
}
return new ResponseEntity<>(HttpStatus.OK);
}
我的UserDetailsServiceImpl:
@Service
public class AccountDetailsServiceImpl implements UserDetailsService {
private final AccountRepository accountRepository;
public AccountDetailsServiceImpl(AccountRepository accountRepository) {
this.accountRepository = accountRepository;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Account account = accountRepository.findByUsernameOrEmail(username,username);
if (account == null) {
throw new UsernameNotFoundException(username);
}
return new CustomUserDetails(account);
}
}
我的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST,securityConstraintsProperties.getSignUpUrl()).permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager(),getApplicationContext(),securityConstraintsProperties))
.addFilter(new JWTAuthorizationFilter(authenticationManager(),securityConstraintsProperties))
// this disables session creation on Spring Security
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
我在不同的Stackoverflow答案中都看到了这两种可能性,但是不幸的是,它们都不对我有用。注销后执行请求时,仍然可以执行请求。那怎么可能?
提前谢谢!
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
