发表新帖
发表新帖

Implement 'logout' functionality in Spring Boot

前端 未结
关注
1 960
醉话见心
醉话见心 2020-12-14 07:21

To get a basic security feature working, I added the following starter package to my pom.xml
相关标签:
1条回答
  • 情书的邮戳
    2020-12-14 07:52

    Late is better than never. Spring Boot defaults lots of security components for you, including the CSRF protection. One of the things that does is force POST logout, see here: http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/#csrf-logout

    As this suggests you can override this, using something along the lines of:

    http.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")                                      
.anyRequest().fullyAuthenticated()
.and()
.formLogin().loginPage("/login").failureUrl("/login?error").permitAll()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login");

    The last line is the important one.

    0 讨论(0)
 看不清?
提交回复
热议问题