问题描述
我是Spring Security的新手,我正在尝试创建一个用于注销用户的端点。到目前为止我尝试过的代码:
public ResponseEntity<String> logout(HttpServletRequest request,HttpServletResponse response) {
// Authentication auth = SecurityContextHolder.getContext().getAuthentication();
// if (auth != null) {
// new SecurityContextlogoutHandler().logout(request,response,auth);
// System.out.println("logging out");
// return new ResponseEntity<>(HttpStatus.OK);
// }
try {
request.logout();
System.out.println("successful logout");
} catch (servletexception e) {
e.printstacktrace();
}
return new ResponseEntity<>(HttpStatus.OK);
}
我的UserDetailsServiceImpl:
@Service
public class AccountDetailsServiceImpl implements UserDetailsService {
private final AccountRepository accountRepository;
public AccountDetailsServiceImpl(AccountRepository accountRepository) {
this.accountRepository = accountRepository;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Account account = accountRepository.findByUsernameOrEmail(username,username);
if (account == null) {
throw new UsernameNotFoundException(username);
}
return new CustomUserDetails(account);
}
}
我的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST,securityConstraintsProperties.getSignUpUrl()).permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager(),getApplicationContext(),securityConstraintsProperties))
.addFilter(new JWTAuthorizationFilter(authenticationManager(),securityConstraintsProperties))
// this disables session creation on Spring Security
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
我在不同的Stackoverflow答案中都看到了这两种可能性,但是不幸的是,它们都不对我有用。注销后执行请求时,仍然可以执行请求。那怎么可能?
提前谢谢!
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)