0
私はSpring Securityに初心者です。私はリンクからアプリケーションを再開発していた:http://www.mkyong.com/spring-security/spring-security-http-basic-authentication-example/。私は最新の依存関係を使用していましたが、単純に(Simple HTTP Basic Auth)を認証することができましたが、ログアウトしようとしたときにログアウトボタンをクリックした後、どうすればこの問題を解決できますか? http://localhost:8080/spring-security-http-basic-auth/j_spring_security_logoutSpring Security HTTP基本認証の例からログアウトできませんか?どうして?
とログはマッピングが見つからないと言うが、なぜ:
URLと呼ば取得?
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '[email protected]010cb9: Authentication: org.springframew[email protected]84010cb9: Principal: [email protected]: Username: mkyong; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /j_spring_security_logout' doesn't match 'POST /logout
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /j_spring_security_logout' doesn't match 'POST /login
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'mkyong'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframew[email protected]84010cb9: Principal: [email protected]: Username: mkyong; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-08-11 21:07:09 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/j_spring_security_logout'; against '/welcome*'
2016-08-11 21:07:09 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Public object - authentication not attempted
2016-08-11 21:07:09 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_logout reached end of additional filter chain; proceeding with original chain
2016-08-11 21:07:09 DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/spring-security-http-basic-auth/j_spring_security_logout]
2016-08-11 21:07:09 WARN o.s.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/spring-security-http-basic-auth/j_spring_security_logout] in DispatcherServlet with name 'mvc-dispatcher'
2016-08-11 21:07:09 DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]54855a73
2016-08-11 21:07:09 DEBUG o.s.web.servlet.DispatcherServlet - Successfully completed request
2016-08-11 21:07:09 DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
2016-08-11 21:07:09 DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
ばねのsecurity.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')" />
<form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
<http-basic />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="mkyong" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
LoginController.java
@Controller
public class LoginController {
@RequestMapping(value="/welcome", method = RequestMethod.GET)
public String printWelcome(ModelMap model, Principal principal) {
String name = principal.getName();
model.addAttribute("username", name);
model.addAttribute("message", "Spring Security Custom Form example");
return "hello";
}
@RequestMapping(value="/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "login";
}
@RequestMapping(value="/loginfailed", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
model.addAttribute("error", "true");
return "login";
}
@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {
return "login";
}
}
のpom.xml
<properties>
<java.version>1.8</java.version>
<spring.version>4.3.0.RELEASE</spring.version>
<spring.security.version>4.1.1.RELEASE</spring.security.version>
<logback.version>1.1.7</logback.version>
<jcl-over-slf4j.version>1.7.21</jcl-over-slf4j.version>
</properties>
<dependencies>
<!-- Spring 3 dependencies -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<!-- logging, slf4j -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>${jcl-over-slf4j.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback.version}</version>
</dependency>
<!-- jstl -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- Servlet and JSP -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2</version>
</dependency>
</dependencies>
<build>
<finalName>spring-security-http-basic-auth</finalName>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>${java.version}</source>
<target>${java.version}</target>
</configuration>
</plugin>
</plugins>
</build>
編集 - :
<http auto-config="true">
<intercept-url pattern="/welcome*" access="hasRole('ROLE_USER')" />
<logout logout-url="/j_spring_security_logout"/>
<http-basic />
</http>
チュートリアルでは、ばねセキュリティのどのバージョンを使用している...かなり古いようだということ? 4.1? – javatutorial
私は4.1.1.RELEASEを使用しています。私は私のポストでも同じことを示した。上のpom.xml – Prateek