使用SpringBoot 2.1.3 +SpringSecurity,按照网上教程设置logoutSuccessUrl为跳转的index路径,但是无法正常跳转,根据查看,页面发起请求/logout随后转向/index,但又被重定向至/login,截图如下
WebSecurityConfig配置如下
@Override
protected void configure(HttpSecurity http) throws Exception {
//允许基于HttpServletRequest使用限制访问
http.authorizeRequests()
//不需要身份验证
.antMatchers("/js/**","/css/**","**/images/**","/fonts/**","/doc/**","/static/**").permitAll()
.antMatchers("/login.html","/login").permitAll()
.antMatchers("/index","/","/index.html").permitAll()
.antMatchers("/register/**","/register.html").permitAll()
.antMatchers("/developer_center/**","/price_list/**").permitAll()
.antMatchers("/contact","/contact.html").permitAll()
.anyRequest().authenticated()
//自定义登陆界面
.and().formLogin()
.loginPage("/login").permitAll()
.loginProcessingUrl("/login")
.failureUrl("/login?error=1")
.permitAll().defaultSuccessUrl("/index")
.and().logout().logoutUrl("/logout").logoutSuccessUrl("/index")
.and().headers().frameOptions().disable()
.and().exceptionHandling().accessDeniedPage("/login")
.and().httpBasic()
.and().sessionManagement().invalidSessionUrl("/login")
.and().rememberMe()
.and().csrf().disable();
}
Controller中的Index请求如下:
@RequestMapping(value = {"index",""},method = RequestMethod.GET)
public String getIndexHTML(HttpServletRequest httpServletRequest){
HttpSession httpSession = httpServletRequest.getSession(true);
if (httpSession.getAttribute("company_email")==null){
httpSession.setAttribute("company_serial_number",companyConfig.getSerial_number());
httpSession.setAttribute("company_email",companyConfig.getEmail());
}
if(iAuthenticationFacade.getAuthentication().getName()!="anonymousUser") {
httpSession.setAttribute("flag",1);
httpSession.setAttribute("userinfo",userMapper.findByLoginName(iAuthenticationFacade.getAuthentication().getName()));
}
else
httpSession.setAttribute("flag",0);
return "index";
}
跪求高人指点一二,谢谢!
