weixin_39893621
雨随落花
采纳率100%
2019-04-11 20:15

SpringBoot+Security登出无法跳转指定页面

5

使用SpringBoot 2.1.3 +SpringSecurity,按照网上教程设置logoutSuccessUrl为跳转的index路径,但是无法正常跳转,根据查看,页面发起请求/logout随后转向/index,但又被重定向至/login,截图如下
图片说明
WebSecurityConfig配置如下

@Override
    protected void configure(HttpSecurity http) throws Exception {
        //允许基于HttpServletRequest使用限制访问
        http.authorizeRequests()
                //不需要身份验证
                .antMatchers("/js/**","/css/**","**/images/**","/fonts/**","/doc/**","/static/**").permitAll()
                .antMatchers("/login.html","/login").permitAll()
                .antMatchers("/index","/","/index.html").permitAll()
                .antMatchers("/register/**","/register.html").permitAll()
                .antMatchers("/developer_center/**","/price_list/**").permitAll()
                .antMatchers("/contact","/contact.html").permitAll()
                .anyRequest().authenticated()
                //自定义登陆界面
                .and().formLogin()
                .loginPage("/login").permitAll()
                .loginProcessingUrl("/login")
                .failureUrl("/login?error=1")
                .permitAll().defaultSuccessUrl("/index")
                .and().logout().logoutUrl("/logout").logoutSuccessUrl("/index")
                .and().headers().frameOptions().disable()
                .and().exceptionHandling().accessDeniedPage("/login")
                .and().httpBasic()
                .and().sessionManagement().invalidSessionUrl("/login")
                .and().rememberMe()
                .and().csrf().disable();
    }

Controller中的Index请求如下:

@RequestMapping(value = {"index",""},method = RequestMethod.GET)
    public String getIndexHTML(HttpServletRequest httpServletRequest){
        HttpSession httpSession = httpServletRequest.getSession(true);
        if (httpSession.getAttribute("company_email")==null){
            httpSession.setAttribute("company_serial_number",companyConfig.getSerial_number());
            httpSession.setAttribute("company_email",companyConfig.getEmail());
        }
        if(iAuthenticationFacade.getAuthentication().getName()!="anonymousUser") {
                httpSession.setAttribute("flag",1);
                httpSession.setAttribute("userinfo",userMapper.findByLoginName(iAuthenticationFacade.getAuthentication().getName()));
        }
        else
            httpSession.setAttribute("flag",0);
        return "index";
    }

跪求高人指点一二,谢谢!

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

2条回答

  • weixin_39893621 雨随落花 2年前

    我知道了。。。logout以后会失效session然后走到invalidSessionUrl也就是/login

    点赞 评论 复制链接分享
  • qq_34444616 咖啡加冰66 2年前

    你index 不是需要登录才能进去吗

    点赞 评论 复制链接分享