3回答

慕村9548890

这是一个 CSRF 功能，可以避免来自其他站点的恶意 javascript 发起的注销请求。您的请求是GET: /logout，因此 Spring Security 希望通过用户操作（例如单击）来确认它。所以要避免它。您的注销请求应该POST包含有效的_csrf令牌。您可以通过使用 spring 表单标签和方法 post 来实现它，如下所示<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form"%>...<form:form action="${pageContext.request.contextPath}/logout"&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;method="post" modelAttribute="AnyModelAttributePassedFromController">&nbsp; &nbsp; <form:button value="submit"> Logout</form:button></form:form>...或者<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form"%>...<form:form action="${pageContext.request.contextPath}/logout"&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;method="post" modelAttribute="_csrf">&nbsp; &nbsp; <form:button value="submit"> Logout</form:button></form:form>...

0 0

0

GCT1015

@Override&nbsp; &nbsp; protected void configure(HttpSecurity http) throws Exception {&nbsp; &nbsp; &nbsp; &nbsp; http&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; .logout()&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));&nbsp; &nbsp; }这个对我有用。

0 0

0

HUWWW

您可以尝试以下方法：-&nbsp;&nbsp;&nbsp;&nbsp;<logout &nbsp;&nbsp;&nbsp;&nbsp;logout-success-url="/anonymous.html" &nbsp;&nbsp;&nbsp;&nbsp;logout-url="/perform_logout"&nbsp;/>您可以提及要重定向的网址。您还可以添加&nbsp;delete-cookies="JSESSIONID"删除cookie。

0 0

0