在Spring Security 6中,(特别是Sping Boot 3.2,在我的情况下是Spring MVC with Thymeleaf)当使用securityMatcher时,默认/注销POST或GET停止工作。
@Beanpublic SecurityFilterChain openFilterChain(HttpSecurity http) throws Exception {http.securityMatcher("/EParticipate/baudit/**").addFilterBefore(new BauditUsernamePasswordAuthenticationFilter(this.authenticationManager(userDetailsService, passwordEncoder())),UsernamePasswordAuthenticationFilter.class).authorizeHttpRequests((requests) -> requests.dispatcherTypeMatchers(DispatcherType.FORWARD, DispatcherType.ERROR).permitAll().requestMatchers("/EParticipate/baudit/**").hasRole("BAUDIT").requestMatchers("/EParticipateSecurity/**").permitAll()).authenticationManager(this.authenticationManager(userDetailsService, passwordEncoder())).formLogin(form -> form.loginPage("/EParticipateSecurity/login_request").permitAll().defaultSuccessUrl("/EParticipate/baudit"))return http.build();}
字符串
Thymeleaf中的POST链接:
<form id="logout_form" th:action="@{/logout}" method="POST"><button id="logout_button" type="submit">Logout</button></form>
型
即使您将permitAll()添加到requestMatcher,它仍然无法工作:
@Beanpublic SecurityFilterChain openFilterChain(HttpSecurity http) throws Exception {http.securityMatcher("/EParticipate/baudit/**").addFilterBefore(new BauditUsernamePasswordAuthenticationFilter(this.authenticationManager(userDetailsService, passwordEncoder())),UsernamePasswordAuthenticationFilter.class).authorizeHttpRequests((requests) -> requests.dispatcherTypeMatchers(DispatcherType.FORWARD, DispatcherType.ERROR).permitAll().requestMatchers("/EParticipate/baudit/**").hasRole("BAUDIT")//Doesn't work.requestMatchers("/EParticipateSecurity/**","/logout").permitAll()).authenticationManager(this.authenticationManager(userDetailsService, passwordEncoder())).formLogin(form -> form.loginPage("/EParticipateSecurity/login_request").permitAll().defaultSuccessUrl("/EParticipate/baudit"))return http.build();}
型
1条答案
按热度按时间rnmwe5a21#
为了解决这个问题,我必须在securityMatcher的URL下添加一个自定义注销作为子URL(我还添加了一个注销处理程序,以确保注销时清除所有内容)。
字符串