【发布时间】:2011-06-22 15:24:15
【问题描述】:
我看过一些 Spring 注销的例子,对我来说似乎有点抽象。我有一个带有 href="appcontext_path/auth/logout.html" 的链接。我看到的示例在 auth 文件夹中没有心理 logout.html。所以我假设这是一个幕后任务。我希望能够单击使会话和任何相关 cookie 无效并导航到登录页面 (auth/login.html) 的注销链接。当我尝试以下配置时,我在线程 ""http-bio-8080"-exec-5" java.lang.StackOverflowError
中得到一个异常<global-method-security secured-annotations="enabled">
</global-method-security>
<http security="none" pattern="/javax.faces.resource/**" />
<http security="none" pattern="/services/rest-api/1.0/**" />
<http security="none" pattern="/preregistered/**" />
<http access-denied-page="/auth/denied.html">
<intercept-url
pattern="/**/*.xhtml"
access="ROLE_NONE_GETS_ACCESS" />
<intercept-url
pattern="/auth/*"
access="ROLE_ANONYMOUS" />
<intercept-url
pattern="/registered/*"
access="ROLE_USER" />
<form-login
login-processing-url="/j_spring_security_check.html"
login-page="/auth/login.html"
default-target-url="/registered/home.html"
authentication-failure-url="/auth/login.html" />
<logout logout-url="/auth/logout.html"
logout-success-url="/auth/login.html" />
<anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
<remember-me user-service-ref="userManager" key="ddddd23aferq3f3qrf"/>
</http>
<!-- Configure the authentication provider -->
<authentication-manager>
<authentication-provider user-service-ref="userManager">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager>
【问题讨论】:
标签: spring-security