81,122
社区成员
发帖
与我相关
我的任务
分享Spring4MVC+spring-security3.2.5 j_spring_security_logout 404错误
各位大神,今天遇到一个问题,有点恼火,不晓得是哪里没配置到位啊:
我的框架是Spring4MVC+spring-security3.2.5+mybitas3.2.8。能调用/j_spring_security_check正常登录,但登出调用j_spring_security_logout时,页面提出HTTP Status 404 - /j_spring_security_logout。配置如下:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>csrfFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>csrfFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/springweb/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.css</url-pattern>
<url-pattern>*.js</url-pattern>
<url-pattern>*.ico</url-pattern>
<url-pattern>*.swf</url-pattern>
<url-pattern>*.gif</url-pattern>
<url-pattern>*.jpeg</url-pattern>
<url-pattern>*.bmp</url-pattern>
<url-pattern>*.psd</url-pattern>
<url-pattern>*.jpg</url-pattern>
<url-pattern>*.png</url-pattern>
<url-pattern>*.htm</url-pattern>
<url-pattern>*.html</url-pattern>
<url-pattern>*.crx</url-pattern>
<url-pattern>*.xpi</url-pattern>
<url-pattern>*.exe</url-pattern>
<url-pattern>*.ipa</url-pattern>
<url-pattern>*.apk</url-pattern>
<url-pattern>*.htc</url-pattern>
<url-pattern>*.woff</url-pattern>
<url-pattern>*.ttf</url-pattern>
</servlet-mapping>
</web-app>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 登录界面不使用权限过滤 -->
<http security="none" pattern="/login*"/>
<http security="none" pattern="/resources/**" />
<http security="none" pattern="/views/ftl/common/*" />
<http auto-config="true">
<http-basic />
<intercept-url pattern="/**" access="ROLE_USER" />
<!-- 登录界面 -->
<form-login login-page="/login" default-target-url="/index"
always-use-default-target="true" authentication-failure-url="/login?login_error=1"/>
<logout invalidate-session="true" logout-success-url="/login"/>
<csrf />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select user_name username,password password,enabled enabled from sys_user where user_name=?"
authorities-by-username-query="SELECT b.user_name username, a.role_code role FROM sys_user_role a,sys_user b WHERE a.user_code=b.user_name AND b.user_name=? "
/>
</authentication-provider>
</authentication-manager>
<!-- CSRF protection. Here we only include the CsrfFilter instead of all
of Spring Security. See http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#csrf
for more information on Spring Security's CSRF protection -->
<beans:bean id="csrfFilter" class="org.springframework.security.web.csrf.CsrfFilter">
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository" />
</beans:constructor-arg>
</beans:bean>
<!-- Provides automatic CSRF token inclusion when using Spring MVC Form
tags or Thymeleaf. -->
<beans:bean id="requestDataValueProcessor"
class="org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor" />
</beans:beans>
servlet-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<!-- Enables the Spring MVC @Controller programming model -->
<mvc:annotation-driven/>
<!-- <annotation-driven conversion-service="conversionService" enable-matrix-variables="true">
<argument-resolvers> <beans:bean class="org.springframework.samples.mvc.data.custom.CustomArgumentResolver"/>
</argument-resolvers> <async-support default-timeout="3000"> <callable-interceptors>
<beans:bean class="org.springframework.samples.mvc.async.TimeoutCallableProcessingInterceptor"
/> </callable-interceptors> </async-support> </annotation-driven> -->
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources/ directory -->
<resources mapping="/views/**" location="/views/" />
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
in the /WEB-INF/views directory -->
<!-- XML转码器 -->
<beans:bean id="fmXmlEscape" class="freemarker.template.utility.XmlEscape" />
<!-- freemarker的配置 -->
<beans:bean id="freemarkerConfigurer"
class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
<beans:property name="templateLoaderPath" value="/views/ftl/" />
<beans:property name="freemarkerVariables">
<beans:map>
<beans:entry key="xml_escape" value-ref="fmXmlEscape" />
</beans:map>
</beans:property>
<beans:property name="defaultEncoding" value="GBK" />
<beans:property name="freemarkerSettings">
<beans:props>
<beans:prop key="template_update_delay">10</beans:prop>
<beans:prop key="locale">zh_CN</beans:prop>
<beans:prop key="datetime_format">yyyy-MM-dd HH:mm:ss</beans:prop>
<beans:prop key="date_format">yyyy-MM-dd</beans:prop>
<beans:prop key="number_format">#.##</beans:prop>
</beans:props>
</beans:property>
</beans:bean>
<!-- FreeMarker视图解析 如返回userinfo。。在这里配置后缀名ftl和视图解析器。。 -->
<beans:bean id="viewResolver"
class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
<beans:property name="viewClass"
value="org.springframework.web.servlet.view.freemarker.FreeMarkerView" />
<beans:property name="suffix" value=".ftl" />
<beans:property name="contentType" value="text/html;charset=GBK" />
<beans:property name="exposeRequestAttributes" value="true" />
<beans:property name="exposeSessionAttributes" value="true" />
<beans:property name="exposeSpringMacroHelpers" value="true" />
<beans:property name="requestContextAttribute" value="ctx"/>
<beans:property name="order" value="1" />
</beans:bean>
<beans:bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/views/" />
<beans:property name="suffix" value=".jsp" />
<beans:property name="order" value="2" />
</beans:bean>
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="order" value="3"></beans:property>
<beans:property name="prefix" value="/admin/"></beans:property>
<beans:property name="suffix" value=".html"></beans:property>
<beans:property name="contentType" value="text/html"></beans:property>
</beans:bean>
<beans:bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />
<!-- Imports user-defined @Controller beans that process client requests -->
<beans:import resource="controllers.xml" />
<task:annotation-driven />
</beans:beans>
我的框架是Spring4MVC+spring-security3.2.5+mybitas3.2.8。能调用/j_spring_security_check正常登录,但登出调用j_spring_security_logout时,页面提出HTTP Status 404 - /j_spring_security_logout。配置如下:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>csrfFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>csrfFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/springweb/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.css</url-pattern>
<url-pattern>*.js</url-pattern>
<url-pattern>*.ico</url-pattern>
<url-pattern>*.swf</url-pattern>
<url-pattern>*.gif</url-pattern>
<url-pattern>*.jpeg</url-pattern>
<url-pattern>*.bmp</url-pattern>
<url-pattern>*.psd</url-pattern>
<url-pattern>*.jpg</url-pattern>
<url-pattern>*.png</url-pattern>
<url-pattern>*.htm</url-pattern>
<url-pattern>*.html</url-pattern>
<url-pattern>*.crx</url-pattern>
<url-pattern>*.xpi</url-pattern>
<url-pattern>*.exe</url-pattern>
<url-pattern>*.ipa</url-pattern>
<url-pattern>*.apk</url-pattern>
<url-pattern>*.htc</url-pattern>
<url-pattern>*.woff</url-pattern>
<url-pattern>*.ttf</url-pattern>
</servlet-mapping>
</web-app>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 登录界面不使用权限过滤 -->
<http security="none" pattern="/login*"/>
<http security="none" pattern="/resources/**" />
<http security="none" pattern="/views/ftl/common/*" />
<http auto-config="true">
<http-basic />
<intercept-url pattern="/**" access="ROLE_USER" />
<!-- 登录界面 -->
<form-login login-page="/login" default-target-url="/index"
always-use-default-target="true" authentication-failure-url="/login?login_error=1"/>
<logout invalidate-session="true" logout-success-url="/login"/>
<csrf />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select user_name username,password password,enabled enabled from sys_user where user_name=?"
authorities-by-username-query="SELECT b.user_name username, a.role_code role FROM sys_user_role a,sys_user b WHERE a.user_code=b.user_name AND b.user_name=? "
/>
</authentication-provider>
</authentication-manager>
<!-- CSRF protection. Here we only include the CsrfFilter instead of all
of Spring Security. See http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#csrf
for more information on Spring Security's CSRF protection -->
<beans:bean id="csrfFilter" class="org.springframework.security.web.csrf.CsrfFilter">
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository" />
</beans:constructor-arg>
</beans:bean>
<!-- Provides automatic CSRF token inclusion when using Spring MVC Form
tags or Thymeleaf. -->
<beans:bean id="requestDataValueProcessor"
class="org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor" />
</beans:beans>
servlet-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<!-- Enables the Spring MVC @Controller programming model -->
<mvc:annotation-driven/>
<!-- <annotation-driven conversion-service="conversionService" enable-matrix-variables="true">
<argument-resolvers> <beans:bean class="org.springframework.samples.mvc.data.custom.CustomArgumentResolver"/>
</argument-resolvers> <async-support default-timeout="3000"> <callable-interceptors>
<beans:bean class="org.springframework.samples.mvc.async.TimeoutCallableProcessingInterceptor"
/> </callable-interceptors> </async-support> </annotation-driven> -->
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources/ directory -->
<resources mapping="/views/**" location="/views/" />
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
in the /WEB-INF/views directory -->
<!-- XML转码器 -->
<beans:bean id="fmXmlEscape" class="freemarker.template.utility.XmlEscape" />
<!-- freemarker的配置 -->
<beans:bean id="freemarkerConfigurer"
class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
<beans:property name="templateLoaderPath" value="/views/ftl/" />
<beans:property name="freemarkerVariables">
<beans:map>
<beans:entry key="xml_escape" value-ref="fmXmlEscape" />
</beans:map>
</beans:property>
<beans:property name="defaultEncoding" value="GBK" />
<beans:property name="freemarkerSettings">
<beans:props>
<beans:prop key="template_update_delay">10</beans:prop>
<beans:prop key="locale">zh_CN</beans:prop>
<beans:prop key="datetime_format">yyyy-MM-dd HH:mm:ss</beans:prop>
<beans:prop key="date_format">yyyy-MM-dd</beans:prop>
<beans:prop key="number_format">#.##</beans:prop>
</beans:props>
</beans:property>
</beans:bean>
<!-- FreeMarker视图解析 如返回userinfo。。在这里配置后缀名ftl和视图解析器。。 -->
<beans:bean id="viewResolver"
class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
<beans:property name="viewClass"
value="org.springframework.web.servlet.view.freemarker.FreeMarkerView" />
<beans:property name="suffix" value=".ftl" />
<beans:property name="contentType" value="text/html;charset=GBK" />
<beans:property name="exposeRequestAttributes" value="true" />
<beans:property name="exposeSessionAttributes" value="true" />
<beans:property name="exposeSpringMacroHelpers" value="true" />
<beans:property name="requestContextAttribute" value="ctx"/>
<beans:property name="order" value="1" />
</beans:bean>
<beans:bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/views/" />
<beans:property name="suffix" value=".jsp" />
<beans:property name="order" value="2" />
</beans:bean>
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="order" value="3"></beans:property>
<beans:property name="prefix" value="/admin/"></beans:property>
<beans:property name="suffix" value=".html"></beans:property>
<beans:property name="contentType" value="text/html"></beans:property>
</beans:bean>
<beans:bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />
<!-- Imports user-defined @Controller beans that process client requests -->
<beans:import resource="controllers.xml" />
<task:annotation-driven />
</beans:beans>
...全文
请发表友善的回复…
发表回复
zl_qingchunwuhui 2015-08-23
- 打赏
- 举报
你开启了<csrf/> ,所以退出时需要使用post提交,不能直接使用链接!要写在form中,还要加上csrf
hechangsheng18 2015-04-02
- 打赏
- 举报
帮忙分析下啦。
主要就是这三个配置文件。后来又配置了<logout invalidate-session="true" logout-success-url="/" logout-url="/j_spring_security_logout"/>。还是不行。这个“ /j_spring_security_logout”是不是也被拦截了啊?
web.xml
spring-security.xml
servlet-context.xml
microhex 2015-04-01
- 打赏
- 举报
这写的 不是我不看啊,你写得也头大啊。。。。
