1
您好,我在我的弹簧启动应用程序中加强了弹簧安全性。但是在点击注销时,它需要一些重定向url。如何避免它?在弹簧安全中注销,无需重定向到任何地方
我WebSecurityConfig是
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/rest/auth/**").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/dist/**").permitAll()
.antMatchers("/node_modules/**").permitAll()
.antMatchers("/src/**").permitAll()
.anyRequest().authenticated()
.and()
.logout().addLogoutHandler(logoutHandler)
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()));
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
我LogoutHandler是
@Override
public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
Authentication authentication)
{
try
{
SecurityContextHolder.getContext().setAuthentication(null);
SecurityContextHolder.clearContext();
String responseValue = new ObjectMapper().writeValueAsString("success");
httpServletResponse.setStatus(HttpServletResponse.SC_ACCEPTED);
httpServletResponse.addHeader("Content-Type", "application/json");
httpServletResponse.getWriter().print(responseValue);
}
catch(Exception e)
{
LOGGER.error("Error", e);
String responseValue;
try
{
responseValue = new ObjectMapper().writeValueAsString("failed");
httpServletResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
httpServletResponse.addHeader("Content-Type", "application/json");
httpServletResponse.getWriter().print(responseValue);
}
catch(IOException e1)
{
LOGGER.error("Error", e1);
}
}
}
我只是想在LogoutHandler配置的响应被发送到客户端。但成功注销后,它将重定向到/login。我不希望它被重定向到任何其他网址。我只是想将响应发送给客户端。如何实现这一目标?