Oauth2客户端注销不起作用
我尝试使用这里描述的方法https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout :
所以我有以下后端代码库:
@EnableAutoConfiguration @Configuration @EnableOAuth2Sso @Controller public class ClientApplication extends WebSecurityConfigurerAdapter { private Logger logger = LoggerFactory.getLogger(ClientApplication.class); @RequestMapping("/hello") public String home(Principal user, HttpServletRequest request, HttpServletResponse response, Model model) throws ServletException { model.addAttribute("name", user.getName()); return "hello"; } @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**") .authorizeRequests() .antMatchers( "/login**", "/webjars/**", "/error**").permitAll() .anyRequest() .authenticated() .and().logout().logoutSuccessUrl("/").permitAll() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); // @formatter:on } public static void main(String[] args) { new SpringApplicationBuilder(ClientApplication.class) .properties("spring.config.name=application").run(args); } }
并在前端:
JS:
$.ajaxSetup({ beforeSend: function (xhr, settings) { if (settings.type == 'POST' || settings.type == 'PUT' || settings.type == 'DELETE') { if (!(/^http:.*/.test(settings.url) || /^https:.*/ .test(settings.url))) { // Only send the token to relative URLs ie locally. xhr.setRequestHeader("X-XSRF-TOKEN", Cookies.get('XSRF-TOKEN')); } } } }); var logout = function () { $.post("/client/logout", function () { $("#user").html(''); $(".unauthenticated").show(); $(".authenticated").hide(); }); return true; }; $(function() { $("#logoutButton").on("click", function () { logout(); }); });
和HTML:
但它不起作用。 行为如下:
成功登录应用程序后,我点击退出按钮它会激活POST http://localhost:9999/client/logout
http://localhost:9999/client/logout
重定向到http://localhost:9999/client
但该页面不存在。 然后我访问localhost:8080/client/hello
– 我看到安全页面
PS
/client
是应用程序上下文:
application.yml
片段:
server: servlet: context-path: /client
gitub上的源代码:
客户端 – https://github.com/gredwhite/logour_social-auth-client (使用localhost:9999/client/hello
url)
服务器 – https://github.com/gredwhite/logout_social-auth-server
注销端点应为/logout
而不是/client/logout
。