开发者

Spring Security Log Out Failure http-bio-8080"-exec-5" java.lang.StackOverflowError

问答 作者:

I've seen a few examples of Spring's logout and it seems a bit abstract to me. I have a link with the href="appcontext_path/auth/logout.html". The examples I've seen don't have a psychical logout.html in the auth folder. So I'm assuming this is a behind the scenes task. I want to be able to click a log out link that invalidates the session and any associated cookies and navigates to the login page (auth/login.html). When I try the below config, I get a Exception in thread ""http-bio-8080"-exec-5" java.lang.StackOverflowError

<global-method-security secured-annotations="enabled">
</global-method-security>
<http security="none" pattern="/javax.faces.resource/**" />
<http security="none" pattern="/services/rest-api/1.0/**" />
<http security="none" pattern="/preregistered/**" />
<http access-denied-page="/auth/denied.html">
    <intercept-url
        pattern="/**/*.xhtml"
        access="ROLE_NONE_GETS_ACCESS" />
    <intercept-url
        pattern="/auth/*"
        access="ROLE_ANONYMOUS" />
     <intercept-url
        pattern="/registered/*"
        access="ROLE_USER" />
    <form-login
        login-processing-url="/j_spring_security_check.html"
        login-page="/auth/login.html"
        default-target-url="/registered/home.html"
        authentication-failure-url="/auth/login.html" />
    <logout logout-url="/auth/logout.html"
            logout-success-url="/auth/login.html" />
    <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
    <remember-me user-service-ref="userManager" key="ddddd23aferq3f3qrf"/>
</http>
<!-- Configure the authentication provider -->
<authentication-manager>
    <authentication-provider user-service-ref="userManager">
       开发者_运维技巧     <password-encoder ref="passwordEncoder" />
    </authentication-provider>
</authentication-manager>

Just remove the tag <logout/> and use j_spring_security_logout as a link to the logout functionality.

You have error in configuration <logout logout-url="/auth/logout.html" logout-success-url="/auth/login.html" /> causes Spring logout filter that catches logout.html requests to logout.html (i.e. to itself) - and this causes SOE.

You should use different URLs for logout-url and logout-success-url.

继续阅读:spring-security

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9