Spring安全注销失败http-bio-8080"-exec-5“java.lang.StackOverflowError

Question

我看过一些Spring注销的例子，对我来说似乎有点抽象。我有一个与href="appcontext_path/auth/logout.html“的链接。我见过的示例在auth文件夹中没有通灵的logout.html。所以我假设这是一个幕后任务。我希望能够单击一个注销链接，该链接会使会话和任何相关的cookie失效，并导航到登录页面(auth/login.html)。当我尝试以下配置时，在线程""http-bio-8080"-exec-5“java.lang.StackOverflowError中得到异常

<global-method-security secured-annotations="enabled">
</global-method-security>
<http security="none" pattern="/javax.faces.resource/**" />
<http security="none" pattern="/services/rest-api/1.0/**" />
<http security="none" pattern="/preregistered/**" />
<http access-denied-page="/auth/denied.html">
    <intercept-url
        pattern="/**/*.xhtml"
        access="ROLE_NONE_GETS_ACCESS" />
    <intercept-url
        pattern="/auth/*"
        access="ROLE_ANONYMOUS" />
     <intercept-url
        pattern="/registered/*"
        access="ROLE_USER" />
    <form-login
        login-processing-url="/j_spring_security_check.html"
        login-page="/auth/login.html"
        default-target-url="/registered/home.html"
        authentication-failure-url="/auth/login.html" />
    <logout logout-url="/auth/logout.html"
            logout-success-url="/auth/login.html" />
    <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
    <remember-me user-service-ref="userManager" key="ddddd23aferq3f3qrf"/>
</http>
<!-- Configure the authentication provider -->
<authentication-manager>
    <authentication-provider user-service-ref="userManager">
            <password-encoder ref="passwordEncoder" />
    </authentication-provider>
</authentication-manager>

​

Answer 1

只需删除标记<logout/>并使用j_spring_security_logout作为注销功能的链接。

Answer 2

你在配置<logout logout-url="/auth/logout.html" logout-success-url="/auth/login.html" />中有错误，导致Spring logout filter捕获logout.html请求到logout.html (也就是它本身)--这会导致SOE。

您应该对logout-url和logout-success-url使用不同的URL。