当前位置: 动力学知识库 > 问答 > 编程问答 >

Spring Basic Authentication Can't Log Out

问题描述:

I'm using simple basic Authentication using the Spring security 3.2 JAR, but for even when I clear my cookies, my Chrome still keeps me logged in. Also, the logout does not work either for me.

Please see my security-context.xml where I'm creating the authentication.

If the logout starts working for me It is good enough for me, as I do know that the browser likes to keep basic Auth until the browser is closed.

<beans:beans xmlns="http://www.springframework.org/schema/security"

xmlns:beans="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans-3.0.xsd

http://www.springframework.org/schema/security

http://www.springframework.org/schema/security/spring-security-3.2.xsd">

<global-method-security secured-annotations="enabled" pre-post-annotations="enabled"/>

<http use-expressions="true" auto-config="true">

<intercept-url pattern="/login" access="hasRole('ROLE_ADMIN')"/>

<http-basic></http-basic>

<logout logout-url="/logout" logout-success-url="/" delete-cookies="JSESSIONID" invalidate-session="true"/>

</http>

<authentication-manager>

<authentication-provider>

<user-service>

<user name="tehras" password="secret" authorities="ROLE_ADMIN"/>

</user-service>

</authentication-provider>

</authentication-manager>

</beans:beans>

网友答案:

Try to close the browser after the logout. In basic authentication it stores the credentials for sending them in the header for each request to the website

分享给朋友:
您可能感兴趣的文章:
随机阅读: