소개
게시글
질문&답변
logout 요청이 강의내용처럼 GetMapping을 타지 않는것 같네요
앗 감사합니다... 시큐리티 독학했을 때 모든 POST요청이 동작을 안해서 csrf를 비활성화해야 POST요청이 동작을 하더라구요... 답변 정말 감사드립니다.
- 3
- 6
- 1.2K
질문&답변
logout 요청이 강의내용처럼 GetMapping을 타지 않는것 같네요
네 인가는 문제 없어보입니다. SecurityConfig.java 소스입니다. private UserDetailsService userDetailsService; private AuthenticationDetailsSource authenticationDetailsSource; public SecurityConfig(UserDetailsService userDetailsService, AuthenticationDetailsSource authenticationDetailsSource) { this.userDetailsService = userDetailsService; this.authenticationDetailsSource = authenticationDetailsSource; } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider()); } @Bean public AuthenticationProvider authenticationProvider() { return new CustomAuthenticationProvider(userDetailsService, passwordEncoder()); } @Bean public PasswordEncoder passwordEncoder() { return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } @Override public void configure(WebSecurity web) throws Exception { // resources/static의 css, img 등 권한없이 접근가능하게 세팅 web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations()); } @Override protected void configure(HttpSecurity http) throws Exception { /* 인증 정책 */ http.authorizeRequests() .antMatchers("/**").permitAll() ; http.csrf().disable(); // csrf 일단 사용안함 http.formLogin() .loginPage("/login") .loginProcessingUrl("/login/action") .defaultSuccessUrl("/") .failureUrl("/login.html?error=true") .usernameParameter("username") .passwordParameter("password") .authenticationDetailsSource(authenticationDetailsSource) .successHandler(new AuthenticationSuccessHandler() { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { System.out.println("authentication : "+authentication.getName()); response.sendRedirect("/"); } }) .failureHandler(new AuthenticationFailureHandler() { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { System.out.println("exception :" + exception.getMessage()); response.sendRedirect("/login"); } }) .permitAll();
- 3
- 6
- 1.2K
질문&답변
logout 요청이 강의내용처럼 GetMapping을 타지 않는것 같네요
빠른답변 감사합니다. 답변주신대로 Get 으로 /logout을 요청을 하고 있습니다. sec:authorize access="isAuthenticated()"> li class="nav-item">a class="nav-link text-light" href="c:url value="/logout"/>">로그아웃a>li>sec:authorize> @GetMapping(value="/logout")public String logout(HttpServletRequest request, HttpServletResponse response) { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if(authentication != null) { new SecurityContextLogoutHandler().logout(request, response, authentication); } return "redirect:/";} ㅠㅠ..
- 3
- 6
- 1.2K