http
.authorizeRequests().anyRequest().authenticated()
.and().formLogin().loginPage("/login").failureUrl("/login?error").permitAll()
.and().logout().permitAll().invalidateHttpSession(true)
.and().rememberMe().tokenValiditySeconds(60 * 60 * 24)
.tokenRepository(tokenRepository()).and().exceptionHandling();
......
@Bean
public JdbcTokenRepositoryImpl tokenRepository() {
JdbcTokenRepositoryImpl j = new JdbcTokenRepositoryImpl();
j.setDataSource(dataSource);
return j;
}
在logout登出时报错
{
timestamp=Wed Feb 15 15:14:34 CST 2017,
status=403,
error=Forbidden,
message=Could not verify the provided CSRF token because your session was not found.,
path=/myproject/logout
}
若在页面中加入
<meta name="_csrf" th:content="${_csrf.token}"/>
<meta name="_csrf_header" th:content="${_csrf.headerName}"/>
或者使用hidden
<form th:action="@{/logout}" method="post">
<input type="submit" class="btn btn-primary" value="注销"/>
<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />
</form>
则报错
{
timestamp=Thu Feb 16 11:22:25 CST 2017,
status=500,
error=Internal Server Error,
exception=org.thymeleaf.exceptions.TemplateProcessingException,
message=Request processing failed; nested exception is org.thymeleaf.exceptions.TemplateProcessingException: Exception evaluating SpringEL expression: "_csrf.parameterName" (index:50),
path=/myproject/
}
请问如何解决
tokenRepository已持久化入库
是否需要手动将token加入到session中,还是其它什么做法
谢谢
1 个解决方案
#1
http://blog.csdn.net/wyccyw123456/article/details/51778398
#1
http://blog.csdn.net/wyccyw123456/article/details/51778398