문제
localhost:8080/logout 호출 시 localhost:8080/login?logout로 호출 되는 문제 발생
문제 이유
Spring Security의 DefaultSecurityFilterChain에 LogoutFilter가 등록되어 있기 때문에 발생한 문제
2023-06-14T08:55:22.321-03:00 INFO 76975 --- [main] o.s.s.web.DefaultSecurityFilterChain
: Will secure any request with [
org.springframework.security.web.session.DisableEncodeUrlFilter@404db674,
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@50f097b5,
org.springframework.security.web.context.SecurityContextHolderFilter@6fc6deb7,
org.springframework.security.web.header.HeaderWriterFilter@6f76c2cc,
org.springframework.security.web.csrf.CsrfFilter@c29fe36,
org.springframework.security.web.authentication.logout.LogoutFilter@ef60710,
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@7c2dfa2,
org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@4397a639,
org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@7add838c,
org.springframework.security.web.authentication.www.BasicAuthenticationFilter@5cc9d3d0,
org.springframework.security.web.savedrequest.RequestCacheAwareFilter@7da39774,
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@32b0876c,
org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3662bdff,
org.springframework.security.web.access.ExceptionTranslationFilter@77681ce4,
org.springframework.security.web.access.intercept.AuthorizationFilter@169268a7]참조 : https://docs.spring.io/spring-security/reference/servlet/architecture.html
해결 방안
Security 설정파일 SecurityFilterChain 관련 메소드에 아래의 코드 추가
http.logout(logout -> logout
.logoutUrl("/logout")
.logoutSuccessUrl("/")
);더 많은 설정 변수가 있지만 간단하게 /logout을 호출 시
index 페이지(localhost:8080/)로 갈 수 있게 설정 변경
// 예시
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf(AbstractHttpConfigurer::disable)
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin))
.authorizeHttpRequests(
authorize -> authorize
.requestMatchers("/**", "/logout", "/reg", "/login", "/reqLogin").permitAll()
.anyRequest().authenticated());
http.logout(logout -> logout
.logoutUrl("/logout")
.logoutSuccessUrl("/")
);
return http.build();
}'프로그래밍 > Spring' 카테고리의 다른 글
| [Spring Boot > ERROR]org.springframework.beans.factory.UnsatisfiedDependencyException: (0) | 2024.10.07 |
|---|---|
| [Spring Boot > ERROR] through reference chain (0) | 2024.10.05 |
| Spring Boot에서 Swagger 사용하기 (0) | 2024.08.06 |
| Spring 시스템 환경 변수에 따른 application 설정 (0) | 2024.07.26 |
| Eclipse에서 Spring Legacy, Spring MVC Project 사용하기 (0) | 2024.07.18 |
