因为 spring security 在开启 csrf
防护的情况下,/logout 必须是以 POST 方法提交才行,<a> 标签请求是 GET 方法,所以报 404
http.csrf().disable();
<form th:action="@{/logout}" method="post">
<input type="hidden" name="${_csrf.parameterName }" value="${_csrf.token }"/>
<input type="submit" value="logout">
</form>
@Override
protected void configure(HttpSecurity http) throws Exception {
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/home")
.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.and();
}