Java 未调用Spring security自定义LogoutHandler
我已经实现了自己的LogoutHandler,并试图在SpringSecurityXML中对其进行配置,但出于某种原因,在注销时没有调用它(注销成功,但我的代码没有执行) 这是我的security.xml:Java 未调用Spring security自定义LogoutHandler,java,spring,spring-security,Java,Spring,Spring Security,我已经实现了自己的LogoutHandler,并试图在SpringSecurityXML中对其进行配置,但出于某种原因,在注销时没有调用它(注销成功,但我的代码没有执行) 这是我的security.xml: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSc
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http use-expressions="true">
<security:intercept-url pattern="/logoutSuccess"
access="permitAll" />
<security:logout logout-url="/logout"
logout-success-url="/logoutSuccess" />
</security:http>
<bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg index="0" value="/logoutSuccess" />
<constructor-arg index="1">
<list>
<bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout" />
</bean>
有人知道它为什么不起作用吗?谢谢 由于您希望使用自定义过滤器而不是spring安全默认注销过滤器,请将此行添加到注销过滤器bean中
<security:custom-filter position="LOGOUT_FILTER"/>
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg index="0" value="/logoutSuccess" />
<constructor-arg index="1">
<list>
<bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout" />
</bean>
或者在spring安全配置中添加这一行
<security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>
编辑的
<security:http use-expressions="true">
<security:intercept-url pattern="/logoutSuccess"
access="permitAll" />
<security:logout logout-url="/logout"
logout-success-url="/logoutSuccess" success-handler-ref="myLogoutHandler" />
</security:http>
<bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />
您还可以实现LogoutSuccessHandler接口,而不是LogoutHandler
Edit2
好的,所以如果您不想在注销完成后调用处理程序,请删除注销标记并在注销过滤器bean中设置所有内容
<security:custom-filter position="LOGOUT_FILTER"/>
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg index="0" value="/logoutSuccess" />
<constructor-arg index="1">
<list>
<bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout" />
</bean>
并添加
谢谢,但是当我将其添加到注销过滤器bean时,我得到了以下错误:cvc复杂类型。2.4.a:发现以元素“custom filter”开头的无效内容,并且当我尝试将其添加到安全配置时,在运行tomcat时我得到了以下错误:配置问题:过滤器bean“”和“Root bean:class”[org.springframework.security.web.authentication.logout.LogoutFilter];…具有相同的“order”值。是否可以发布错误详细信息,也请尝试,即在自定义筛选器标记之前添加安全名称空间我尝试在bean中添加该标记,但出现以下错误:配置问题:安全命名空间不支持元素的修饰[custom filter]问题是,还向与您的过滤器堆栈冲突的过滤器堆栈添加了注销过滤器,而不是定义自定义注销过滤器,只需在注销标记中添加成功处理程序ref=myLogoutHandler,但我希望在注销成功之前执行我的代码,以便使用一些会话详细信息(以上代码只是一个示例…)。