Java spring安全自定义注销处理程序
如何在SpringSecurity中将自己的注销处理程序添加到LogoutFilter?Java spring安全自定义注销处理程序,java,spring,spring-security,Java,Spring,Spring Security,如何在SpringSecurity中将自己的注销处理程序添加到LogoutFilter? 谢谢 您应该使用元素的成功处理程序ref属性: <security:logout invalidate-session="true" success-handler-ref="myLogoutHandler" logout-url="/logout" /> 作为替代解决方案,您可以在注销URL上配置自己的过滤器。请参阅Spring Security
谢谢 您应该使用
元素的成功处理程序ref
属性:
<security:logout invalidate-session="true"
success-handler-ref="myLogoutHandler"
logout-url="/logout" />
作为替代解决方案,您可以在注销URL上配置自己的过滤器。请参阅Spring Security Forum中的答案:
XML定义:
以下解决方案适合我,可能会有所帮助:
<security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
<bean id="logoutSuccessHandler" class="your.package.name.LogoutSuccessHandler" >
<constructor-arg value="/putInYourDefaultTargetURLhere" />
</bean>
您可以像这样使用java配置解决方案
@配置
@启用Web安全性
公共类SpringSecurity2Config扩展了WebSecurity配置适配器{
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
//您可以通过调用http.XXX()来设置其他安全配置
http
.logout()
.addLogoutHandler(新的CustomLogoutHandler())
.logoutUrl(“/logout”)
.logoutSuccessHandler(…)
.permitAll();
}
静态类CustomLogoutHandler实现LogoutHandler{
@凌驾
公共无效注销(HttpServletRequest请求、HttpServletResponse响应、身份验证){
//...
}
}
}
myLogoutHandler必须从哪个类扩展?@Neuquino,您应该实现org.springframework.security.web.authentication.logout.LogoutHandler
您不能同时使用logout url和success handler ref。successHandler和LogoutHandler是两件不同的事情。有时您需要一个自定义LogoutHandler(因为它在LogoutSuccessHandler之前运行)。构造函数不是必需的。他要求的是LogoutHandler
而不是LogoutSuccessHandler
无需定义协同构造函数,只需使用
而不是
public class CustomLogoutHandler implements LogoutHandler {
private UserCache userCache;
public void logout(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) {
// ....
}
@Required
public void setUserCache(final UserCache userCache) {
this.userCache = userCache;
}
}
public class LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
// Just for setting the default target URL
public LogoutSuccessHandler(String defaultTargetURL) {
this.setDefaultTargetUrl(defaultTargetURL);
}
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
// do whatever you want
super.onLogoutSuccess(request, response, authentication);
}
}
<security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
<bean id="logoutSuccessHandler" class="your.package.name.LogoutSuccessHandler" >
<constructor-arg value="/putInYourDefaultTargetURLhere" />
</bean>