Fatal编程技术网
  • spring-security/
  • Spring security 我正在使用SpringSecurity3.2.7和Tomcat6,并且我可以创建注销按钮

Spring security 我正在使用SpringSecurity3.2.7和Tomcat6,并且我可以创建注销按钮

spring-security

Spring security 我正在使用SpringSecurity3.2.7和Tomcat6,并且我可以创建注销按钮,spring-security,tomcat6,Spring Security,Tomcat6,我使用的是带有SpringSecurity3.2.7的angularjs,在Tomcat6上部署时使用此代码进行登录操作 @RequestMapping(value = "/login", method = RequestMethod.POST) public @ResponseBody Map<String, ? extends Object> login( HttpServletRequest request,

我使用的是带有SpringSecurity3.2.7的angularjs,在Tomcat6上部署时使用此代码进行登录操作

@RequestMapping(value = "/login", method = RequestMethod.POST)
public @ResponseBody Map<String, ? extends Object> login(
                        HttpServletRequest request,
                        @RequestParam String userName,
                        @RequestParam String password) {
    Map<String, Object> response = new HashMap<String, Object>();
    logger.info("RegistreController Login...");
    logger.info("Start Login for the user :"+userName);
    try{
    String encodedPassword = hashPassword(password);
    System.out.println("encodedPassword = "+encodedPassword);

    final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(userName, encodedPassword);

    // this function returns UsernamePasswordAuthenticationToken(user, password, authorities)
    final Authentication authentication = authenticationProvider.authenticate(authRequest);

    SecurityContextHolder.getContext().setAuthentication(authentication);
    Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

    CustomUser user = null;
    if (principal instanceof CustomUser) {
        user = ((CustomUser)principal);
    }
}catch(Exception e) {
     if(e instanceof CredentialsExpiredException){
         response.put("expired", true);
     }
     response.put("success", false);
     response.put("msg", e.getMessage());
     logger.fatal(new MasterProtectionLogger().reportError("UserAdminController.login()", e, logger));
}
  return response;
}

@RequestMapping(value=“/login”,method=RequestMethod.POST)
public@ResponseBody映射登录(
HttpServletRequest请求,
@RequestParam字符串用户名,
@请求参数(字符串密码){
Map response=newhashmap();
logger.info(“注册控制器登录…”);
logger.info(“开始用户登录:”+用户名);
试一试{
字符串encodedPassword=hashPassword(密码);
System.out.println(“encodedPassword=“+encodedPassword”);
最终UsernamePasswordAuthenticationTokenAuthRequest=新的UsernamePasswordAuthenticationToken(用户名,encodedPassword);
//此函数返回UsernamePasswordAuthenticationToken(用户、密码、权限)
最终身份验证=authenticationProvider.Authentication(authRequest);
SecurityContextHolder.getContext().setAuthentication(身份验证);
对象主体=SecurityContextHolder.getContext().getAuthentication().getPrincipal();
CustomUser=null;
if(CustomUser的主体实例){
用户=((CustomUser)主体);
}
}捕获(例外e){
if(如凭证过期例外的实例){
响应。put(“过期”,true);
}
回答。put(“成功”,false);
response.put(“msg”,即getMessage());
致命(新的MasterProtectionLogger().reportError(“UserAdminController.login()”,e,logger));
}
返回响应;
}
我需要通过代码编写注销(不调用j_spring_security_注销) 我该怎么做?

关键是:

SecurityContextHolder.clearContext();
您可能还希望使HTTP会话无效