Spring security 我正在使用SpringSecurity3.2.7和Tomcat6,并且我可以创建注销按钮
我使用的是带有SpringSecurity3.2.7的angularjs,在Tomcat6上部署时使用此代码进行登录操作Spring security 我正在使用SpringSecurity3.2.7和Tomcat6,并且我可以创建注销按钮,spring-security,tomcat6,Spring Security,Tomcat6,我使用的是带有SpringSecurity3.2.7的angularjs,在Tomcat6上部署时使用此代码进行登录操作 @RequestMapping(value = "/login", method = RequestMethod.POST) public @ResponseBody Map<String, ? extends Object> login( HttpServletRequest request,
@RequestMapping(value = "/login", method = RequestMethod.POST)
public @ResponseBody Map<String, ? extends Object> login(
HttpServletRequest request,
@RequestParam String userName,
@RequestParam String password) {
Map<String, Object> response = new HashMap<String, Object>();
logger.info("RegistreController Login...");
logger.info("Start Login for the user :"+userName);
try{
String encodedPassword = hashPassword(password);
System.out.println("encodedPassword = "+encodedPassword);
final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(userName, encodedPassword);
// this function returns UsernamePasswordAuthenticationToken(user, password, authorities)
final Authentication authentication = authenticationProvider.authenticate(authRequest);
SecurityContextHolder.getContext().setAuthentication(authentication);
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
CustomUser user = null;
if (principal instanceof CustomUser) {
user = ((CustomUser)principal);
}
}catch(Exception e) {
if(e instanceof CredentialsExpiredException){
response.put("expired", true);
}
response.put("success", false);
response.put("msg", e.getMessage());
logger.fatal(new MasterProtectionLogger().reportError("UserAdminController.login()", e, logger));
}
return response;
}
@RequestMapping(value=“/login”,method=RequestMethod.POST)
public@ResponseBody映射登录(
HttpServletRequest请求,
@RequestParam字符串用户名,
@请求参数(字符串密码){
Map response=newhashmap();
logger.info(“注册控制器登录…”);
logger.info(“开始用户登录:”+用户名);
试一试{
字符串encodedPassword=hashPassword(密码);
System.out.println(“encodedPassword=“+encodedPassword”);
最终UsernamePasswordAuthenticationTokenAuthRequest=新的UsernamePasswordAuthenticationToken(用户名,encodedPassword);
//此函数返回UsernamePasswordAuthenticationToken(用户、密码、权限)
最终身份验证=authenticationProvider.Authentication(authRequest);
SecurityContextHolder.getContext().setAuthentication(身份验证);
对象主体=SecurityContextHolder.getContext().getAuthentication().getPrincipal();
CustomUser=null;
if(CustomUser的主体实例){
用户=((CustomUser)主体);
}
}捕获(例外e){
if(如凭证过期例外的实例){
响应。put(“过期”,true);
}
回答。put(“成功”,false);
response.put(“msg”,即getMessage());
致命(新的MasterProtectionLogger().reportError(“UserAdminController.login()”,e,logger));
}
返回响应;
}
我需要通过代码编写注销(不调用j_spring_security_注销)
我该怎么做?关键是:
SecurityContextHolder.clearContext();
您可能还希望使HTTP会话无效