无法调用 LogoutSuccessHandler - Spring Security
[英]Unable to call LogoutSuccessHandler - Spring Security
问题描述
I am trying to implement a Custom Spring Security Logout Handler.
我正在尝试实现自定义Spring Security 注销处理程序。 My configurations are as below but the logout handler is never called.我的配置如下,但从未调用注销处理程序。
I have a JSP where I call logout as :我有一个 JSP,我将注销称为:
<a href="j_spring_security_logout">Logout</a>
In the application-security.xml, I have the following:在 application-security.xml 中,我有以下内容:
<security:logout invalidate-session="true"></security:logout>
<security:logout logout-url="/logout" success-handler-ref="myCustomLogoutSuccessHandler"></security:logout>
<beans:bean id="myCustomLogoutSuccessHandler" class="com.inventory.security.MyCustomLogoutSuccessHandler"></beans:bean>
I have a Custom Logout handler too with the defination:我也有一个带有定义的自定义注销处理程序:
public class MyCustomLogoutSuccessHandler extends
SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess
(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
System.out.println("Principal: "+authentication.getPrincipal());
System.out.println("Logout Called: MyCustomLogoutSuccessHandler");
super.onLogoutSuccess(request, response, authentication);
}
}
But this is never been called.但这从来没有被调用过。 Am I missing something?我错过了什么吗?
If I change the j_spring_security_logout to logout and create my custom Controller for that URL , then in that case the code works for logout URL but how do I handle the Spring Magic Logout如果我将 j_spring_security_logout 更改为注销并为该 URL 创建我的自定义控制器,那么在这种情况下,代码适用于注销 URL 但我如何处理 Spring Magic Logout
2 个解决方案
解决方案1
2 已采纳 2014-04-05 09:02:40
Actually it isn't clear how you want to invoke your myCustomLogoutSuccessHandler , if you continue to use standard logout url ( j_spring_security_logout ), not your custom one - logout .实际上,如果您继续使用标准注销 url ( j_spring_security_logout ),而不是您的自定义 one- logout ,则不清楚您想如何调用myCustomLogoutSuccessHandler 。
From other side what is the reason to have two <security:logout> ?从另一方面来说,有两个<security:logout>的原因是什么?
Won't it be enough to have this config:有这个配置还不够:
<a href="j_spring_security_logout">Logout</a>
....
<security:logout invalidate-session="true" success-handler-ref="myCustomLogoutSuccessHandler"></security:logout>
? ?
Explain your purpose, please请说明你的目的
解决方案2
0 2014-04-07 05:57:36
you are not doing special work in custom logout handler... since its a simple logout, so the following logout will work....>>>你没有在自定义注销处理程序中做特殊的工作......因为它是一个简单的注销,所以下面的注销将起作用......>>>
configuration配置
<security:logout logout-url="/logout" logout-success-url="/login.html" invalidate-session="true" delete-cookies="JSESSIONID" />
</security:http>
html: html:
<a style="margin-top: 4px;" href="/logout">log_out</a>
for your information:供您参考:
Attribute : logout-url
Specifies the URL that will cause a logout. Spring Security will initialize a filter that responds to this particular URL.
Defaults to /j_spring_security_logout if unspecified.
if you are not specifing the attribute logout-url then it will default to /j_spring_security_logout it means you have to put /j_spring_security_logout in your html logout tags as如果您没有指定属性logout-url那么它将默认为/j_spring_security_logout这意味着您必须将/j_spring_security_logout放在您的 html 注销标签中
<a style="margin-top: 4px;" href="../j_spring_security_logout">log_out</a>
and if you are specifing the same attribute you have to put the same url in both config and html tags.like如果您指定相同的属性,则必须在 config 和 html tags.like 中放置相同的 url
configuration:配置:
<security:logout logout-url="/logout" logout-success-url="/login.html" invalidate-session="true" delete-cookies="JSESSIONID" />
</security:http>
html: html:
<a style="margin-top: 4px;" href="/logout">log_out</a>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.