如何在春季退出前进行操作?
[英]how to perform operation just before logout in spring?
问题描述
First of all this is not a duplicate question i checked answers here ! 
首先,这不是一个重复的问题,我在这里检查答案! and here ! 在这里 ! but couldnt get it to work. 但无法让它发挥作用。
Also i want to perform it just before logout so can not use logoutSuccessHandler. 我也想在注销之前执行它,所以不能使用logoutSuccessHandler。
So i need to create a custom LOGOUT_FILTER , with which i am really having hard time getting it to work. 所以我需要创建一个自定义LOGOUT_FILTER,我真的很难让它工作。
here is my spring-security xml in which i tried two methods first was :- 这是我的spring-security xml,其中我首先尝试了两种方法: -
<custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />
<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg index="0" value="/logoutSuccess" />
<beans:constructor-arg index="1">
<beans:list>
<beans:bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<beans:bean id="myLogoutHandler" class="com.fe.cms.listener.SimpleLogoutHandler" />
</beans:list>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout" />
</beans:bean>
but this gives me error 但这给了我错误
Configuration problem: Security namespace does not support decoration of element [custom-filter]
then i tried.. 然后我试过..
<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg index="0" value="/logout" />
<beans:constructor-arg index="1">
<beans:ref bean="securityContextLogoutHandler" />
<beans:ref bean="myLogoutHandler" />
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout" />
</beans:bean>
<beans:bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<beans:bean id="myLogoutHandler" class="com.fe.cms.listener.SimpleLogoutHandler" />
<http auto-config="false" entry-point-ref="authenticationManger">
<custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />
</http>
but this gives me error :- 但这给了我错误: -
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#48' while setting bean property 'sourceList' with key [48]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#48': Cannot create inner bean '(inner bean)' of type [org.springframework.security.web.access.ExceptionTranslationFilter] while setting constructor argument with key [6]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#181': Could not resolve matching constructor (hint: specify index/type/name arguments for simple parameters to avoid type ambiguities)
Please can anyone tell where am i doing wrong .. i will post full xml files if needed 请任何人都可以告诉我在哪里做错了...如果需要,我会发布完整的xml文件
3 个解决方案
解决方案1
1 2014-11-21 08:54:38
If you need to execute some operation just before logout I suppose Spring interceptors can help you. 如果你需要在注销之前执行一些操作,我想Spring 拦截器可以帮助你。
You could implement a class like this: 你可以实现这样的类:
public class JustBeforeLogoutInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
boolean res = super.preHandle(request, response, handler);
//
// your code...
//
return res;
}
}
Then you need to configure the interceptor: 然后你需要配置拦截器:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/logout" />
<bean class="your.app.JustBeforeLogoutInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
This should work. 这应该工作。 Take a try. 试一试。
解决方案2
1 已采纳 2014-11-21 09:59:43
According to your clarification what you want is to get access the to session and perform some logic. 根据您的澄清,您想要的是访问会话并执行一些逻辑。 Instead of hacking around with a custom LogoutFilter simply write an ApplicationListener that listens to HttpSessionDestroyedEvent s. 而不是使用自定义LogoutFilter进行攻击,只需编写一个侦听HttpSessionDestroyedEvent的ApplicationListener 。
@Component
public class SessionListener implements ApplicationListener<HttpSessionDestroyedEvent> {
public void onApplicationEvent(HttpSessionDestroyedEvent evt) {
HttpSession session = evt.getSession();
// Your logic here
}
}
To be able re receive events make sure that you register the HttpSessionEventPublisher in your web.xml. 为了能够重新接收事件,请确保在web.xml中注册HttpSessionEventPublisher 。
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
Main advantage of this solution is that you will also be able to process sessions that timeout and not only regular logouts. 此解决方案的主要优点是您还可以处理超时的会话,而不仅仅是定期注销。
解决方案3
0 2014-11-21 08:56:48
You can try to extend current LogoutFilter and execute your custom logic before calling super class' doFilter method. 在调用超类'doFilter方法之前,您可以尝试扩展当前的LogoutFilter并执行自定义逻辑。
Like this 像这样
public class CustomLogoutFilter extends LogoutFilter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (requiresLogout(request, response)) {
// IMPLEMENT YOUR CUSTOM LOGIC HERE
super.doFilter(req, res, chain);
return;
}
chain.doFilter(request, response);
}
}
Then you have to replace default LogoutFilter with your CustomLogoutFilter 然后,您必须使用CustomLogoutFilter替换默认的LogoutFilter
<http>
<custom-filter position="LOGOUT_FILTER" ref="customLogoutFilter" />
</http>
<bean id="customLogutFilter" class="example.CustomLogoutFilter">
<property name="filterProcessesUrl" value="/logout" />
<!-- Put other needed properties here-->
</bean>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.