堆栈内存溢出
  简体   繁体   English

基于用户动态发布注销重定向网址?

[英]Dynamic post logout redirection url based on user?

 原文  2012-09-20 13:04:13       spring/ grails/ spring-security

问题描述

i am wondering how i could implement a post logout redirection using a custom logout handler. 我想知道如何使用自定义注销处理程序实现post logout重定向。 I have implemented a CustomLogoutSuccessHandler but i have no way off access http session data that has previous been set by the user who has logged in. The data is alway empty... 我已经实现了一个CustomLogoutSuccessHandler,但我无法访问之前由已登录用户设置的http会话数据。数据总是为空... 

class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {

    private static final ThreadLocal<Authentication> AUTH_HOLDER = new ThreadLocal<Authentication>()

    void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        AUTH_HOLDER.set authentication

        // reading session variable...
        request.session?.variable // but this is always empty

        try {
            super.handle(request, response, authentication)
        }
        finally {
            AUTH_HOLDER.remove()
        }
    }

    @Override
    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
        Authentication auth = AUTH_HOLDER.get()

        String url = super.determineTargetUrl(request, response)

        // do something with the url based on session data..

        url
    }
}

1 个解决方案

解决方案1
 2  2012-09-22 00:36:04

I do not know if there is any easy way to do this but came up with the below solution. 我不知道是否有任何简单的方法可以做到这一点,但想出了以下的解决方案。

All you have to do is set the setTargetUrlParameter in your LogoutSuccessHandler. 您所要做的就是在LogoutSuccessHandler中设置setTargetUrlParameter。 For that I made use of the implementation of HttpServletRequestWrapper written by Lincoln Baxter, III here for adding a parameter to the current request. 为此我使用了林肯Baxter,III编写的HttpServletRequestWrapper的实现, 这里为当前请求添加了一个参数。 Here is the relevant code. 这是相关的代码。 

public class PrettyFacesWrappedRequest extends HttpServletRequestWrapper
{
    private final Map<String, String[]> modifiableParameters;
    private Map<String, String[]> allParameters = null;

    /**
     * Create a new request wrapper that will merge additional parameters into
     * the request object without prematurely reading parameters from the
     * original request.
     * 
     * @param request
     * @param additionalParams
     */
    public PrettyFacesWrappedRequest(final HttpServletRequest request, 
                                                    final Map<String, String[]> additionalParams)
    {
        super(request);
        modifiableParameters = new TreeMap<String, String[]>();
        modifiableParameters.putAll(additionalParams);
    }

    @Override
    public String getParameter(final String name)
    {
        String[] strings = getParameterMap().get(name);
        if (strings != null)
        {
            return strings[0];
        }
        return super.getParameter(name);
    }

    @Override
    public Map<String, String[]> getParameterMap()
    {
        if (allParameters == null)
        {
            allParameters = new TreeMap<String, String[]>();
            allParameters.putAll(super.getParameterMap());
            allParameters.putAll(modifiableParameters);
        }
        //Return an unmodifiable collection because we need to uphold the interface contract.
        return Collections.unmodifiableMap(allParameters);
    }

    @Override
    public Enumeration<String> getParameterNames()
    {
        return Collections.enumeration(getParameterMap().keySet());
    }

    @Override
    public String[] getParameterValues(final String name)
    {
        return getParameterMap().get(name);
    }
}

and then in the CustomLogoutSuccessHandler, I add this targetUrl as the parameter like this: 然后在CustomLogoutSuccessHandler中,我将此targetUrl添加为如下参数: 

@Component
public class MyCustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {

    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {
       HttpServletRequest wrappedRequest = request;

        if (authentication != null) {
           //do something with the Principal and add the corresponding url
           Map<String, String[]> extraParams = new TreeMap<String, String[]>();
           extraParams.put("targetUrl", new String[] {"/target.xhtml"});
           wrappedRequest = new PrettyFacesWrappedRequest(request, extraParams);
           setTargetUrlParameter("targetUrl");
        }
        setDefaultTargetUrl("/general/main.xhtml");
        super.onLogoutSuccess(wrappedRequest, response, authentication);       
    }
}

and the relevant change to the applicationContext: 以及对applicationContext的相关更改: 

<http>
    <logout logout-url="/j_spring_security_logout"
                success-handler-ref="myCustomLogoutSuccessHandler"
                invalidate-session="true"/>
</http>
<beans:bean id="myCustomLogoutSuccessHandler" class="com.examples.MyCustomLogoutSuccessHandler"/>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从Spring MVC使用POST参数重定向到外部URL - Redirection to external URL with POST parameters from Spring MVC 动态| 基于用户案例的日志记录 - Dynamic | User case Based logging POST到GET重定向 - POST to GET Redirection Spring MVC url 重定向 - Spring MVC url redirection 如何防止用户注销后在地址栏中输入网址后应该获得登录页面 - How to prevent the user after logout when he enter the url in address bar he should get the login page 如何通过POST注销Angular / Spring - How to Logout in Angular / Spring by POST Spring 注销 GET 与 POST - Spring logout GET vs POST 注销后立即登录会导致重定向到主页 - Immediate signing in after logout causes redirection to home page 在自定义事件侦听器中注销用户 - Logout user in custom event listener CAS singleSignOutFilter 未捕获用户注销 - CAS singleSignOutFilter not Catching User Logout
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM