spring security 自定义注销处理程序

Question

如何在 spring-security 中将自己的注销处理程序添加到 LogoutFilter ？ 谢谢！

Answer 1

以下解决方案对我有用，可能会有所帮助：

扩展SimpleUrlLogoutSuccessHandler或实现LogoutHandler ：

 public class LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler { // Just for setting the default target URL public LogoutSuccessHandler(String defaultTargetURL) { this.setDefaultTargetUrl(defaultTargetURL); } @Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { // do whatever you want super.onLogoutSuccess(request, response, authentication); } }

添加到您的 Spring 安全配置：

 <security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" /> <bean id="logoutSuccessHandler" class="your.package.name.LogoutSuccessHandler" > <constructor-arg value="/putInYourDefaultTargetURLhere" /> </bean>

Answer 2

请参阅 Spring Security 论坛中这篇帖子中的答案：

XML 定义：

<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
    <custom-filter position="LOGOUT_FILTER"/>
    <beans:constructor-arg index="0" value="/logout.jsp"/>
    <beans:constructor-arg index="1">
        <beans:list>
            <beans:ref bean="securityContextLogoutHandler"/>
            <beans:ref bean="myLogoutHandler"/>
        </beans:list>
    </beans:constructor-arg>
</beans:bean>

<beans:bean id="securityContextLogoutHandler" class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>

<beans:bean id="myLogoutHandler" class="com.whatever.CustomLogoutHandler">
    <beans:property name="userCache" ref="userCache"/>
</beans:bean>

LogoutHandler 类：

public class CustomLogoutHandler implements LogoutHandler {
    private UserCache userCache;

    public void logout(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) {
        // ....
    }

    @Required
    public void setUserCache(final UserCache userCache) {
        this.userCache = userCache;
    }
}

Answer 3

您可以使用这样的 java-config 解决方案。


@Configuration
@EnableWebSecurity

public class SpringSecurity2Config extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
       //you can set other security config by call http.XXX()

        http
                .logout()
                .addLogoutHandler(new CustomLogoutHandler())
                .logoutUrl("/logout")
                .logoutSuccessHandler(...)
                .permitAll();

    }

    static class CustomLogoutHandler implements LogoutHandler {
        @Override
        public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
            //...

        }

    }

}

Answer 4

您应该使用<logout>元素的success-handler-ref属性：

<security:logout invalidate-session="true"
          success-handler-ref="myLogoutHandler"
          logout-url="/logout" />

作为替代解决方案，您可以在注销 URL 上配置自己的过滤器。

spring security 自定义注销处理程序

问题描述

4 个解决方案

解决方案1
22 2014-02-10 16:58:05

解决方案2
4 2012-02-08 19:12:12

XML 定义：

LogoutHandler 类：

解决方案3
0 2020-04-29 08:32:59

解决方案4
-1 2011-01-06 14:51:40

spring security 自定义注销处理程序

问题描述

4 个解决方案

解决方案1 22 2014-02-10 16:58:05

解决方案2 4 2012-02-08 19:12:12

XML 定义：

LogoutHandler 类：

解决方案3 0 2020-04-29 08:32:59

解决方案4 -1 2011-01-06 14:51:40

解决方案1
22 2014-02-10 16:58:05

解决方案2
4 2012-02-08 19:12:12

解决方案3
0 2020-04-29 08:32:59

解决方案4
-1 2011-01-06 14:51:40