[英]Spring Security Java Config Custom Logout Handler Not Working
[英]spring security customize logout handler
如何在 spring-security 中将自己的注销处理程序添加到 LogoutFilter ? 谢谢!
以下解决方案对我有用,可能会有所帮助:
扩展SimpleUrlLogoutSuccessHandler或实现LogoutHandler :
public class LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler { // Just for setting the default target URL public LogoutSuccessHandler(String defaultTargetURL) { this.setDefaultTargetUrl(defaultTargetURL); } @Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { // do whatever you want super.onLogoutSuccess(request, response, authentication); } }
添加到您的 Spring 安全配置:
<security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" /> <bean id="logoutSuccessHandler" class="your.package.name.LogoutSuccessHandler" > <constructor-arg value="/putInYourDefaultTargetURLhere" /> </bean>
请参阅 Spring Security 论坛中这篇帖子中的答案:
<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
<custom-filter position="LOGOUT_FILTER"/>
<beans:constructor-arg index="0" value="/logout.jsp"/>
<beans:constructor-arg index="1">
<beans:list>
<beans:ref bean="securityContextLogoutHandler"/>
<beans:ref bean="myLogoutHandler"/>
</beans:list>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="securityContextLogoutHandler" class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
<beans:bean id="myLogoutHandler" class="com.whatever.CustomLogoutHandler">
<beans:property name="userCache" ref="userCache"/>
</beans:bean>
public class CustomLogoutHandler implements LogoutHandler {
private UserCache userCache;
public void logout(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) {
// ....
}
@Required
public void setUserCache(final UserCache userCache) {
this.userCache = userCache;
}
}
您可以使用这样的 java-config 解决方案。
@Configuration
@EnableWebSecurity
public class SpringSecurity2Config extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//you can set other security config by call http.XXX()
http
.logout()
.addLogoutHandler(new CustomLogoutHandler())
.logoutUrl("/logout")
.logoutSuccessHandler(...)
.permitAll();
}
static class CustomLogoutHandler implements LogoutHandler {
@Override
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
//...
}
}
}
您应该使用<logout>
元素的success-handler-ref
属性:
<security:logout invalidate-session="true"
success-handler-ref="myLogoutHandler"
logout-url="/logout" />
作为替代解决方案,您可以在注销 URL 上配置自己的过滤器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.