Aye*_*let 5 java spring spring-security
我已经实现了我自己的LogoutHandler并且我正在尝试在spring security xml中配置它,但由于某种原因它没有在注销时调用(注销成功,但我的代码没有被执行).
这是我的security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http use-expressions="true">
<security:intercept-url pattern="/logoutSuccess"
access="permitAll" />
<security:logout logout-url="/logout"
logout-success-url="/logoutSuccess" />
</security:http>
<bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg index="0" value="/logoutSuccess" />
<constructor-arg index="1">
<list>
<bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout" />
</bean>
MyLogoutHandler - 这是我想要在注销时执行的,但它没有被调用:
import org.springframework.security.web.authentication.logout.LogoutHandler;
public class MyLogoutHandler implements LogoutHandler {
@Override
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
System.out.println("logout!");
}
}
有谁知道它为什么不起作用?谢谢!
由于您要使用自定义过滤器而不是spring security default log out过滤器,请将此行添加到logout过滤器bean
<security:custom-filter position="LOGOUT_FILTER"/>
或者在spring security配置中添加此行
<security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>
Editted
<security:http use-expressions="true">
<security:intercept-url pattern="/logoutSuccess"
access="permitAll" />
<security:logout logout-url="/logout"
logout-success-url="/logoutSuccess" success-handler-ref="myLogoutHandler" />
</security:http>
<bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />
您还可以实现LogoutSuccessHandler接口而不是LogoutHandler
EDIT2
好的,所以如果你不想在注销完成后调用你的处理程序,删除注销标记并在注销过滤器bean中设置所有内容
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg index="0" value="/logoutSuccess" />
<constructor-arg index="1">
<list>
<bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout" />
</bean>
并添加 <security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>
| 归档时间: |
|
| 查看次数: |
9663 次 |
| 最近记录: |