当前位置:theitroad>Java spring security 自定义注销处理程序

Java spring security 自定义注销处理程序

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/3112972/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-13 16:33:35  来源:igfitidea点击:

spring security customize logout handler

javaspringspring-security

提问by dev23

How can I add my own logout handler to LogoutFilter in spring-security ? Thanks!

如何在 spring-security 中将我自己的注销处理程序添加到 LogoutFilter ?谢谢!

回答by Boris Kirzner

You should use success-handler-refattribute of <logout>element:

您应该使用元素的success-handler-ref属性<logout>

<security:logout invalidate-session="true"
          success-handler-ref="myLogoutHandler"
          logout-url="/logout" />

As alternative solution you can configure your own filter on the logout URL.

作为替代解决方案,您可以在注销 URL 上配置自己的过滤器。

回答by ludovicc

See the answer in this postin the Spring Security Forum:

请参阅Spring Security 论坛中这篇帖子中的答案:

XML Definition:

XML 定义:

<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
    <custom-filter position="LOGOUT_FILTER"/>
    <beans:constructor-arg index="0" value="/logout.jsp"/>
    <beans:constructor-arg index="1">
        <beans:list>
            <beans:ref bean="securityContextLogoutHandler"/>
            <beans:ref bean="myLogoutHandler"/>
        </beans:list>
    </beans:constructor-arg>
</beans:bean>

<beans:bean id="securityContextLogoutHandler" class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>

<beans:bean id="myLogoutHandler" class="com.whatever.CustomLogoutHandler">
    <beans:property name="userCache" ref="userCache"/>
</beans:bean>

LogoutHandler class:

LogoutHandler 类:

public class CustomLogoutHandler implements LogoutHandler {
    private UserCache userCache;

    public void logout(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) {
        // ....
    }

    @Required
    public void setUserCache(final UserCache userCache) {
        this.userCache = userCache;
    }
}

回答by Christian Müller

The following solution works for me and may be helpful:

以下解决方案对我有用,可能会有所帮助:

  1. Extend the SimpleUrlLogoutSuccessHandleror implement the LogoutHandler:

    public class LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {

   // Just for setting the default target URL
   public LogoutSuccessHandler(String defaultTargetURL) {
        this.setDefaultTargetUrl(defaultTargetURL);
   }

   @Override
   public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        // do whatever you want
        super.onLogoutSuccess(request, response, authentication);
   }
}

  2. Add to your Spring Security Configuration:

    <security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
<bean id="logoutSuccessHandler" class="your.package.name.LogoutSuccessHandler" >
    <constructor-arg value="/putInYourDefaultTargetURLhere" />
</bean>

  1. 扩展SimpleUrlLogoutSuccessHandler或实现LogoutHandler

    public class LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {

   // Just for setting the default target URL
   public LogoutSuccessHandler(String defaultTargetURL) {
        this.setDefaultTargetUrl(defaultTargetURL);
   }

   @Override
   public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        // do whatever you want
        super.onLogoutSuccess(request, response, authentication);
   }
}

  2. 添加到您的 Spring 安全配置:

    <security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
<bean id="logoutSuccessHandler" class="your.package.name.LogoutSuccessHandler" >
    <constructor-arg value="/putInYourDefaultTargetURLhere" />
</bean>

回答by u8311273

You can use java-config solutions like this.

您可以使用这样的 java-config 解决方案。


@Configuration
@EnableWebSecurity

public class SpringSecurity2Config extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
       //you can set other security config by call http.XXX()

        http
                .logout()
                .addLogoutHandler(new CustomLogoutHandler())
                .logoutUrl("/logout")
                .logoutSuccessHandler(...)
                .permitAll();

    }

    static class CustomLogoutHandler implements LogoutHandler {
        @Override
        public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
            //...

        }

    }

}

相关推荐

Java 在excel文件中导出Jtable

Java 在excel文件中导出Jtable

Java servlet 是如何工作的?实例化、会话、共享变量和多线程

Java servlet 是如何工作的?实例化、会话、共享变量和多线程

Java 为什么 Android 更喜欢静态类

Java 为什么 Android 更喜欢静态类

Java 在 JAX-RS 2.0 客户端库中处理自定义错误响应

Java 在 JAX-RS 2.0 客户端库中处理自定义错误响应

相关推荐
最近更新
标签