Spring中的自定义注销

时间:2014-02-27 14:34:55

标签: java spring spring-security

我是春天的新人,我正在尝试添加

<security:logout invalidate-session="true" success-handler-ref="myLogoutHandler" logout-url="/logout" />
在Spring Security配置中

但我收到错误

vc-complex-type.3.2.2: Attribute 'success-handler-ref' is not allowed to appear in element 'security:logout'.

如何解决这个问题?

我的文件看起来像这样

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">

    <security:global-method-security />

    <security:http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
        <security:intercept-url pattern="/index.jsp" filters="none" />
        <security:intercept-url pattern="/*.action" access="ROLE_USER" />
        <security:logout logout-success-url="/index.jsp" invalidate-session="true" logout-url="/logout" />
        <security:logout invalidate-session="true" success-handler-ref="myLogoutHandler" logout-url="/logout" />


    </security:http>

    <bean id="authenticationProcessingFilter" class="com.loiane.security.MyAuthenticationProcessingFilter">
        <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
        <property name="defaultTargetUrl" value="/main.html" />
        <property name="authenticationManager" ref="authenticationManager" />
    </bean>



    <security:authentication-manager alias="authenticationManager" />

    <bean id="authenticationProcessingFilterEntryPoint"
        class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="/index.jsp" />
        <property name="forceHttps" value="false" />
    </bean>

    <!--
    Usernames/Passwords are
        rod/koala
        dianne/emu
        scott/wombat
        peter/opal
    These passwords are from spring security app example    
    -->

    <security:authentication-provider>
        <security:password-encoder hash="md5"/>
        <security:user-service>
            <security:user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
            <security:user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
            <security:user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
            <security:user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
        </security:user-service>
    </security:authentication-provider>
</beans>

2 个答案:

答案 0 :(得分:0)

您已声明'security:logout'两次(两行不同)。

此外,根据架构,'logout'下不允许'success-handler-ref'。这就是你得到错误的原因。

前一段时间,I've written a short doc about Spring's Logout。这可能有所帮助。

答案 1 :(得分:0)

架构http://www.springframework.org/schema/security/spring-security-2.0.xsd适用于Spring 2.0版。此版本的Spring Security中不存在属性success-handler-ref。替换为http://www.springframework.org/schema/security/spring-security-3.2.xsd。这假设您使用的是Spring Security 3.2。

如果您使用的是Spring Security 2.0,则应考虑更新,因为2.0已过期。