无法调用LogoutSuccessHandler - Spring Security

时间:2014-04-05 08:37:26

标签: java spring spring-mvc spring-security

我正在尝试实施自定义 Spring Security Logout处理程序。我的配置如下,但永远不会调用注销处理程序。

我有一个JSP,我将logout称为:

<a href="j_spring_security_logout">Logout</a>

在application-security.xml中,我有以下内容:

    <security:logout  invalidate-session="true"></security:logout>
    <security:logout logout-url="/logout" success-handler-ref="myCustomLogoutSuccessHandler"></security:logout>  


<beans:bean id="myCustomLogoutSuccessHandler"  class="com.inventory.security.MyCustomLogoutSuccessHandler"></beans:bean>

我也有一个自定义注销处理程序与定义:

public class MyCustomLogoutSuccessHandler extends
SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {

     @Override
        public void onLogoutSuccess
          (HttpServletRequest request, HttpServletResponse response, Authentication authentication) 
          throws IOException, ServletException {
         System.out.println("Principal: "+authentication.getPrincipal());
         System.out.println("Logout Called: MyCustomLogoutSuccessHandler");

            super.onLogoutSuccess(request, response, authentication);
        }
}

但这从未被召唤过。我错过了什么吗?

如果我将j_spring_security_logout更改为logout并为该URL创建我的自定义Controller,那么在这种情况下,代码适用于注销URL,但如何处理Spring Magic 注销

2 个答案:

答案 0 :(得分:2)

实际上,如果您继续使用标准的注销网址(myCustomLogoutSuccessHandler),而不是自定义注销网址j_spring_security_logout,则不清楚如何调用logout

从另一方面,有两个<security:logout>的原因是什么?

使用此配置是不够的:

<a href="j_spring_security_logout">Logout</a>
....
<security:logout invalidate-session="true" success-handler-ref="myCustomLogoutSuccessHandler"></security:logout>

请说明你的目的

答案 1 :(得分:0)

你没有在自定义注销处理程序中做特殊工作...... 由于它是一个简单的注销,因此以下注销将起作用....&gt;&gt;&gt;

<强>构造 

<security:logout logout-url="/logout" logout-success-url="/login.html" invalidate-session="true" delete-cookies="JSESSIONID" />
</security:http>

<强> HTML: 

<a style="margin-top: 4px;" href="/logout">log_out</a>

以获取您的信息: 

Attribute : logout-url
Specifies the URL that will cause a logout. Spring Security will initialize a filter that responds to this particular URL. 
 Defaults to /j_spring_security_logout if unspecified.

如果您没有指定属性 logout-url ,则默认为 / j_spring_security_logout ,这意味着您必须将 / j_spring_security_logout 放入你的html注销标签为

<a style="margin-top: 4px;" href="../j_spring_security_logout">log_out</a>

如果您指定相同的属性,则必须在config和html标签中放置相同的URL。赞。

<强>配置: 

<security:logout logout-url="/logout" logout-success-url="/login.html" invalidate-session="true" delete-cookies="JSESSIONID" />
</security:http>

<强> HTML: 

<a style="margin-top: 4px;" href="/logout">log_out</a>
相关问题
最新问题