让我们说我的退出网址是:app / logout。 我需要显示一条消息 - "您已成功注销"仅在通过登出注销按钮触发注销时才在注销页面中 如果用户直接输入此URL,则不应显示该消息。知道如何实现这个吗?
控制器:
@RequestMapping(value ="/logout", method = RequestMethod.GET)
public ModelAndView logout(HttpServletRequest request, HttpServletResponse response) {
ModelAndView model = new ModelAndView();
//some code here to distingish
model.addObject("msg", "You are succesfully logged out!");
model.setViewName("login");
return model;
}
弹簧security.xml文件:
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config="true" create-session="ifRequired" use-expressions="true">
<intercept-url pattern="/logout" access="IS_AUTHENTICATED_REMEMBERED"/>
<form-login
login-page="/login"
default-target-url="/home"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/logout" invalidate-session="true" delete-cookies="JSESSIONID"/>
<!-- enable csrf protection -->
<csrf/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="mkyong" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
答案 0 :(得分:1)
与Spring Security一样,我认为最简单的方法是使用spring security将/logout
限制为经过身份验证的用户。
使用命名空间:
<intercept-url pattern="/logout" access="IS_AUTHENTICATED_REMEMBERED"/>
使用Java配置,它将是:
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/logout").authenticated()
...
}
答案 1 :(得分:0)
添加 @RequestParam(value = "foo", required = false) Boolean foo
如果foo
存在且您的逻辑为