Question

我无法使用Spring Security LogoutSuccessHandler，但只能在我当前的项目中使用。以前，一切工作正常，但现在没有使用。

这是班级：

import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component("customLogoutSuccessHandler") //or implements LogoutSuccessHandler
public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
    @Override
    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        System.err.println("LOGOUT HANDLER HERE");
    }
}

这是我的xml配置

<security:http auto-config="false" >               
           <security:logout logout-url="/logout" success-handler-ref="customLogoutSuccessHandler"/>
           <security:form-login login-page="/login" default-target-url="/"/>
           <security:csrf/>
</security:http>

代码有什么问题？即使我已注销，onLogoutSuccess方法也永远不会运行：

@RequestMapping(value = "/logout")
public String logout(){
    SecurityContextHolder.clearContext();
    return "redirect:/";
}

为什么？

Answer 1

你在logout（）方法上做的不多，所以可能更容易删除它 - /logout是spring security中的默认注销URL，它应该为你服务（清除上下文）。您可能正在使用redirect:/

打破过滤器链

LogoutSuccessHandler不适用于Spring Security

1 个答案: