我使用的是Spring Security,到目前为止,我设法使登录部分工作,但是对于注销我尝试实现LogoutSuccessHandler只是为了获得异常:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot create inner bean '(inner bean)' of type [org.springframework.security.web.authentication.logout.LogoutFilter] while setting constructor argument with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#2': Cannot resolve reference to bean 'customLogoutSuccesHandler' while setting constructor argument; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'customLogoutSuccesHandler' is defined
这就是我所做的:
的web.xml:
<!-- ================== SPRING SECURITY ===================== -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/applicationContext.xml
/WEB-INF/config/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- ================== LOGIN-CONFIG ===================== -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/login.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- ================== ERROR-PAGE ===================== -->
<error-page>
<error-code>400</error-code>
<location>/common/error.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/common/error.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/common/error.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/common/error.jsp</location>
</error-page>
<!-- ================== WELCOME-FILE-LIST ===================== -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
然后我在applicationContext.xml中添加了这个:
<bean id="customLogoutSuccessHandler" class="com.wplex.info.error.CustomLogoutSuccessHandler" />
我的applicatonContext-security.xml是这样的:
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http>
<intercept-url pattern="/register/**" access="ROLE_ADMINISTRATOR" />
<intercept-url pattern="/monitor/**" access="ROLE_ADMINISTRATOR" />
<intercept-url pattern="/operation/**" access="ROLE_ADMINISTRATOR" />
<intercept-url pattern="/register/companyList.jsp" access="ROLE_ADMINISTRATOR" />
<form-login login-page="/login/login.jsp"
always-use-default-target="true"
authentication-success-handler-ref="loginSuccessHandler"
/>
<logout logout-url="/login/login.jsp" success-handler-ref="customLogoutSuccesHandler" />
<remember-me />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="WplexInfoDS_Translitoral"
authorities-by-username-query="SELECT u.username, p.role
FROM users u, users_role p
WHERE u.id = p.id_user
AND u.username = ?"
users-by-username-query="SELECT username, password, 1
FROM users
WHERE username = ?" />
</authentication-provider>
</authentication-manager>
</b:beans>
CustomLogoutSuccessHandler.java
public class CustomLogoutSuccessHandler implements LogoutSuccessHandler
{
@Override
public void onLogoutSuccess(final HttpServletRequest httpServletRequest,
final HttpServletResponse httpServletResponse, final Authentication authentication)
throws IOException, ServletException
{
if (authentication != null && authentication.getDetails() != null)
{
try
{
httpServletRequest.getSession().invalidate();
System.out.println("User Successfully Logout");
}
catch (final Exception e)
{
e.printStackTrace();
}
}
httpServletResponse.setStatus(HttpServletResponse.SC_OK);
//redirect to login
httpServletResponse.sendRedirect("/login/login.jsp");
}
}