我有带弹簧安全4.2.3.RELEASE的网络应用程序。
安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/s/**").permitAll()
.antMatchers("/changePassword").permitAll()
.antMatchers("/changePasswordPerform").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.defaultSuccessUrl("/home", true)
.failureHandler(customAuthenticationHandler)
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
}
控制器
@RequestMapping(value = "/login")
public ModelAndView login(HttpServletRequest request,
@RequestParam(value = "logout", required = false) String logout) {
ModelAndView model = new ModelAndView();
if (logout != null) {
model.addObject("msg", "logout successfully");
}
model.setViewName("login-new");
return model;
}
一切正常(注销后我收到消息“注销成功”,页面是../login?logout)。现在我正在尝试审核我的注销事件。为此,我添加了
@Component
public class CustomLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
//audit logic here
String URL = request.getContextPath() + "/login?logout";
response.setStatus(HttpStatus.OK.value());
response.sendRedirect(URL);
}
}
并更改了我的安全配置
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
.logoutSuccessHandler(customLogoutSuccessHandler);
注销仍然有效,但现在我没有收到消息“注销成功”。注销页面是../login(不是../login?logout)。我怎样才能收到我的留言?