我已经实现了自己的 LogoutHandler,我正在尝试在 spring security xml 中配置它,但由于某种原因,它在注销时没有被调用(注销成功,但我的代码没有执行)。
这是我的 security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http use-expressions="true">
<security:intercept-url pattern="/logoutSuccess"
access="permitAll" />
<security:logout logout-url="/logout"
logout-success-url="/logoutSuccess" />
</security:http>
<bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg index="0" value="/logoutSuccess" />
<constructor-arg index="1">
<list>
<bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout" />
</bean>
MyLogoutHandler - 这是我想在注销时执行的,但它没有被调用:
import org.springframework.security.web.authentication.logout.LogoutHandler;
public class MyLogoutHandler implements LogoutHandler {
@Override
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
System.out.println("logout!");
}
}
有谁知道为什么它不起作用?谢谢!
最佳答案
因为您想使用自定义过滤器而不是 spring security 默认注销过滤器,请将此行添加到注销过滤器 bean
<security:custom-filter position="LOGOUT_FILTER"/>
或者在你的 spring 安全配置中添加这一行
<security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>
已编辑
<security:http use-expressions="true">
<security:intercept-url pattern="/logoutSuccess"
access="permitAll" />
<security:logout logout-url="/logout"
logout-success-url="/logoutSuccess" success-handler-ref="myLogoutHandler" />
</security:http>
<bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />
你也可以实现 LogoutSuccessHandler 接口(interface)而不是 LogoutHandler
编辑2
好的,所以如果您不想在注销完成后调用您的处理程序,请删除注销标记并在注销过滤器 bean 中设置所有内容
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg index="0" value="/logoutSuccess" />
<constructor-arg index="1">
<list>
<bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout" />
</bean>
并添加<security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>
关于java - 未调用 Spring 安全自定义 LogoutHandler,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20744272/