如何生成注销处理方法
How to Generate Logout Processing Method
我正在尝试创建一种方法来处理 spring 安全性中的注销操作。
我也在尝试在 SecurityConfig 中执行此操作 without overriding the configure() method。
登录控制器
@RequestMapping(value = "/logout")
public String logoutDo(HttpServletRequest request, HttpServletResponse response) {
HttpSession session = request.getSession(false);
SecurityContextHolder.clearContext();
if (session != null) {
session.invalidate();
}
for (Cookie cookie : request.getCookies()) {
cookie.setMaxAge(0);
}
// update database here
return "logout";
}
}
homepage.jsp
<c:url var="logoutUrl" value="/logout" />
<a href="${logoutUrl}">Logout</a>
项目结构
点击注销后的输出link
我想知道为什么在单击 logout link 后没有执行 logoutDo() 方法。
是否有任何默认注销过程覆盖此过程?
请帮忙。谢谢。
注销是 handled by a filter,如果调用,则结束过滤器链和 returns 响应(通常是重定向)
完成的
摘自 Spring 安全的 LogoutFilter
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (requiresLogout(request, response)) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (logger.isDebugEnabled()) {
logger.debug("Logging out user '" + auth
+ "' and transferring to logout destination");
}
this.handler.logout(request, response, auth);
logoutSuccessHandler.onLogoutSuccess(request, response, auth);
return;
}
chain.doFilter(request, response);
}
也就是说,您始终可以禁用 Spring 安全的注销功能
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.logout()
.disable()
;
}
}
我正在尝试创建一种方法来处理 spring 安全性中的注销操作。
我也在尝试在 SecurityConfig 中执行此操作 without overriding the configure() method。
登录控制器
@RequestMapping(value = "/logout")
public String logoutDo(HttpServletRequest request, HttpServletResponse response) {
HttpSession session = request.getSession(false);
SecurityContextHolder.clearContext();
if (session != null) {
session.invalidate();
}
for (Cookie cookie : request.getCookies()) {
cookie.setMaxAge(0);
}
// update database here
return "logout";
}
}
homepage.jsp
<c:url var="logoutUrl" value="/logout" />
<a href="${logoutUrl}">Logout</a>
项目结构
点击注销后的输出link
我想知道为什么在单击 logout link 后没有执行 logoutDo() 方法。
是否有任何默认注销过程覆盖此过程?
请帮忙。谢谢。
注销是 handled by a filter,如果调用,则结束过滤器链和 returns 响应(通常是重定向)
完成的摘自 Spring 安全的 LogoutFilter
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (requiresLogout(request, response)) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (logger.isDebugEnabled()) {
logger.debug("Logging out user '" + auth
+ "' and transferring to logout destination");
}
this.handler.logout(request, response, auth);
logoutSuccessHandler.onLogoutSuccess(request, response, auth);
return;
}
chain.doFilter(request, response);
}
也就是说,您始终可以禁用 Spring 安全的注销功能
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.logout()
.disable()
;
}
}