LogoutSuccessHandler 不适用于 Spring 安全
LogoutSuccessHandler doesn't work for Spring Security
我不能使用 Spring Security LogoutSuccessHandler 但只能在我当前的项目中使用。以前一切正常,但现在不使用了。
这是class:
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component("customLogoutSuccessHandler") //or implements LogoutSuccessHandler
public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
System.err.println("LOGOUT HANDLER HERE");
}
}
这是我的 xml 配置
<security:http auto-config="false" >
<security:logout logout-url="/logout" success-handler-ref="customLogoutSuccessHandler"/>
<security:form-login login-page="/login" default-target-url="/"/>
<security:csrf/>
</security:http>
代码有什么问题? onLogoutSuccess 方法永远不会 运行 即使我已注销:
@RequestMapping(value = "/logout")
public String logout(){
SecurityContextHolder.clearContext();
return "redirect:/";
}
为什么?
您在 logout() 方法中没有做太多事情,所以删除它可能更容易 - /logout 是 spring 安全性中的默认注销 url,它应该服务它(清除上下文)为您服务。您可能正在使用 redirect:/
破坏过滤器链
我不能使用 Spring Security LogoutSuccessHandler 但只能在我当前的项目中使用。以前一切正常,但现在不使用了。
这是class:
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component("customLogoutSuccessHandler") //or implements LogoutSuccessHandler
public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
System.err.println("LOGOUT HANDLER HERE");
}
}
这是我的 xml 配置
<security:http auto-config="false" >
<security:logout logout-url="/logout" success-handler-ref="customLogoutSuccessHandler"/>
<security:form-login login-page="/login" default-target-url="/"/>
<security:csrf/>
</security:http>
代码有什么问题? onLogoutSuccess 方法永远不会 运行 即使我已注销:
@RequestMapping(value = "/logout")
public String logout(){
SecurityContextHolder.clearContext();
return "redirect:/";
}
为什么?
您在 logout() 方法中没有做太多事情,所以删除它可能更容易 - /logout 是 spring 安全性中的默认注销 url,它应该服务它(清除上下文)为您服务。您可能正在使用 redirect:/