1. 首頁
  2. 問答
  3. 春季安全自定義LogoutHandler不叫

春季安全自定義LogoutHandler不叫

2013-12-23 119 views
5

我已經實現了我自己的LogoutHandler,我試圖在春季安全xml中配置它,但由於某種原因它沒有在註銷時被調用(註銷成功,但我的代碼isn沒有執行)。春季安全自定義LogoutHandler不叫

這是我的security.xml:

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" 
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

<security:http use-expressions="true"> 
    <security:intercept-url pattern="/logoutSuccess" 
     access="permitAll" /> 

<security:logout logout-url="/logout" 
     logout-success-url="/logoutSuccess" /> 
</security:http> 

<bean id="logoutFilter" 
    class="org.springframework.security.web.authentication.logout.LogoutFilter"> 
    <constructor-arg index="0" value="/logoutSuccess" /> 
    <constructor-arg index="1"> 
     <list> 
      <bean id="securityContextLogoutHandler" 
       class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /> 
      <bean id="myLogoutHandler" class="my.package.MyLogoutHandler" /> 
     </list> 
    </constructor-arg> 
    <property name="filterProcessesUrl" value="/logout" /> 
</bean>

MyLogoutHandler - 這是我想在註銷執行什麼,但它沒有被稱爲:

import org.springframework.security.web.authentication.logout.LogoutHandler; 

public class MyLogoutHandler implements LogoutHandler { 

@Override 
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { 

    System.out.println("logout!"); 

    } 
}

沒有人有任何想法爲什麼它不工作?謝謝!

來源

2013-12-23 Ayelet

回答

8

當你想用你的自定義過濾器,而不是春季安全默認註銷過濾,加入這一行註銷過濾豆

<security:custom-filter position="LOGOUT_FILTER"/>

或在你的春季安全配置加入這一行

<security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>

Editted

<security:http use-expressions="true"> 
    <security:intercept-url pattern="/logoutSuccess" 
     access="permitAll" /> 

<security:logout logout-url="/logout" 
     logout-success-url="/logoutSuccess" success-handler-ref="myLogoutHandler" /> 
</security:http> 
    <bean id="myLogoutHandler" class="my.package.MyLogoutHandler" />

還可以實現LogoutSuccessHandler接口而不是LogoutHandler

EDIT2

好了,如果你不想打電話給你的處理程序註銷完成後,除去註銷標記和註銷過濾豆設置應有盡有

<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> 
    <constructor-arg index="0" value="/logoutSuccess" /> 
    <constructor-arg index="1"> 
     <list> 
      <bean id="securityContextLogoutHandler" 
      class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /> 
     <bean id="myLogoutHandler" class="my.package.MyLogoutHandler" /> 
     </list> 
    </constructor-arg> 
    <property name="filterProcessesUrl" value="/logout" /> 
</bean>

並添加<security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>

來源

2013-12-23 14:23:17 coder

+0

謝謝,但是當我把它添加到註銷過濾豆,我得到以下錯誤: CVC-複雜type.2.4.a:在有效內容從元素'custom-filter'開始發現 當我嘗試安全配置時,運行tomcat時出現以下錯誤: 配置問題:過濾bean''和'Root bean:class [ org.springframework.security.web.authentication.logout.LogoutFilter]; ...具有相同的「訂單」價值。 – Ayelet

+0

你可以發佈錯誤的詳細信息,也請嘗試,即在自定義過濾器標籤之前添加安全名稱空間 – coder

+0

我嘗試了在bean內部,但得到此錯誤: 配置問題:安全名稱空間不支持修飾元素[custom-filter] – Ayelet

相關問題

 相關問題