基於用戶的動態發佈登出重定向網址？

Question

我想知道如何使用自定義註銷處理程序實現註銷註銷重定向。我實現了一個CustomLogoutSuccessHandler，但我也沒有辦法關閉已先前設定好的誰已經登錄的用戶訪問HTTP會話數據，這些數據常是空的......

class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler { 

    private static final ThreadLocal<Authentication> AUTH_HOLDER = new ThreadLocal<Authentication>() 

    void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { 
     AUTH_HOLDER.set authentication 

     // reading session variable... 
     request.session?.variable // but this is always empty 

     try { 
      super.handle(request, response, authentication) 
     } 
     finally { 
      AUTH_HOLDER.remove() 
     } 
    } 

    @Override 
    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { 
     Authentication auth = AUTH_HOLDER.get() 

     String url = super.determineTargetUrl(request, response) 

     // do something with the url based on session data.. 

     url 
    } 
} 

Answer 1

我不知道是否有任何簡單的方法來做到這一點，但提出了下面的解決方案。

您所要做的就是在LogoutSuccessHandler中設置setTargetUrlParameter。爲此，我使用了由林肯巴克斯特編寫的HttpServletRequestWrapper的實現，III here爲當前請求添加參數。這是相關的代碼。

public class PrettyFacesWrappedRequest extends HttpServletRequestWrapper 
{ 
    private final Map<String, String[]> modifiableParameters; 
    private Map<String, String[]> allParameters = null; 

    /** 
    * Create a new request wrapper that will merge additional parameters into 
    * the request object without prematurely reading parameters from the 
    * original request. 
    * 
    * @param request 
    * @param additionalParams 
    */ 
    public PrettyFacesWrappedRequest(final HttpServletRequest request, 
                final Map<String, String[]> additionalParams) 
    { 
     super(request); 
     modifiableParameters = new TreeMap<String, String[]>(); 
     modifiableParameters.putAll(additionalParams); 
    } 

    @Override 
    public String getParameter(final String name) 
    { 
     String[] strings = getParameterMap().get(name); 
     if (strings != null) 
     { 
      return strings[0]; 
     } 
     return super.getParameter(name); 
    } 

    @Override 
    public Map<String, String[]> getParameterMap() 
    { 
     if (allParameters == null) 
     { 
      allParameters = new TreeMap<String, String[]>(); 
      allParameters.putAll(super.getParameterMap()); 
      allParameters.putAll(modifiableParameters); 
     } 
     //Return an unmodifiable collection because we need to uphold the interface contract. 
     return Collections.unmodifiableMap(allParameters); 
    } 

    @Override 
    public Enumeration<String> getParameterNames() 
    { 
     return Collections.enumeration(getParameterMap().keySet()); 
    } 

    @Override 
    public String[] getParameterValues(final String name) 
    { 
     return getParameterMap().get(name); 
    } 
} 

，然後在CustomLogoutSuccessHandler，我添加此targetUrl這個作爲參數是這樣的：

@Component 
public class MyCustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler { 

    @Override 
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, 
      Authentication authentication) throws IOException, ServletException { 
     HttpServletRequest wrappedRequest = request; 

     if (authentication != null) { 
      //do something with the Principal and add the corresponding url 
      Map<String, String[]> extraParams = new TreeMap<String, String[]>(); 
      extraParams.put("targetUrl", new String[] {"/target.xhtml"}); 
      wrappedRequest = new PrettyFacesWrappedRequest(request, extraParams); 
      setTargetUrlParameter("targetUrl"); 
     } 
     setDefaultTargetUrl("/general/main.xhtml"); 
     super.onLogoutSuccess(wrappedRequest, response, authentication);  
    } 
} 

及相關變化對ApplicationContext：

<http> 
    <logout logout-url="/j_spring_security_logout" 
       success-handler-ref="myCustomLogoutSuccessHandler" 
       invalidate-session="true"/> 
</http> 
<beans:bean id="myCustomLogoutSuccessHandler" class="com.examples.MyCustomLogoutSuccessHandler"/>