spring security customize logout handler

前端未结

关注

 4  2102

谎友^

How can I add my own logout handler to LogoutFilter in spring-security ? Thanks!

相关标签:

4条回答

攒了一身酷

2020-12-15 05:35

You can use java-config solutions like this.


@Configuration
@EnableWebSecurity

public class SpringSecurity2Config extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
       //you can set other security config by call http.XXX()

        http
                .logout()
                .addLogoutHandler(new CustomLogoutHandler())
                .logoutUrl("/logout")
                .logoutSuccessHandler(...)
                .permitAll();

    }

    static class CustomLogoutHandler implements LogoutHandler {
        @Override
        public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
            //...

        }

    }

}

0 讨论(0)

半阙折子戏

2020-12-15 05:36

The following solution works for me and may be helpful:

Extend the SimpleUrlLogoutSuccessHandler or implement the LogoutHandler:

public class LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {

   // Just for setting the default target URL
   public LogoutSuccessHandler(String defaultTargetURL) {
        this.setDefaultTargetUrl(defaultTargetURL);
   }

   @Override
   public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        // do whatever you want
        super.onLogoutSuccess(request, response, authentication);
   }
}

Add to your Spring Security Configuration:

<security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
<bean id="logoutSuccessHandler" class="your.package.name.LogoutSuccessHandler" >
    <constructor-arg value="/putInYourDefaultTargetURLhere" />
</bean>

0 讨论(0)

不知归路

2020-12-15 05:53

See the answer in this post in the Spring Security Forum:

XML Definition:

<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
    <custom-filter position="LOGOUT_FILTER"/>
    <beans:constructor-arg index="0" value="/logout.jsp"/>
    <beans:constructor-arg index="1">
        <beans:list>
            <beans:ref bean="securityContextLogoutHandler"/>
            <beans:ref bean="myLogoutHandler"/>
        </beans:list>
    </beans:constructor-arg>
</beans:bean>

<beans:bean id="securityContextLogoutHandler" class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>

<beans:bean id="myLogoutHandler" class="com.whatever.CustomLogoutHandler">
    <beans:property name="userCache" ref="userCache"/>
</beans:bean>

LogoutHandler class:

public class CustomLogoutHandler implements LogoutHandler {
    private UserCache userCache;

    public void logout(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) {
        // ....
    }

    @Required
    public void setUserCache(final UserCache userCache) {
        this.userCache = userCache;
    }
}

0 讨论(0)

旧时难觅i

2020-12-15 05:56
You should use success-handler-ref attribute of <logout> element:
```
<security:logout invalidate-session="true"
          success-handler-ref="myLogoutHandler"
          logout-url="/logout" />
```
As alternative solution you can configure your own filter on the logout URL.
0 讨论(0)
发布评论:

提交评论
- 加载中...