我正在使用Spring安全Java配置,并希望知道一种实现多个URL注销的方法,即:
logout().logoutRequestMatcher(new
AntPathRequestMatcher("/invalidate")).logoutUrl("/logout");
在这段代码中,正常的注销URL "/logout" 可以正常工作并且是POST请求,但我也想让用户通过"/invalidate"注销,但似乎不起作用。
我正在使用Spring安全Java配置,并希望知道一种实现多个URL注销的方法,即:
logout().logoutRequestMatcher(new
AntPathRequestMatcher("/invalidate")).logoutUrl("/logout");
<security:logout logout-url="/logout" success-handler-ref="logoutHandler"/>
@Component("logoutHandler")
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request,HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
if(request.getParameter("msgShow") != null && request.getParameter("msgShow").equals("false")){
redirectResponse(request, response, "http://" + request.getServerName() + ":" + request.getServerPort() + "/my_web_app/home?logout=false");
}
else{
redirectResponse(request, response,"http://" + request.getServerName() + ":" + request.getServerPort() + "/my_web_app/home?logout=true");
}
}
private void redirectResponse(HttpServletRequest request, HttpServletResponse response, String destination) {
response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
response.setHeader("Location", destination);
}
}
@Component
注释+在安全配置文件中添加下面的2个语句:<context:annotation-config />
<context:component-scan base-package="package.to.logout.handler" />
@Controller
public class LogoutController {
final String logoutRedirectUrl = "redirect:http://yourredirect.xy";
@RequestMapping("/logout")
public String logout1(HttpServletRequest request) throws ServletException {
request.logout();
return logoutRedirectUrl;
}
@RequestMapping("/second/logout/")
public String logout2(HttpServletRequest request) throws ServletException {
request.logout();
return logoutRedirectUrl;
}
}
一个小提示,实际匹配应该得到改进。
List logoutUrls = Arrays.asList( "/rest/logout1", "/rest/logout2" ); RequestMatcher rm = new RequestMatcher() { @Override public boolean matches(HttpServletRequest request) { String uriStr = request.getRequestURI().toString(); return logoutUrls.stream() .filter(lu -> uriStr.contains(lu)) .findFirst() .isPresent(); } };
然后注册请求匹配器:
http.logout(logout -> logout.logoutRequestMatcher(rm));
.logoutUrl("/logout")
的调用会覆盖之前设置的/invalidate
路径。 - Juzer Ali