我在自定义的 logoutSuccesshandler 中始终获取到 null 的 Authentication 对象,不确定问题出在哪里。:(
这是 spring-security 文件:
<sec:http auto-config="true" entry-point-ref="ssoProcessingFilterEntryPoint"
access-decision-manager-ref="affirmativeBased">
<sec:intercept-url pattern="/afterAuthn/**" access="${spring.security.role}" />
<sec:intercept-url pattern="/tenancy/**" access="${spring.security.role}" />
<!-- Add permissions to specific URLS - i.e. IAM.User.Read for /resources/** -->
<sec:intercept-url pattern="/**"
access="${default.permission}" />
<sec:logout invalidate-session="true" delete-cookies="true"
success-handler-ref="customLogoutSuccessHandler" />
<sec:custom-filter ref="ssoAuthenticationFilter"
position="PRE_AUTH_FILTER" />
<sec:session-management>
<sec:concurrency-control max-sessions="1" />
</sec:session-management>
</sec:http>
..
<bean id="customLogoutSuccessHandler"
class="usermgmt.service.CustomLogoutSuccessHandler">
<property name="defaultLogoutSuccessUrl" value="${service.provider.logout.success.url}"/>
</bean>
我的自定义类处理程序:
public class CustomLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
if (authentication == null) {
System.out.println("NULL");
} else {
System.out.println("NOT NULL");
}
}}
在这里,认证始终为NULL,Spring安全版本为3.1.0.RELEASE。