[size=medium]Logout¶•退出登录的链接 <a href="${pageContext.request.contextPath}/j_spring_security_logout">退出登录</a>
•退出登录的过程
auto-config默认配置了LogoutFilter 过滤所有请求的URL中的代表注销的请求。默认的URL是/j_spring_security_logout. 1.使Session失效(Clear Session & Clear Remember me cookie)
2.Clear SecurityContext
3.重定向页面到退出登录成功的页面
•使用logout标签更详细的配置logout。
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/login" access="permitAll"/> <intercept-url pattern="/*" access="hasRole('ROLE_USER')" /> <form-login login-page="/login"/> <logout invalidate-session="true" logout-success-url="/" logout-url="/j_spring_security_logout"/> </http>1.invalidate-session 是Session失效
2.logout-sucess成功退出后重定向的URL
3.logut-url 执行退出登录的链接
•`LogoutHandler`todo
•LogoutSuccessHandler用来扩展实现登出成功的回调。
logout-success-url与logoutSuccessHandler属性只可以同时指定一个。
applicationContext-security.xml
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/login" access="permitAll"/> <intercept-url pattern="/*" access="hasRole('ROLE_USER')" /> <form-login login-page="/login"/> <logout invalidate-session="true" logout-url="/j_spring_security_logout" success-handler-ref="logoutSuccessHandler" /> </http> <beans:bean id="logoutSuccessHandler" class="org.ababe.spring_security.handler.LogoutSuccessHandler"/>org.ababe.spring_security.handler.LogoutSuccessHandler
package org.ababe.spring_security.handler; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.Authentication; public class LogoutSuccessHandler implements org.springframework.security.web.authentication.logout.LogoutSuccessHandler{ public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { if(authentication != null){ System.out.print(authentication.getName() + "Logout"); } response.sendRedirect(request.getContextPath()); } }[/size]
【转载地址】http://code.google.com/p/bounding/wiki/SpringSecurity3_Logout
•退出登录的过程
auto-config默认配置了LogoutFilter 过滤所有请求的URL中的代表注销的请求。默认的URL是/j_spring_security_logout. 1.使Session失效(Clear Session & Clear Remember me cookie)
2.Clear SecurityContext
3.重定向页面到退出登录成功的页面
•使用logout标签更详细的配置logout。
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/login" access="permitAll"/> <intercept-url pattern="/*" access="hasRole('ROLE_USER')" /> <form-login login-page="/login"/> <logout invalidate-session="true" logout-success-url="/" logout-url="/j_spring_security_logout"/> </http>1.invalidate-session 是Session失效
2.logout-sucess成功退出后重定向的URL
3.logut-url 执行退出登录的链接
•`LogoutHandler`todo
•LogoutSuccessHandler用来扩展实现登出成功的回调。
logout-success-url与logoutSuccessHandler属性只可以同时指定一个。
applicationContext-security.xml
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/login" access="permitAll"/> <intercept-url pattern="/*" access="hasRole('ROLE_USER')" /> <form-login login-page="/login"/> <logout invalidate-session="true" logout-url="/j_spring_security_logout" success-handler-ref="logoutSuccessHandler" /> </http> <beans:bean id="logoutSuccessHandler" class="org.ababe.spring_security.handler.LogoutSuccessHandler"/>org.ababe.spring_security.handler.LogoutSuccessHandler
package org.ababe.spring_security.handler; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.Authentication; public class LogoutSuccessHandler implements org.springframework.security.web.authentication.logout.LogoutSuccessHandler{ public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { if(authentication != null){ System.out.print(authentication.getName() + "Logout"); } response.sendRedirect(request.getContextPath()); } }[/size]
【转载地址】http://code.google.com/p/bounding/wiki/SpringSecurity3_Logout