session和logout都配置的时候,logout成功后会跑到/account/invalidSession(logout 默认invalidate-session="true")而不是/account/login。invalid-session-url会覆盖logout-success-url。
<session-management invalid-session-url="/account/invalidSession"></session-management>
<logout logout-url="/account/logout" logout-success-url="/account/login"/>
解决办法:
1)去掉session配置。
2)logout配置 设置invalidate-session="false"
或者logout配置 success-handler-ref="customSuccessLogout" 自定义handler。与 logout-success-url配置冲突,使用一种。
<http auto-config="false">
<logout logout-url="/account/logout" success-handler-ref="customSuccessLogout"/>
</http>
<beans:bean id="customSuccessLogout" class="com.CustomSuccessLogoutHandler"></beans:bean>
CustomSuccessLogoutHandler:
public class CustomSuccessLogoutHandler extends SimpleUrlLogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
// TODO Auto-generated method stub
response.sendRedirect("account/login");
}
}