前言:上一章对认证成功失败进行处理
本章为:登录成功后注销的配置与操作处理:
还是在主配置文件WebSecurityConfigurerAdapter中进行:
从表单认证注销begin开始:
package com.wyb.config;
import com.wyb.security.WebAuthenticationFailureHandler;
import com.wyb.security.WebAuthenticationSuccessHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//权限请求设置
http.authorizeRequests()
//放行该路径请求
.antMatchers("/hello").permitAll()
//拦截未被放行的所有请求,所有请求拦截一定要放在放行的下面
.anyRequest().authenticated()
.and()
/**
* 表单登录认证begin
*/
.formLogin()
// .loginPage("")//自定义登录界面覆盖默认的登录页面 必须指定处理url
.loginProcessingUrl("/doLogin")//处理登录请求的url
//自定义登录参数,进入formLogin()中在FormLoginConfigurer中可以看到security默认的登录参数
//默认username,password
//登录时需要请求/doLogin?uname=a123&pword=123
.usernameParameter("uname")
.passwordParameter("pword")
// //认证成功的返回处理下章再讲
.successHandler(new WebAuthenticationSuccessHandler())
//认证失败的返回处理
.failureHandler(new WebAuthenticationFailureHandler())
//认证成功forword跳转路径 路径不变
// .successForwardUrl("/hello")
//默认认证成功跳转 重定向 2参数总是跳转
// .defaultSuccessUrl("", true)
//失败认证url
// .failureUrl("")
/**
* 表单登录认证end
*/
/**
* 表单认证注销begin
*/
.and()
.logout()
//自定义注销的url
//.logoutUrl("/out")
//多配置退出url
.logoutRequestMatcher(new OrRequestMatcher(
new AntPathRequestMatcher("/a", "GET"),
new AntPathRequestMatcher("/aBN", "POST")))
//默认会话失效
.invalidateHttpSession(true)
//默认清楚认证标记
.clearAuthentication(true)
//表单注销后的处理跳转的url
// .logoutSuccessHandler("/out.html")
/**
* 表单认证注销end
*/
.and().csrf().disable();
}
}
使用springsecurity 默认的/logout URL退出
注销后的处理:
package com.wyb.seurity;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
public class WebLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Authentication authentication) throws IOException, ServletException {
httpServletResponse.setContentType("application/json;charset=UTF-8");
HashMap<String, Object> hashMap = new HashMap<>();
hashMap.put("msg","登录注销");
hashMap.put("authentication",authentication);
System.out.println("登录注销:"+authentication.getDetails());
String s = new ObjectMapper().writeValueAsString(hashMap);
httpServletResponse.getWriter().println(s);
}
}
需要进行配置设置
//表单注销后的处理
.logoutSuccessHandler(new WebLogoutSuccessHandler())
使用自定义url退出
注销成功: