spring-security.xml配置如下:
<security:http use-expressions="true">
<!-- 顺序不能乱 ,按照从上往下依次过滤 -->
<!-- 默认不过滤的url(不需要登录) -->
<security:intercept-url pattern="/ps_service/index.jsp" access="permitAll"/>
<security:intercept-url pattern="/ps_service/login.do" access="permitAll"/>
<security:intercept-url pattern="/ps_service/loginfailed.do" access="permitAll"/>
<!--<security:intercept-url pattern="/cs/404.html" access="permitAll"/>-->
<!--<security:intercept-url pattern="/favicon.ico" access="permitAll"/>--><!--过滤浏览器自动发起的链接-->
<!-- 除/admin/*(web.xml中)和permitAll外,任何url都要拦截 -->
<security:intercept-url pattern="/**" access="authenticated"/>
<!-- 登录认证 -->
<security:form-login login-page="/ps_service/login.do"
authentication-failure-url="/ps_service/loginfailed.do"
username-parameter="sescs_username"
password-parameter="sescs_password"
default-target-url="/"
always-use-default-target="false"/>
<!--过滤该用户没有权限访问的URL,即如果有权限就可访问用户请求的URL,没有权限就返回错误 -->
<security:custom-filter after="FILTER_SECURITY_INTERCEPTOR" ref="filterUrl"/>
<!-- logout-success-url:成功注销后跳转到的页面; -->
<security:logout logout-url="/ps_service/j_spring_security_logout" logout-success-url="/ps_service/login.do"/>
<!-- session管理,invalid-session-url重定向,指定使用已经超时的sessionId进行请求需要重定向的页面-->
<security:session-management invalid-session-url="/ps_service/login.do"/>
</security:http>
<!-- 顺序不能乱 ,按照从上往下依次过滤 -->
<!-- 默认不过滤的url(不需要登录) -->
<security:intercept-url pattern="/ps_service/index.jsp" access="permitAll"/>
<security:intercept-url pattern="/ps_service/login.do" access="permitAll"/>
<security:intercept-url pattern="/ps_service/loginfailed.do" access="permitAll"/>
<!--<security:intercept-url pattern="/cs/404.html" access="permitAll"/>-->
<!--<security:intercept-url pattern="/favicon.ico" access="permitAll"/>--><!--过滤浏览器自动发起的链接-->
<!-- 除/admin/*(web.xml中)和permitAll外,任何url都要拦截 -->
<security:intercept-url pattern="/**" access="authenticated"/>
<!-- 登录认证 -->
<security:form-login login-page="/ps_service/login.do"
authentication-failure-url="/ps_service/loginfailed.do"
username-parameter="sescs_username"
password-parameter="sescs_password"
default-target-url="/"
always-use-default-target="false"/>
<!--过滤该用户没有权限访问的URL,即如果有权限就可访问用户请求的URL,没有权限就返回错误 -->
<security:custom-filter after="FILTER_SECURITY_INTERCEPTOR" ref="filterUrl"/>
<!-- logout-success-url:成功注销后跳转到的页面; -->
<security:logout logout-url="/ps_service/j_spring_security_logout" logout-success-url="/ps_service/login.do"/>
<!-- session管理,invalid-session-url重定向,指定使用已经超时的sessionId进行请求需要重定向的页面-->
<security:session-management invalid-session-url="/ps_service/login.do"/>
</security:http>
在上面配置中有
<!-- logout-success-url:成功注销后跳转到的页面; -->
<security:logout logout-url="/ps_service/j_spring_security_logout" logout-success-url="/ps_service/login.do"/>
<security:logout logout-url="/ps_service/j_spring_security_logout" logout-success-url="/ps_service/login.do"/>
只要用户请求/ps_service/j_spring_security_logout这个URL,Spring security就会进行系统用户的注销
由于系统中页面用的是freeMarker视图解析,ftl格式的页面,注销按钮如下
<div class="pad5A button-pane button-pane-alt text-center" style="width: 240px;">
<a href="/ps_service/j_spring_security_logout" class="btn display-block font-normal btn-danger">
<i class="glyph-icon icon-power-off"></i>
Logout
</a>
<a href="/ps_service/j_spring_security_logout" class="btn display-block font-normal btn-danger">
<i class="glyph-icon icon-power-off"></i>
Logout
</a>
</div>
点击Logout就会发生注销操作。