Spring Security Logout

原文地址:http://www.javaarch.net/jiagoushi/697.htm

Spring Security Logout

spring logout配置:

	<http>
	 
		...    
		<logout/>
	 
	</http>
	
Logout url:jsp页面

	<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
	<html>
	   <head></head>
	   <body>
		  <a href="<c:url value="/j_spring_security_logout" />">Logout</a>
	   </body>
	</html>
	
logout成功之后url配置:

<logout logout-success-url="/afterlogout.html" /> 或者 <logout logout-success-url="/login.html" />

logout的url配置:delete-cookies="JSESSIONID" session失效

	<logout
		logout-success-url="/anonymous.html"
		logout-url="/perform_logout" delete-cookies="JSESSIONID"/>
		
还可以通过success-handler-ref="customLogoutSuccessHandler"配置logout的回调接口

	<logout
		logout-url="/perform_logout"
		delete-cookies="JSESSIONID"
		success-handler-ref="customLogoutSuccessHandler" />
	 
	...
	<beans:bean name="customUrlLogoutSuccessHandler" />
	
CustomLogoutSuccessHandler.java

	public class CustomLogoutSuccessHandler extends
	  SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
	 
		@Autowired
		private AuditService auditService; 
	 
		@Override
		public void onLogoutSuccess
		  (HttpServletRequest request, HttpServletResponse response, Authentication authentication) 
		  throws IOException, ServletException {
			String refererUrl = request.getHeader("Referer");
			auditService.track("Logout from: " + refererUrl);
	 
			super.onLogoutSuccess(request, response, authentication);
		}
	}
	
github示例工程地址:https://github.com/eugenp/tutorials/tree/master/spring-security-login


posted @ 2013-06-02 16:14  zhwj184  阅读(560)  评论(0编辑  收藏  举报