如何在Spring Security中将参数与注销成功URL一起传递? [英] How to pass parameter along with logout success url in spring security?
问题描述
我在Spring Boot应用程序中使用基于Java的Spring安全性配置.当用户单击注销链接时,用户将被重定向到登录页面.在这种情况下,在这里,我需要在注销成功URL中传递一个自定义参数.
I am using java based spring security configuration in my spring boot application. When user clicks on logout link, user is redirected to the login page. Here, in this case, I need to pass a custom parameter in the logout success url.
例如当我注销时,应用程序重定向到 http://localhost:8080/app/login 但我希望它具有如下所示的参数 http://localhost:8080/app/login?idletimeout = true
e.g. when I logout, app is redirected to http://localhost:8080/app/login But I want it to have a parameter like below http://localhost:8080/app/login?idletimeout=true
我为此创建了自定义的LogoutSuccesshandle.我在处理程序中获取了param值,然后构造了成功URL,然后将其重定向到该URL.但是随后在注销时该参数丢失了.
I have created my custom LogoutSuccesshandle for this. I get the param value in the handler and then I construct the success url and then redirect to it. But then on logout that parameter goes missing.
下面是我的处理程序代码.
Below is my handler code.
public class LogoutSuccessHandlerImpl extends SimpleUrlLogoutSuccessHandler {
private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
request.getSession().invalidate();
SecurityContextHolder.clearContext();
request.setAttribute("isLoggedOut", "true");
String contextPath = request.getContextPath();
String redirectURL = "/login";
String isIdleTimeOut = request.getParameter("idleTimeout");
request.setAttribute("idleTimeout", isIdleTimeOut);
System.out.println(isIdleTimeOut + " isIdleTimeOut ");
if (isIdleTimeOut != null && isIdleTimeOut.equalsIgnoreCase("true")) {
System.out.println("in if ");
redirectURL += "?idleTimeout=" + isIdleTimeOut;
}
// setDefaultTargetUrl(redirectURL);
// response.sendRedirect(redirectURL);
// super.onLogoutSuccess(request, response, authentication);
redirectStrategy.sendRedirect(request, response, redirectURL);
}
下面是我的Java配置代码.
Below is my java config code.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/checkLogin")
.defaultSuccessUrl("/home")
.failureUrl("/login?login_error=1")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(new LogoutSuccessHandlerImpl())
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/login**").permitAll()
.antMatchers("/error**").permitAll()
.antMatchers("/checkLogin**").permitAll()
.anyRequest()
.authenticated()
.accessDecisionManager(accessDecisionManager)
.and()
.exceptionHandling()
.accessDeniedPage("/accessDenied")
.and()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.invalidSessionUrl("/login")
.maximumSessions(1);
}
推荐答案
您可以做的是为您的申请准备自己的注销方法(自定义注销网址):
What you can do is to prepare your own logout method (a custom logout url) for your applicatoin:
1)准备您的LogoutController:
1) Prepare your LogoutController:
@Controller
@RequestMapping(value = "/logout")
public class LogoutController {
@RequestMapping(value = {"", "/"})
public String logout(HttpServletRequest request) {
SecurityContextHolder.clearContext();
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
return "redirect:" + <your-logout-success-url>;
}
}
在这里,使会话无效并清除上下文将为您提供注销机制.
Here, invalidating the session and clearing the context provides you a logout mechanism.
2)更新jsp文件中的注销URL:
2) Update your logout urls inside jsp files:
<a href="/logout" id="logout_" title="Log out"><span>Log out</span></a>
3)此外,对于默认的注销"方案,您仍然可以继续使用Spring Security注销:
3) In addition, for default "log out" scenarios, you can still continue to use the Spring Security log out:
<logout logout-success-url="/" invalidate-session="true" delete-cookies="JSESSIONID"
logout-url="/j_spring_security_logout"/>
因此,在此注销方法中,当用户要求注销过程时,您可以对请求对象执行任何所需的操作.您现在不需要传递参数.
So, in this logout method, you can do whatever you want with the request object when user demands the logout process. You do not need to pass parameters now.
这篇关于如何在Spring Security中将参数与注销成功URL一起传递?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!