如何在Spring Security中将参数与注销成功URL一起传递? [英] How to pass parameter along with logout success url in spring security?

问题描述

我在Spring Boot应用程序中使用基于Java的Spring安全性配置.当用户单击注销链接时，用户将被重定向到登录页面.在这种情况下，在这里，我需要在注销成功URL中传递一个自定义参数.

I am using java based spring security configuration in my spring boot application. When user clicks on logout link, user is redirected to the login page. Here, in this case, I need to pass a custom parameter in the logout success url.

例如当我注销时，应用程序重定向到 http://localhost:8080/app/login 但我希望它具有如下所示的参数 http://localhost:8080/app/login?idletimeout = true

e.g. when I logout, app is redirected to http://localhost:8080/app/login But I want it to have a parameter like below http://localhost:8080/app/login?idletimeout=true

我为此创建了自定义的LogoutSuccesshandle.我在处理程序中获取了param值，然后构造了成功URL，然后将其重定向到该URL.但是随后在注销时该参数丢失了.

I have created my custom LogoutSuccesshandle for this. I get the param value in the handler and then I construct the success url and then redirect to it. But then on logout that parameter goes missing.

下面是我的处理程序代码.

Below is my handler code.

public class LogoutSuccessHandlerImpl extends SimpleUrlLogoutSuccessHandler {

    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        request.getSession().invalidate();
        SecurityContextHolder.clearContext();

        request.setAttribute("isLoggedOut", "true");

        String contextPath = request.getContextPath();
        String redirectURL = "/login";

        String isIdleTimeOut = request.getParameter("idleTimeout");
        request.setAttribute("idleTimeout", isIdleTimeOut);

        System.out.println(isIdleTimeOut + " isIdleTimeOut ");

        if (isIdleTimeOut != null && isIdleTimeOut.equalsIgnoreCase("true")) {
            System.out.println("in if ");
            redirectURL += "?idleTimeout=" + isIdleTimeOut;
        }

        // setDefaultTargetUrl(redirectURL);
        // response.sendRedirect(redirectURL);
       // super.onLogoutSuccess(request, response, authentication);
        redirectStrategy.sendRedirect(request, response, redirectURL);
    }

下面是我的Java配置代码.

Below is my java config code.

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
        .and()
            .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/checkLogin")
            .defaultSuccessUrl("/home")
            .failureUrl("/login?login_error=1")
            .usernameParameter("username")
            .passwordParameter("password")
            .permitAll()
        .and()
            .logout()
            .logoutUrl("/logout")
            .logoutSuccessHandler(new LogoutSuccessHandlerImpl())
            .deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .permitAll()
        .and()
            .authorizeRequests()
            .antMatchers("/login**").permitAll()
            .antMatchers("/error**").permitAll()
            .antMatchers("/checkLogin**").permitAll()
            .anyRequest()
            .authenticated()
            .accessDecisionManager(accessDecisionManager)
        .and()
            .exceptionHandling()
            .accessDeniedPage("/accessDenied")
        .and()
            .headers()
            .frameOptions()
            .disable()
        .and()
            .sessionManagement()
            .invalidSessionUrl("/login")
            .maximumSessions(1);
    }

推荐答案

您可以做的是为您的申请准备自己的注销方法(自定义注销网址):

What you can do is to prepare your own logout method (a custom logout url) for your applicatoin:

1)准备您的LogoutController:

1) Prepare your LogoutController:

@Controller
@RequestMapping(value = "/logout")
public class LogoutController {

    @RequestMapping(value = {"", "/"})
    public String logout(HttpServletRequest request) {
        SecurityContextHolder.clearContext();
        HttpSession session = request.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        return "redirect:" + <your-logout-success-url>;
    }

}

在这里，使会话无效并清除上下文将为您提供注销机制.

Here, invalidating the session and clearing the context provides you a logout mechanism.

2)更新jsp文件中的注销URL:

2) Update your logout urls inside jsp files:

<a href="/logout" id="logout_" title="Log out"><span>Log out</span></a>

3)此外，对于默认的注销"方案，您仍然可以继续使用Spring Security注销:

3) In addition, for default "log out" scenarios, you can still continue to use the Spring Security log out:

<logout logout-success-url="/" invalidate-session="true" delete-cookies="JSESSIONID"
            logout-url="/j_spring_security_logout"/>

因此，在此注销方法中，当用户要求注销过程时，您可以对请求对象执行任何所需的操作.您现在不需要传递参数.

So, in this logout method, you can do whatever you want with the request object when user demands the logout process. You do not need to pass parameters now.

这篇关于如何在Spring Security中将参数与注销成功URL一起传递?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！