如何使用Spring Security自动注销 [英] How to log out automatically with Spring Security

问题描述

我有一个spring web应用程序，我使用Spring安全性进行了用户身份验证。

I have a spring web application and I did user authentication using Spring security.

一切顺利。登录和注销工作完美！

Everything works well. Log in and Log out works perfect!

现在，我想实现以便自动注销。例如，如果用户打开窗口大约30分钟并且什么也不做（例如，会话已过期）系统应该自动注销。我该如何实现呢？

Now, I want to implement in order to log out automatically. For example, if user has a window opened for about 30 minutes and do nothing (Sessions expired for instance) system should log out automatically. How can I implement this?

它可能由客户端实现（我每1分钟发送一次请求并检查会话是否结束）。但是我不能在Spring自动执行此操作吗？

It might be implemented by client side (I send requests every 1 minutes and check if session is ended). But can't I do this automatically from Spring?

我有这个配置：

<http auto-config="true" use-expressions="true">


        <intercept-url pattern="/admin**" />
        <access-denied-handler error-page="/403" />

        <form-login login-page="/login" 
            default-target-url="/admin"
            authentication-failure-url="/login?error" 
            username-parameter="NAME"
            password-parameter="PASSWORD"  />

        <logout invalidate-session="true" 
             logout-success-url="/login?logout"/>

    </http>

和web.xml

<session-config>
  <session-timeout>1</session-timeout>
</session-config>

1分钟后，我看到会话被破坏了。 1分钟后杀死会话。但页面没有重定向到/ login？logout

after 1 minute, I see that session was destroyed. kill the session after 1 minute. but page was not redirected to /login?logout

推荐答案

如何使用安全配置。我希望下面的配置：会工作。


applicationContext.xml

How about to use security configuration.?? I hope below config: will work.

applicationContext.xml

 --namespace-> xmlns:security="http://www.springframework.org/schema/security"

        <security:logout invalidate-session="true"
                        success-handler-ref="Logout"
                        logout-url="/logout.html" />
        </security:http>

web.xml

 <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>

而且，他们需要自己写，因为success-handler-ref =Logout是自定义的退出处理程序：

退出
@Component

And them, you need to write your own because success-handler-ref="Logout" is custom handler for logout:
Logout @Component

public class Logout extends SimpleUrlLogoutSuccessHandler {

    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {

        if (authentication != null) {
            // do something 
        }

        setDefaultTargetUrl("/login");
        super.onLogoutSuccess(request, response, authentication);       
    }
}

这篇关于如何使用Spring Security自动注销的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！