spring自定义注销过滤器在注销前执行一些操作？ [英] spring custom logout filter to perform some action before logs out?

问题描述

我正在使用Spring Security 3.0。我只需要在用户注销之前执行一些逻辑。

I am using Spring Security 3.0. I just need to perform some logic before user logs out.

是否可以通过覆盖 LogoutFilter 来实现这一点Spring Security类？

Is it possible to achieve that by overriding the LogoutFilter class of Spring Security?

推荐答案

有很多方法可以做到这一点。我会告诉你两个我会考虑的事情。

There a bunch of ways to do that. I'll tell you the two that I would consider.

1）创建我自己的过滤器来完成我需要的东西。这里的关键点是，如果你创建了一个过滤器，你还必须告诉Spring Security将它放入过滤器链中，你的请求过滤器链是为了做auth *的东西。 查看此文档了解如何在更多详细信息中将过滤器插入正确的位置，但它看起来像

1) Creating my own filter that does the things that I need. The key point here is that if you create a filter, you must also tell Spring Security to put it into the "filter chain", the chain of filters your requests go through in order to do auth* stuff. Check this documentation to know how to insert your filters in the right spot in more details, but it will look something like

<http>
    <custom-filter before="LOGOUT_FILTER" ref="cleanupFilter" />
</http>

<beans:bean id="cleanupFilter" class="com.CleanupFilter"/>

请记住，通过对LogoutFilter进行子类化，您仍在创建自定义过滤器，因此同样适用。

Remember that by sublassing LogoutFilter you are still creating a custom filter, so same thing apply.

2）如果我的自定义逻辑可以在用户注销之前不严格执行，但也可以稍后执行，请考虑使用 SecurityContextLogoutHandler （查看B部分的文档.1.13），当用户成功注销时，它会为你提供一个钩点来执行自定义逻辑。

2) If my custom logic can be executed not strictly before the user logs out but also slight after, consider using SecurityContextLogoutHandler (check docs at section B.1.13) that will give you an hook point to perform custom logic when the users successfully logs out.

<http>
    <logout success-handler-ref="myLogoutSuccessHandler"/>
</http>

这篇关于spring自定义注销过滤器在注销前执行一些操作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！