我要评论前言
logoutsuccesshandler 接口定义了在用户成功注销后执行的操作。
当用户从应用程序中注销时,这个处理器被触发。
它允许我们开发者自定义注销成功后的行为,例如重定向到特定页面、显示注销确认信息、进行清理工作或其他自定义逻辑。
接下来先简单介绍官方的处理器,再自己自定义一个处理器。
官方给的处理器
simpleurllogoutsuccesshandler
注销成功后重定向到一个url地址。
@override
protected void configure(httpsecurity http) throws exception {
corsconfiguration configuration = new corsconfiguration();
configuration.setallowcredentials(true);
http
// 退出登录
.logout()
// 退出登录成功后处理器
.logoutsuccesshandler(logoutsuccesshandler());
}
@bean
public logoutsuccesshandler logoutsuccesshandler() {
simpleurllogoutsuccesshandler logoutsuccesshandler = new simpleurllogoutsuccesshandler();
// 注销成功后重定向的地址
logoutsuccesshandler.setdefaulttargeturl("/logout");
return logoutsuccesshandler;
}forwardlogoutsuccesshandler
注销成功后转发到一个url地址。
@override
protected void configure(httpsecurity http) throws exception {
corsconfiguration configuration = new corsconfiguration();
configuration.setallowcredentials(true);
http
// 退出登录
.logout()
// 退出登录成功后处理器
.logoutsuccesshandler(logoutsuccesshandler());
}
@bean
public logoutsuccesshandler logoutsuccesshandler() {
// 转发地址
return new forwardlogoutsuccesshandler("/logout");
}httpstatusreturninglogoutsuccesshandler
不做重定向也不做转发,而是返回一个指定的http状态码。
@override
protected void configure(httpsecurity http) throws exception {
corsconfiguration configuration = new corsconfiguration();
configuration.setallowcredentials(true);
http
// 退出登录
.logout()
// 退出登录成功后处理器
.logoutsuccesshandler(logoutsuccesshandler());
}
@bean
public logoutsuccesshandler logoutsuccesshandler() {
// 也可以指定其他状态码
return new httpstatusreturninglogoutsuccesshandler(httpstatus.ok);
}delegatinglogoutsuccesshandler
delegatinglogoutsuccesshandler 用于处理用户注销成功后根据不同的请求条件选择并执行相应的 logoutsuccesshandler。
@override
protected void configure(httpsecurity http) throws exception {
corsconfiguration configuration = new corsconfiguration();
configuration.setallowcredentials(true);
http
// 退出登录
.logout()
// 退出登录成功后处理器
.logoutsuccesshandler(logoutsuccesshandler());
}
@bean
public logoutsuccesshandler logoutsuccesshandler() {
linkedhashmap<requestmatcher, logoutsuccesshandler> matchertohandler = new linkedhashmap<>();
// 配置不同的requestmatcher和对应的logoutsuccesshandler
// 配置在 /admin/** 路径下退出登录匹配的 simpleurllogoutsuccesshandler
simpleurllogoutsuccesshandler simpleurllogoutsuccesshandler = new simpleurllogoutsuccesshandler();
simpleurllogoutsuccesshandler.setdefaulttargeturl("/admin-logout");
matchertohandler.put(new antpathrequestmatcher("/admin/**"), simpleurllogoutsuccesshandler);
// 配置在 /user/** 路径下退出登录匹配的 forwardlogoutsuccesshandler
matchertohandler.put(new antpathrequestmatcher("/user/**"), new forwardlogoutsuccesshandler("/user-logout"));
delegatinglogoutsuccesshandler handler = new delegatinglogoutsuccesshandler(matchertohandler);
// 配置默认的 forwardlogoutsuccesshandler
handler.setdefaultlogoutsuccesshandler(new forwardlogoutsuccesshandler("/default-logout"));
return handler;
}自定义处理器
package com.security.handler.logout;
import com.alibaba.fastjson2.json;
import com.security.controller.vo.responseresult;
import lombok.extern.slf4j.slf4j;
import org.springframework.security.core.authentication;
import org.springframework.security.web.authentication.logout.logoutsuccesshandler;
import org.springframework.stereotype.component;
import javax.servlet.servletexception;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import java.io.ioexception;
@component
@slf4j
public class logoutsuccesshandlerimpl implements logoutsuccesshandler {
@override
public void onlogoutsuccess(httpservletrequest request, httpservletresponse response, authentication authentication) throws ioexception, servletexception {
log.info("退出登录成功 ...");
/**
* 设置响应状态值
*/
response.setstatus(200);
response.setcontenttype("application/json");
response.setcharacterencoding("utf-8");
string json = json.tojsonstring(
responseresult.builder()
.code(200)
.message("退出登录成功!")
.build());
// json信息
response.getwriter().println(json);
}
}package com.security.config;
import com.security.handler.logout.logoutsuccesshandlerimpl;
import org.springframework.context.annotation.bean;
import org.springframework.context.annotation.configuration;
import org.springframework.security.config.annotation.method.configuration.enableglobalmethodsecurity;
import org.springframework.security.config.annotation.web.builders.httpsecurity;
import org.springframework.security.config.annotation.web.configuration.enablewebsecurity;
import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter;
import org.springframework.security.web.authentication.logout.logoutsuccesshandler;
import org.springframework.web.cors.corsconfiguration;
@configuration
@enablewebsecurity
// 开启限制访问资源所需权限
@enableglobalmethodsecurity(prepostenabled = true)
public class securityconfigurationtest extends websecurityconfigureradapter {
@override
protected void configure(httpsecurity http) throws exception {
corsconfiguration configuration = new corsconfiguration();
configuration.setallowcredentials(true);
http
// 退出登录
.logout()
// 退出登录成功后处理器
.logoutsuccesshandler(logoutsuccesshandler());
}
@bean
public logoutsuccesshandler logoutsuccesshandler() {
return new logoutsuccesshandlerimpl();
}
}总结
以上为个人经验,希望能给大家一个参考,也希望大家多多支持代码网。
发表评论