3

I am using spring-security 3.x. i have a requirement where in, just before the user is logged out, I want to perform some logic. I wrote a filter extending spring provided LogoutFilter as below.

public class MyFilter extends LogoutFilter{

  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        //Perform some logic 

          super.doFilter(req,res,chain);

   }

}

How can I call my own filter when user clicks on logoff button?

4

1 回答 1

3

您不需要 custom LogoutFilter,您需要将以下内容之一插入标准过滤器:

请注意,LogoutHandlers 在 s 之前被调用LogoutSuccessHandler,但后者允许抛出异常,而前者不应该。

另请注意,如果您使用 custom LogoutHandler,则需要将这些提供/注入到LogoutFilter ConcurrentSessionFilter(如果使用)。

如果您在 XML 配置(即xmlns="http://www.springframework.org/schema/security")中使用安全命名空间,那么很容易通过添加自LogoutSuccessHandler定义

<http>
    ...
    <logout success-handler-ref="yourBeanId"/>
</http>

不确定如何LogoutHandler使用命名空间插入自定义 s。

否则,它看起来像这样:

<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <constructor-arg ref="logoutSuccessHandler"/>
    <constructor-arg ref="logoutHandlers"/>
    ...
</bean>

<bean id="logoutSuccessHandler" class="your.custom.LogoutSuccessHandler"/>

<bean id="logoutHandlers" class="java.util.Arrays" factory-method="asList">
    <constructor-arg>
        <array>
            <bean class="your.custom.LogoutHandler"/>
            ...
        </array>
    </constructor-arg>
</bean>
于 2013-06-05T15:52:53.483 回答