0

我在 LoginSuccessHandler(extending CustomAuthenticationSuccessHandler) 中设置了一个会话属性,例如

public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {


HttpSession session = request.getSession();
session.setAttribute("TICKET", "dummyVAL");

}

我想在 LogoutSuccessHandler(扩展 SimpleUrlLogoutSuccessHandler)中检索相同的值。但是当我这样做时

public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

HttpSession session = request.getSession();
session.getAttribute("TICKET");
    }

我得到空值。如何在成功处理程序中设置的登录处理程序中检索会话值。

4

2 回答 2

1

会话失效后 spring-security 将调用logout-success-url所以你不会在这里找到会话

所以解决方法是 call a logout url pattern from logout link 使用它

@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(ModelMap model, HttpSession session) {
    //** do some thing **//
    return "redirect:/j_spring_security_logout";

}
于 2013-10-18T12:46:27.987 回答
0

我认为当您的会话被破坏时会触发“onLogutSuccess”方法。因此在会话中找不到任何值或参数。而您对 request.getSession() 所做的是您正在创建一个新会话,该会话又为该属性返回 null,因为该会话不存在该属性。

于 2013-10-18T12:43:41.303 回答