⒈如何登出?
SpringSecurity預設為我們提供了退出操作,我們隻需要通路特定的url就可以登出了
1 <!DOCTYPE html>
2 <html lang="en">
3 <head>
4 <meta charset="UTF-8">
5 <title>登出</title>
6 </head>
7 <body>
8 <a href="/logout">登出</a>
9 </body>
10 </html>
⒉SpringSecurity預設為我們做了什麼?
1.使目前Session失效
2.清除與目前使用者相關的remember-me記錄
3.清空目前的SecurityContext
4.重定向到登陸頁面
⒊我們如何自定義登出
1 package cn.coreqi.security.config;
2
3 import cn.coreqi.security.Filter.SmsCodeFilter;
4 import cn.coreqi.security.Filter.ValidateCodeFilter;
5 import cn.coreqi.security.handler.CoreqiLogoutSuccessHandler;
6 import org.springframework.beans.factory.annotation.Autowired;
7 import org.springframework.context.annotation.Bean;
8 import org.springframework.context.annotation.Configuration;
9 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
10 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
11 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
12 import org.springframework.security.crypto.password.PasswordEncoder;
13 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
14 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
15 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
16
17 @Configuration
18 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
19
20 @Autowired
21 private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler;
22
23 @Autowired
24 private AuthenticationFailureHandler coreqiAuthenticationFailureHandler;
25
26 @Autowired
27 private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
28
29 @Bean
30 public PasswordEncoder passwordEncoder(){
31 return NoOpPasswordEncoder.getInstance();
32 }
33
34
35 @Override
36 protected void configure(HttpSecurity http) throws Exception {
37 ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
38 validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);
39
40 SmsCodeFilter smsCodeFilter = new SmsCodeFilter();
41
42
43 //http.httpBasic() //httpBasic登入 BasicAuthenticationFilter
44 http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class) //加載使用者名密碼過濾器的前面
45 .addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class) //加載使用者名密碼過濾器的前面
46 .formLogin() //表單登入 UsernamePasswordAuthenticationFilter
47 .loginPage("/coreqi-signIn.html") //指定登入頁面
48 //.loginPage("/authentication/require")
49 .loginProcessingUrl("/authentication/form") //指定表單送出的位址用于替換UsernamePasswordAuthenticationFilter預設的送出位址
50 .successHandler(coreqiAuthenticationSuccessHandler) //登入成功以後要用我們自定義的登入成功處理器,不用Spring預設的。
51 .failureHandler(coreqiAuthenticationFailureHandler) //自己體會把
52 .and()
53 .logout() //登出相關配置
54 .logoutUrl("signOut") //自定義登出頁面
55 .logoutSuccessHandler(new CoreqiLogoutSuccessHandler()) //退出成功後要做的操作(如記錄日志),和logoutSuccessUrl互斥
56 //.logoutSuccessUrl("/index") //退出成功後跳轉的頁面
57 .deleteCookies("JSESSIONID") //退出時要删除的Cookies的名字
58 .and()
59 .authorizeRequests() //對授權請求進行配置
60 .antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll() //指定登入頁面不需要身份認證
61 .anyRequest().authenticated() //任何請求都需要身份認證
62 .and().csrf().disable() //禁用CSRF
63 .apply(smsCodeAuthenticationSecurityConfig);
64 //FilterSecurityInterceptor 整個SpringSecurity過濾器鍊的最後一環
65 }
66 }
作者:奇
出處:https://www.cnblogs.com/fanqisoft/
本文版權歸作者和部落格園共有,歡迎轉載,但必須給出原文連結,并保留此段聲明,否則保留追究法律責任的權利。