The correct way to implement the exit function of spring security (recommended)
Introduction to spring security
The core functions of spring security mainly include:
Its core is a set of filter chains, which will be automatically configured after the project is started. The core is the basic authentication filter, which is used to authenticate the user's identity. A filter in spring security handles an authentication method.
This article will introduce how to implement the user's "exit" logout function under the spring security framework. In fact, this is a very simple function. I have seen many programmers still write their own controller method to realize the logout function after using spring security. This method is like farming. You have mechanical equipment, you don't need it, and you have to use cattle.
1、 Logout minimalism and best practices
In fact, using spring security for logout is very simple. You only need to add such a line of code on the spring security configuration class configuration item: http logout()。 Many other implementations of spring security configuration class, such as httpbasic mode, formlogin mode, custom login verification results, permission expression, and session management, have been written in previous articles of this number. The core content of this section is to add such a line of code on the basis of the original configuration: http logout()。
@Configuration
@EnableWebSecurity
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.logout();
}
}
After adding the logout configuration, use / logtou as the path to request logout on your "exit" button.
<a href="/logout" rel="external nofollow" >退出</a>
We have completed the logout function. In fact, the core code is only two lines.
2、 What does the default logout do?
Although we have simply implemented the logout function, is it not enough to rest assured? Let's take a look at what spring security does for us in the logout process by default.
Generally, for an application, the above actions are the functions required for the logout function.
3、 Personalized configuration
Although spring security uses / logout as the exit processing request path by default, the login page is used as the jump page after exit. This is in line with the development logic of most applications, but sometimes we need some personalized settings, as follows:
http.logout()
.logoutUrl("/signout")
.logoutSuccessUrl("/aftersignout.html")
.deleteCookies("JSESSIONID")
4、 Logoutsuccesshandler
If the above personalized configuration still can not meet your application needs. Maybe your application needs to do some special actions during logout, such as calculating login duration, cleaning business-related data, etc. You can implement your business logic by implementing the logoutsuccesshandler interface.
@Component
public class MylogoutSuccessHandler implements logoutSuccessHandler {
@Override
public void onlogoutSuccess(HttpServletRequest request,HttpServletResponse response,Authentication authentication)
throws IOException,ServletException {
//这里书写你自己的退出业务逻辑
// 重定向到登录页
response.sendRedirect("/login.html");
}
}
Then configure it to take effect. The core code is a line of logoutsuccesshandler. Note that logoutsuccessurl should not be used with logoutsuccesshandler, otherwise the logoutsuccesshandler will become invalid.
@Configuration
@EnableWebSecurity
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MylogoutSuccessHandler mylogoutSuccessHandler;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.logout()
.logoutUrl("/signout")
//.logoutSuccessUrl(``"/aftersignout.html"``)
.deleteCookies("JSESSIONID")
//自定义logoutSuccessHandler
.logoutSuccessHandler(mylogoutSuccessHandler);
}
}
summary
The above is the correct way to realize the exit function of spring Security introduced by Xiaobian. I hope it will help you. If you have any questions, please leave me a message, and Xiaobian will reply to you in time. Thank you very much for your support to our website! If you think this article is helpful to you, welcome to reprint, please indicate the source, thank you!