Spring Security处理登出(Logout)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Security处理登出(Logout)相关的知识,希望对你有一定的参考价值。
参考技术ASpring Security内置的东西很多,有时候比较方便,但有时候因不了解其内部机制很可能出现一些问题。这里说下Spring Security对登出的支持。
Security默认的登出地址为: /logout ,在登出后会进行如下操作:
当然除了默认的操作,开发者更希望能自己灵活配置。
LogoutHandler 即在程序执行logout时一起参与执行其中的处理逻辑, 不能抛出异常 ,官方默认提供了几个实现。
在调用完LogoutHandler之后,并且处理成功后调用, 可以抛出异常 ,官方默认提供了两个
在登出的时候区分是 接口登出 还是 页面登出 ,针对不同的登出做不同的处理。
参考: https://docs.spring.io/spring-security/site/docs/5.2.1.RELEASE/reference/htmlsingle/#ns-logout
Spring boot Security 登陆安全配置
实现的效果
访问url时,如果未登录时跳转到Login界面,要求用户登陆,如果登陆过返回请求的数据。
效果图
访问数据时,未登录返回login界面
登陆操作
登陆成功进入登出界面
登陆成功后再次访问数据
POM 文件
加入 Security 配置,数据库使用maybatis。
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.gailguo</groupId>
<artifactId>login</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>login</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.0.1</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
WebSecurityConfigurerAdapter配置Security信息
1. authorizeRequests() .antMatchers("/user/*").permitAll() .anyRequest().authenticated() 意思代表 /user 不需要进行授权认证,其他都需要认证。
2 .formLogin().loginPage("/login.html").loginProcessingUrl("/signin").successHandler(successHandler).failureHandler(failureHandler) 设置的登陆界面,和登陆的url 以及登陆成功的handler和失败的handler。
3 .usernameParameter("username").passwordParameter("password").permitAll() 用户名和密码的传参数
4 .logout().logoutUrl("/signout").logoutSuccessHandler(logoutSuccessHandler).permitAll(); 登出url ,以及handler
5 .csrf().disable()
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
@Autowired
private AjaxAuthSuccessHandler successHandler;
@Autowired
private AjaxAuthFailureHandler failureHandler;
@Autowired
private AjaxLogoutSuccessHandler logoutSuccessHandler;
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception
http
.authorizeRequests().antMatchers("/user/*").permitAll() .anyRequest().authenticated()
.and()
.csrf().disable()
.formLogin().loginPage("/login.html").loginProcessingUrl("/signin").successHandler(successHandler).failureHandler(failureHandler)
.usernameParameter("username").passwordParameter("password").permitAll()
.and()
.logout().logoutUrl("/signout").logoutSuccessHandler(logoutSuccessHandler).permitAll();
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
auth.userDetailsService(userDetailsService).passwordEncoder(new PasswordEncoder()
@Override
public String encode(CharSequence charSequence)
return charSequence.toString();
@Override
public boolean matches(CharSequence charSequence, String s)
return s.equals(charSequence.toString());
);
SimpleUrlAuthenticationSuccessHandler
登陆成功时
@Component
public class AjaxAuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler
private static final Logger logger = LoggerFactory.getLogger(AjaxAuthSuccessHandler.class);
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException
logger.info("Authentication success, login successfully", request.getParameter("username"));
response.setStatus(HttpServletResponse.SC_OK);
response.sendRedirect("/home.html");
fail
@Component
public class AjaxAuthFailureHandler extends SimpleUrlAuthenticationFailureHandler
private static final Logger logger = LoggerFactory.getLogger(AjaxAuthFailureHandler.class);
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException
logger.info("Authentication error, login failed", request.getParameter("username"));
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentiaction Failed");
loginout success
@Component
public class AjaxLogoutSuccessHandler implements LogoutSuccessHandler
private static final Logger logger = LoggerFactory.getLogger(AjaxLogoutSuccessHandler.class);
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException
httpServletResponse.setStatus(HttpServletResponse.SC_OK);
logger.info("Logout successfully, session id: ", httpServletRequest.getSession().getId());
UserDetailsService
@Service
public class UserDetailsServiceImpl implements UserDetailsService
private Map<String, String> userRepository = new HashMap<>();
@PostConstruct
private void init()
userRepository.put("zhangshan", "123456");
userRepository.put("guo", "123456");
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException
return new User(s, userRepository.get(s), new ArrayList<>());
代码:
https://github.com/galibujianbusana/login
以上是关于Spring Security处理登出(Logout)的主要内容,如果未能解决你的问题,请参考以下文章
前后端分离 Spring Security 对登出.logout()的处理