SpringSecurity3_Logout

Logout¶•退出登录的链接 <a href="${pageContext.request.contextPath}/j_spring_security_logout">退出登录</a>
•退出登录的过程
auto-config默认配置了LogoutFilter 过滤所有请求的URL中的代表注销的请求。默认的URL是/j_spring_security_logout. 1.使Session失效(Clear Session & Clear Remember me cookie)
2.Clear SecurityContext
3.重定向页面到退出登录成功的页面
•使用logout标签更详细的配置logout。
   <http auto-config="true" use-expressions="true">                 <intercept-url pattern="/login" access="permitAll"/>                 <intercept-url pattern="/*" access="hasRole('ROLE_USER')" />                 <form-login login-page="/login"/>                                  <logout invalidate-session="true" logout-success-url="/" logout-url="/j_spring_security_logout"/>         </http>1.invalidate-session 是Session失效
2.logout-sucess成功退出后重定向的URL
3.logut-url 执行退出登录的链接
•`LogoutHandler`todo
•LogoutSuccessHandler用来扩展实现登出成功的回调。
logout-success-url与logoutSuccessHandler属性只可以同时指定一个。
applicationContext-security.xml
   <http auto-config="true" use-expressions="true">                 <intercept-url pattern="/login" access="permitAll"/>                 <intercept-url pattern="/*" access="hasRole('ROLE_USER')" />                 <form-login login-page="/login"/>                                  <logout                          invalidate-session="true"                          logout-url="/j_spring_security_logout"                         success-handler-ref="logoutSuccessHandler"                 />         </http>                  <beans:bean id="logoutSuccessHandler" class="org.ababe.spring_security.handler.LogoutSuccessHandler"/>org.ababe.spring_security.handler.LogoutSuccessHandler
   package org.ababe.spring_security.handler;  import java.io.IOException;  import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;  import org.springframework.security.core.Authentication;  public class LogoutSuccessHandler implements org.springframework.security.web.authentication.logout.LogoutSuccessHandler{          public void onLogoutSuccess(HttpServletRequest request,                         HttpServletResponse response, Authentication authentication)                         throws IOException, ServletException {                 if(authentication != null){                     System.out.print(authentication.getName() + "Logout");                 }                 response.sendRedirect(request.getContextPath());         }  }

【转载地址】http://code.google.com/p/bounding/wiki/SpringSecurity3_Logout