The determineTargetUrl
中的方法AbstractAuthenticationTargetUrlRequestHandler
似乎无法获取请求参数。对我来说通常可以提供一个defaultTargetUrl
并设置alwaysUseDefaultTargetUrl
to true
这意味着determineTargetUrl
始终返回给定的 URL 并防止 URL 确定魔法。
我会通过注册自己的来做到这一点LogoutSuccessHandler
实施如:
<logout
logout-url="/static/j_spring_security_logout"
invalidate-session="true"
success-handler-ref="myLogoutSuccessHandler" />
代替logout-success-url
.
A LogoutSuccessHandler
看起来很简单:
public class MyLogoutSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication throws IOException, ServletException {
// maybe do some other things ...
super.handle(request, response, authentication);
}
}
将您的注销 URL 设置为defaultTargetUrl
在为自定义定义 bean 时,在您的安全上下文中LogoutSuccessHandler
:
<bean id="myLogoutSuccessHandler" class="foobar.impl.MyLogoutSuccessHandler">
<property name="defaultTargetUrl" value="/" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
</bean>