我有一个自定义的注销过滤器,调用了六次。我尝试访问该应用程序两次,输入用户名/密码并单击“登录”时两次,然后当我单击“注销”时再次尝试访问该应用程序两次。
我究竟做错了什么?
配置:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN_FUNCTIONS')" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<form-login login-page="/login"
authentication-success-handler-ref="customAuthenticationSuccessHandlerBean"
authentication-failure-handler-ref="customAuthenticationFailureHandlerBean" />
<logout invalidate-session="true" success-handler-ref="logoutHandlerBean" />
<session-management session-fixation-protection="migrateSession">
<concurrency-control max-sessions="1"
expired-url="/login_sessionexpired" />
</session-management>
<custom-filter before="LOGOUT_FILTER" ref="customLogoutFilter" />
</http>
<beans:bean id="customLogoutFilter" class="com.hurontg.libms.security.CustomLogoutFilter" />
过滤器:
public class CustomLogoutFilter extends OncePerRequestFilter {
/**
*
*/
private XLogger logger = XLoggerFactory
.getXLogger(CustomLogoutFilter.class.getName());
@Override
protected void doFilterInternal(HttpServletRequest req,
HttpServletResponse res, FilterChain chain)
throws ServletException, IOException {
logger.error("========================================================================================");
logger.error("$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Custom Logout Filter $$$$$$$$$$$$$$$$$$$$$$$$$$$$$");
logger.error("========================================================================================");
chain.doFilter(req, res);
}
}
春季版本:4.1.1
弹簧安全:3.2.5
如果您使用 Spring Boot,任何通用FilterBean http://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/filter/GenericFilterBean.html(OncePerRequestFilter就是其中之一)上下文中会自动添加到过滤器链中。这意味着您上面的配置将包含相同的过滤器两次。
最简单的解决方法是定义一个过滤器注册Bean http://docs.spring.io/autorepo/docs/spring-boot/current/api/org/springframework/boot/context/embedded/FilterRegistrationBean.html在上下文中,并将其禁用:
<beans:bean id="customLogoutFilterRegistration" class="org.springframework.boot.context.embedded.FilterRegistrationBean">
<beans:property name="filter" ref="customLogoutFilter"/>
<beans:property name="enabled" value="false"/>
</beans:bean>
编辑(2020 年 11 月 3 日):
对于任何使用 SpringBoot 并希望使用注释注册 bean 的人。在 Spring Boot 应用程序初始值设定项文件(带有 @SpringBootApplication 注释的文件)中添加以下代码:
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new YourCustomFilterClassName());
registrationBean.setEnabled(false);
return registrationBean;
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)