Spring-security源码-Filter之LogoutFilter(十三)
2021/11/10 17:14:11
本文主要是介绍Spring-security源码-Filter之LogoutFilter(十三),对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
负责处理登出相关逻辑,默认url映射是/logout
org.springframework.security.config.annotation.web.configurers.LogoutConfigurer 初始化
默认初始化处https://www.cnblogs.com/LQBlog/p/15508248.html#autoid-12-0-0
private void applyDefaultConfiguration(HttpSecurity http) throws Exception { //http本质也是build 这里都是配置默认的config configure add CsrfConfigurer http.csrf(); //默认增加一个WebAsyncManagerIntegrationFilter http.addFilter(new WebAsyncManagerIntegrationFilter()); //configures add ExceptionHandlingConfigurer http.exceptionHandling(); //configures add HeadersConfigurer http.headers(); //configures add SessionManagementConfigurer http.sessionManagement(); //configure add SecurityContextConfigurer http.securityContext(); //configure add RequestCacheConfigurer http.requestCache(); ///configure add AnonymousConfigurer http.anonymous(); ///configure add ServletApiConfigurer http.servletApi(); //configure DefaultLoginPageConfigurer http.apply(new DefaultLoginPageConfigurer<>()); //configure LogoutConfigurer http.logout(); }
通过http.logout().addLogoutHandler() 可以自定义handler
LogoutFilter
private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { //匹配是否能够处理 默认是/logout if (requiresLogout(request, response)) { //从SecurityContextHolder 获得Authentication信息 Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (this.logger.isDebugEnabled()) { this.logger.debug(LogMessage.format("Logging out [%s]", auth)); } /** * 调用CompositeLogoutHandler 他也实现了LogoutHandler 他只是一个统一的管理器 * 内部循环调用LogoutHandler * 默认有三种 * PersistentTokenBasedRememberMeServices <1> * SecurityContextLogoutHandler <2> * LogoutSuccessEventPublishingLogoutHandler<3> */ this.handler.logout(request, response, auth); //处理登出成功的SimpleUrlLogoutSuccessHandler 比如重定向到登录页 this.logoutSuccessHandler.onLogoutSuccess(request, response, auth); return; } chain.doFilter(request, response); }
<1>
org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices#logout
@Override public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { //清除cookile super.logout(request, response, authentication); if (authentication != null) { //删除token this.tokenRepository.removeUserTokens(authentication.getName()); } }
<2>
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler#logout
@Override public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { Assert.notNull(request, "HttpServletRequest required"); if (this.invalidateHttpSession) { HttpSession session = request.getSession(false); if (session != null) { //清空session session.invalidate(); if (this.logger.isDebugEnabled()) { this.logger.debug(LogMessage.format("Invalidated session %s", session.getId())); } } } if (this.clearAuthentication) { //清空 SecurityContext context = SecurityContextHolder.getContext(); context.setAuthentication(null); } //清空 SecurityContextHolder.clearContext(); }
<3>
发布一个spring的事件我们可以监听这个事件 知道某个用户登出了 参考:https://www.cnblogs.com/LQBlog/p/13878553.html#_label5
org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler#logout
@Override public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { if (this.eventPublisher == null) { return; } if (authentication == null) { return; } this.eventPublisher.publishEvent(new LogoutSuccessEvent(authentication)); }
这篇关于Spring-security源码-Filter之LogoutFilter(十三)的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-10-01基于Python+Vue开发的医院门诊预约挂号系统
- 2024-10-01基于Python+Vue开发的旅游景区管理系统
- 2024-10-01RestfulAPI入门指南:打造简单易懂的API接口
- 2024-10-01初学者指南:了解和使用Server Action
- 2024-10-01Server Component入门指南:搭建与配置详解
- 2024-10-01React 中使用 useRequest 实现数据请求
- 2024-10-01使用 golang 将ETH账户的资产平均分散到其他账户
- 2024-10-01JWT用户校验课程:从入门到实践
- 2024-10-01Server Component课程入门指南
- 2024-09-30Dnd-Kit学习:新手快速入门指南