首页 > 其他分享 >SpringSecurity过滤器之LogoutFilter

SpringSecurity过滤器之LogoutFilter

时间:2023-05-02 18:33:43浏览次数:45  
标签:HttpServletRequest LogoutFilter request SpringSecurity authentication logout 过滤器

LogoutFilter用于注销登录。

private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
		throws IOException, ServletException {
	if (requiresLogout(request, response)) {
		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
		if (this.logger.isDebugEnabled()) {
			this.logger.debug(LogMessage.format("Logging out [%s]", auth));
		}
		this.handler.logout(request, response, auth);
		this.logoutSuccessHandler.onLogoutSuccess(request, response, auth);
		return;
	}
	chain.doFilter(request, response);
}

requiresLogout判断是否是注销登录请求(请求路径是否是/logout)。若是handler.logout注销登录,logoutSuccessHandler.onLogoutSuccess是注销成功后的处理(默认重定向到/login?logout)。handle是CompositeLogoutHandler。

 
CompositeLogoutHandler#logout

public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
	for (LogoutHandler handler : this.logoutHandlers) {
		handler.logout(request, response, authentication);
	}
}

logoutHandlers默认有CsrfLogoutHandler,SecurityContextLogoutHandler,LogoutSuccessEventPublishingLogoutHandler。

CsrfLogoutHandler

public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
	this.csrfTokenRepository.saveToken(null, request, response);
}

将csrf_token置为null。

SecurityContextLogoutHandler

public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
	Assert.notNull(request, "HttpServletRequest required");
	if (this.invalidateHttpSession) {
		HttpSession session = request.getSession(false);
		if (session != null) {
			session.invalidate();
			if (this.logger.isDebugEnabled()) {
				this.logger.debug(LogMessage.format("Invalidated session %s", session.getId()));
			}
		}
	}
	SecurityContext context = SecurityContextHolder.getContext();
	SecurityContextHolder.clearContext();
	if (this.clearAuthentication) {
		context.setAuthentication(null);
	}
}

将Session置为无效。清空SecurityContextHolder。

LogoutSuccessEventPublishingLogoutHandler

public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
	if (this.eventPublisher == null) {
		return;
	}
	if (authentication == null) {
		return;
	}
	this.eventPublisher.publishEvent(new LogoutSuccessEvent(authentication));
}

发布LogoutSuccessEvent事件。

标签:HttpServletRequest,LogoutFilter,request,SpringSecurity,authentication,logout,过滤器
From: https://www.cnblogs.com/shigongp/p/17368003.html

相关文章

  • SpringSecurity过滤器之DefaultLoginPageGeneratingFilter
    DefaultLoginPageGeneratingFilter用于生成默认登录页。privatevoiddoFilter(HttpServletRequestrequest,HttpServletResponseresponse,FilterChainchain) throwsIOException,ServletException{ booleanloginError=isErrorPage(request); booleanlogoutSuccess......
  • SpringSecurity过滤器之SecurityContextHolderAwareRequestFilter,RequestCacheAwareFi
    SecurityContextHolderAwareRequestFilterSecurityContextHolderAwareRequestFilter对Servelet3.0的api做了封装。publicvoiddoFilter(ServletRequestreq,ServletResponseres,FilterChainchain) throwsIOException,ServletException{ chain.doFilter(this.requestF......
  • 哈希表与布隆过滤器
    一、哈希的整体思想最简单的哈希表其实就是数组,从数组中取出一个数的时间复杂度是O(1)的。但是数组下标类型是整型的,万一我的下标类型不是整型了该怎么办呢?比如说字符串型,典型的就是我想查找某个单词存不存在。还有些更复杂的数据类型,比如自定义的类型。那么问题就来了,如何满足任......
  • springSecurity过滤器之AnonymousAuthenticationFilter
    SpringSecurity提供了匿名登录功能,让我们不登录也能访问。比如/anoy路径及子路径都能匿名访问,配置如下:@ConfigurationpublicclassMySecurityConfigextendsWebSecurityConfigurerAdapter{@Overrideprotectedvoidconfigure(HttpSecurityhttp)throwsException......
  • SpringSecurity过滤器之SecurityContextPersistenceFilter
    SecurityContextPersistenceFilter在请求之前从配置的SecurityContextRepository获得的信息填充SecurityContextHolder,并在请求完成并清除上下文holder后将其存储回存储库。默认情况下,它使用HttpSessionSecurityContextRepository。privatevoiddoFilter(HttpServletRequestreq......
  • SpringSecurity过滤器之SessionManagementFilter
    SessionManagementFilter检测用户自请求开始以来是否已通过身份验证,如果已通过,则调用SessionAuthenticationStrategy以执行任何与会话相关的活动,例如激活会话固定保护机制或检查多个并发登录。配置如下:@ConfigurationpublicclassMySecurityConfigextendsWebSecurityConfigur......
  • 接口过期过滤器
    注解类importjava.lang.annotation.ElementType;importjava.lang.annotation.Retention;importjava.lang.annotation.RetentionPolicy;importjava.lang.annotation.Target;/***过期接口通知*/@Retention(RetentionPolicy.RUNTIME)@Target({ElementType.METHOD,......
  • 接口重复调用限制过滤器
    注解类importjava.lang.annotation.ElementType;importjava.lang.annotation.Retention;importjava.lang.annotation.RetentionPolicy;importjava.lang.annotation.Target;/***重复请求过滤器*/@Retention(RetentionPolicy.RUNTIME)@Target({ElementType.METHOD......
  • SpringBoot SpringSecurity 介绍(基于内存的验证)
    SpringBoot集成SpringSecurity+MySQL+JWT附源码,废话不多直接盘SpringBoot已经为用户采用默认配置,只需要引入pom依赖就能快速启动SpringSecurity。目的:验证请求用户的身份,提供安全访问优势:基于Spring,配置方便,减少大量代码内置访问控制方法permitAll()表示所匹配的......
  • SpringBoot 集成 SpringSecurity + MySQL + JWT 附源码,废话不多直接盘
    SpringBoot集成SpringSecurity+MySQL+JWT无太多理论,直接盘一般用于Web管理系统可以先看SpringBootSpringSecurity基于内存的使用介绍本文介绍如何整合SpringSecurity+MySQL+JWT数据结构数据库脚本:https://gitee.com/VipSoft/VipBoot/blob/develop/vipsoft-sec......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99