知識庫 / Spring / Spring Security RSS 訂閱

1. 概述

本文基於我們提供的 Form Login 教程，將重點介紹如何配置 退出登錄與 Spring Security。

2. 基本配置使用 logout() 方法的 Spring 註銷功能 的基本配置相當簡單:

@Configuration
@EnableWebSecurity
public class SecSecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
          //...
          .logout()
          //...
   }
   //...
}

並且使用XML配置：

<http>

    ...    
    <logout/>

</http>

該元素啓用默認註銷機制——該機制配置使用以下 註銷 URL: /logout，此前在 Spring Security 4中為 /j_spring_security_logout。

3. JSP 與註銷鏈接

繼續這個簡單的示例，在 Web 應用程序中提供 註銷鏈接 的方法如下：

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
   <head></head>
   <body>
      <a href="<c:url value="/logout" />">Logout</a>
   </body>
</html>

4. 高級定製

This section covers advanced customization options for the system. These options allow you to tailor the system to your specific needs and workflows.

4.1. Custom Event Handling

You can define custom event handlers to respond to specific actions within the system. This allows you to perform actions based on triggers, such as user actions, data changes, or system events.

4.1.1. Defining Event Handlers

To define an event handler, you need to:

• Specify the event type you want to listen for.
• Provide the code that will be executed when the event occurs.

// Example: Handling a 'user_created' event
function onUserCreated(userId, username, email) {
  // Perform actions related to the new user
  console.log("New user created:", userId, username, email);
  // Example: Send a welcome email
  // sendWelcomeEmail(userId, username, email);
}

// Register the event handler
system.on('user_created', onUserCreated);

4.2. Custom UI Components

You can create custom UI components to extend the system's user interface. This allows you to add new elements and functionality to the interface.

4.2.1. Creating Custom Components

To create a custom component, you need to:

• Define the component's structure and appearance.
• Implement the component's functionality.

<!-- Example: A simple custom button -->
<button id="myButton" onclick="doSomething()">Click Me</button>

<script>
  function doSomething() {
    alert("Button clicked!");
  }
</script>

4.1. logoutSuccessUrl()

在註銷流程成功執行後，Spring Security 將會將用户重定向到指定的頁面。默認情況下，該頁面是根頁面 (/)，但可以配置更改。

//...
.logout()
.logoutSuccessUrl("/afterlogout.html")
//...

<logout logout-success-url="/afterlogout.html" />

//...
.logout()
.logoutSuccessUrl("/login.html")
//...

.logout()
.logoutUrl("/perform_logout")

<logout 
  logout-success-url="/anonymous.html" 
  logout-url="/perform_logout" />

.logout()
.logoutUrl("/perform_logout")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")

<logout 
  logout-success-url="/anonymous.html" 
  logout-url="/perform_logout"
  delete-cookies="JSESSIONID" />

@Bean
public LogoutSuccessHandler logoutSuccessHandler() {
    return new CustomLogoutSuccessHandler();
}

//...
.logout()
.logoutSuccessHandler(logoutSuccessHandler());
//...

<logout 
  logout-url="/perform_logout"
  delete-cookies="JSESSIONID"
  success-handler-ref="customLogoutSuccessHandler" />

...
<beans:bean name="customUrlLogoutSuccessHandler" />

public class CustomLogoutSuccessHandler extends 
  SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {

    @Autowired 
    private AuditService auditService; 

    @Override
    public void onLogoutSuccess(
      HttpServletRequest request, 
      HttpServletResponse response, 
      Authentication authentication) 
      throws IOException, ServletException {
 
        String refererUrl = request.getHeader("Referer");
        auditService.track("Logout from: " + refererUrl);

        super.onLogoutSuccess(request, response, authentication);
    }
}