Spring Security 4 output example (with source)

Source: Internet
Author: User

Previous: Spring Security 4 Custom Login form annotations and XML examples

Next: Spring Security 4 Safe View Picture segment using tags (Spring security tab)


Original address: http://websystique.com/spring-security/spring-security-4-logout-example/

"Translated articles, click on the Spring Security 4 in category"

"Translation by clearly like the month QQ 605283073"


This article shows that the Spring Security program exits the user and is also valid for the browser return button.



Of course in the view, you should provide an exit link to exit. Similar to the following:

<%@ page language= "java" contenttype= "text/html; Charset=iso-8859-1 "pageencoding=" iso-8859-1 "%><%@ taglib prefix=" C "uri=" Http://java.sun.com/jsp/jstl/core " %>

You just need to map the/logou link in your controller.

@RequestMapping (value= "/logout", method = requestmethod.get) public String logoutpage (HttpServletRequest request, HttpServletResponse response) {    Authentication auth = Securitycontextholder.getcontext (). Getauthentication ();    if (auth! = null) {            new Securitycontextlogouthandler (). Logout (Request, response, auth);    }    return "Redirect:/login?logout";//you can redirect wherever you want, but generally it's a good practice to show login SCR Een again.}

Here first we are usingSecuritycontextholder.getcontext (). Getauthentication () agoVerifies that the user has been authenticated.

Then call Securitycontextlogouthandler (). Logout (Request, response, auth) to exit

Logout Call Flow:

 1 will  http Session is voided, unbinding all objects it binds to.

 2 from securitycontext remove authentication The problem of preventing concurrent requests.

3 explicitly clear the value in the context of the current thread.

You no longer need to process an exit elsewhere in your app.

Note: You don't even need to add any configuration in your spring, whether it's annotation-based or XML-based.

Package com.websystique.springsecurity.configuration; Import Org.springframework.beans.factory.annotation.autowired;import Org.springframework.context.annotation.configuration;import Org.springframework.security.config.annotation.authentication.builders.authenticationmanagerbuilder;import Org.springframework.security.config.annotation.web.builders.httpsecurity;import Org.springframework.security.config.annotation.web.configuration.enablewebsecurity;import Org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration @enablewebsecuritypublic class Securityconfiguration extends Websecurityconfigureradapter {@Autowi Red public void configureglobalsecurity (Authenticationmanagerbuilder auth) throws Exception {auth.inmemoryauthe        Ntication (). Withuser ("Bill"). Password ("abc123"). Roles ("USER");        Auth.inmemoryauthentication (). Withuser ("admin"). Password ("root123"). Roles ("admin"); Auth.inmemoryauthentication (). Withuser ("DBA "). Password (" root123 "). Roles (" ADMIN "," DBA ");         } @Override protected void Configure (Httpsecurity http) throws Exception {http.authorizerequests () . Antmatchers ("/", "Home"). Permitall (). Antmatchers ("/admin/**"). Access ("Hasrole (' admin ')"). ANTMATC Hers ("/db/**"). Access ("Hasrole (' ADMIN ') and Hasrole (' DBA ')"). and (). Formlogin (). LoginPage ("/login"). Usernam Eparameter ("Ssoid"). Passwordparameter ("password"). and (). ExceptionHandling (). Accessdeniedpage ("/access_denied")    ; }}

There is no exit processing in the above configuration.


The corresponding XML configuration for the above configuration is:

<beans:beans xmlns= "http://www.springframework.org/schema/security" xmlns:beans= "http// Www.springframework.org/schema/beans "xmlns:xsi=" Http://www.w3.org/2001/XMLSchema-instance "xsi:schemalocation="    Http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd Http://www.springframework.org/schema/security http://www.springframework.org/schema/security/ Spring-security-4.0.xsd "> 


The rest of the code is the same as mentioned in this article series.


Deployment & Startup
Download the complete code for this project. In Servlet 3.0(TOMCAT7/8)Build and deploy in the container.
Open Browser Input:http://localhost:8080/SpringSecurityCustomLogoutExample/


Re-visitHttp://localhost:8080/SpringSecurityCustomLogoutExample/admin will be transferred to the login screen



Log in with a configured Amind account


Click the exit link



Clicking the browser Back button will still be blocked at the login screen



This article concludes. The next article will show or hide part of the JSP or view based on the label of the Spring Security, Depending on the role of the logged-on user.


SOURCE Download: http://websystique.com/?smd_process_download=1&download_id=1375


Spring Security 4 output example (with source)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.