Spring Security 4 output example (with source)

Previous: Spring Security 4 Custom Login form annotations and XML examples

Next: Spring Security 4 Safe View Picture segment using tags (Spring security tab)

Original address: http://websystique.com/spring-security/spring-security-4-logout-example/

"Translated articles, click on the Spring Security 4 in category"

"Translation by clearly like the month QQ 605283073"

This article shows that the Spring Security program exits the user and is also valid for the browser return button.

Of course in the view, you should provide an exit link to exit. Similar to the following:

<%@ page language= "java" contenttype= "text/html; Charset=iso-8859-1 "pageencoding=" iso-8859-1 "%><%@ taglib prefix=" C "uri=" Http://java.sun.com/jsp/jstl/core " %>

You just need to map the/logou link in your controller.
@RequestMapping (value= "/logout", method = requestmethod.get) public String logoutpage (HttpServletRequest request, HttpServletResponse response) {    Authentication auth = Securitycontextholder.getcontext (). Getauthentication ();    if (auth! = null) {            new Securitycontextlogouthandler (). Logout (Request, response, auth);    }    return "Redirect:/login?logout";//you can redirect wherever you want, but generally it's a good practice to show login SCR Een again.}

Here first we are usingSecuritycontextholder.getcontext (). Getauthentication () agoVerifies that the user has been authenticated.
Then call Securitycontextlogouthandler (). Logout (Request, response, auth)  to exit
Logout Call Flow:
  1 will  http Session is voided, unbinding all objects it binds to. 
  2 from securitycontext remove authentication The problem of preventing concurrent requests. 
3 explicitly clear the value in the context of the current thread.
You no longer need to process an exit elsewhere in your app.
Note: You don't even need to add any configuration in your spring, whether it's annotation-based or XML-based.
Package com.websystique.springsecurity.configuration; Import Org.springframework.beans.factory.annotation.autowired;import Org.springframework.context.annotation.configuration;import Org.springframework.security.config.annotation.authentication.builders.authenticationmanagerbuilder;import Org.springframework.security.config.annotation.web.builders.httpsecurity;import Org.springframework.security.config.annotation.web.configuration.enablewebsecurity;import Org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration @enablewebsecuritypublic class Securityconfiguration extends Websecurityconfigureradapter {@Autowi Red public void configureglobalsecurity (Authenticationmanagerbuilder auth) throws Exception {auth.inmemoryauthe        Ntication (). Withuser ("Bill"). Password ("abc123"). Roles ("USER");        Auth.inmemoryauthentication (). Withuser ("admin"). Password ("root123"). Roles ("admin"); Auth.inmemoryauthentication (). Withuser ("DBA "). Password (" root123 "). Roles (" ADMIN "," DBA ");         } @Override protected void Configure (Httpsecurity http) throws Exception {http.authorizerequests () . Antmatchers ("/", "Home"). Permitall (). Antmatchers ("/admin/**"). Access ("Hasrole (' admin ')"). ANTMATC Hers ("/db/**"). Access ("Hasrole (' ADMIN ') and Hasrole (' DBA ')"). and (). Formlogin (). LoginPage ("/login"). Usernam Eparameter ("Ssoid"). Passwordparameter ("password"). and (). ExceptionHandling (). Accessdeniedpage ("/access_denied")    ; }}

There is no exit processing in the above configuration.

The corresponding XML configuration for the above configuration is:
<beans:beans xmlns= "http://www.springframework.org/schema/security" xmlns:beans= "http// Www.springframework.org/schema/beans "xmlns:xsi=" Http://www.w3.org/2001/XMLSchema-instance "xsi:schemalocation="    Http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd Http://www.springframework.org/schema/security http://www.springframework.org/schema/security/ Spring-security-4.0.xsd "> 

The rest of the code is the same as mentioned in this article series.

Deployment & Startup
Download the complete code for this project. In Servlet 3.0(TOMCAT7/8)Build and deploy in the container.
Open Browser Input:http://localhost:8080/SpringSecurityCustomLogoutExample/


Re-visitHttp://localhost:8080/SpringSecurityCustomLogoutExample/admin will be transferred to the login screen


Log in with a configured Amind account

Click the exit link


Clicking the browser Back button will still be blocked at the login screen


This article concludes. The next article will show or hide part of the JSP or view based on the label of the Spring Security, Depending on the role of the logged-on user.

SOURCE Download: http://websystique.com/?smd_process_download=1&download_id=1375

Spring Security 4 output example (with source)