All geek questions in one place

How to perform an operation immediately before logging off in spring?

First of all, this is not a duplicate question, I checked the answers here ! and also here ! but could not get it to work.

I also want to execute it immediately before logging out, so I cannot use logoutSuccessHandler.

So, I need to create a custom LOGOUT_FILTER file, which is really hard for me to get it working with.

here is my spring -security xml in which I tried two methods at first was: -

<custom-filter ref="logoutFilter" position="LOGOUT_FILTER" /> <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg index="0" value="/logoutSuccess" /> <beans:constructor-arg index="1"> <beans:list> <beans:bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /> <beans:bean id="myLogoutHandler" class="com.fe.cms.listener.SimpleLogoutHandler" /> </beans:list> </beans:constructor-arg> <beans:property name="filterProcessesUrl" value="/logout" /> </beans:bean>

but it gives me an error

 Configuration problem: Security namespace does not support decoration of element [custom-filter]

then I tried ..

 <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg index="0" value="/logout" /> <beans:constructor-arg index="1"> <beans:ref bean="securityContextLogoutHandler" /> <beans:ref bean="myLogoutHandler" /> </beans:constructor-arg> <beans:property name="filterProcessesUrl" value="/logout" /> </beans:bean> <beans:bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /> <beans:bean id="myLogoutHandler" class="com.fe.cms.listener.SimpleLogoutHandler" /> <http auto-config="false" entry-point-ref="authenticationManger"> <custom-filter ref="logoutFilter" position="LOGOUT_FILTER" /> </http>

but it gives me an error: -

 org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#48' while setting bean property 'sourceList' with key [48]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#48': Cannot create inner bean '(inner bean)' of type [org.springframework.security.web.access.ExceptionTranslationFilter] while setting constructor argument with key [6]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#181': Could not resolve matching constructor (hint: specify index/type/name arguments for simple parameters to avoid type ambiguities)

Please tell me where I am doing wrong. I will publish full xml files if necessary

+5
source share
3 answers

According to your clarification, you want to access the session and execute some logic. Instead of hacking a custom LogoutFilter , just write an ApplicationListener that listens for HttpSessionDestroyedEvent s.

 @Component public class SessionListener implements ApplicationListener<HttpSessionDestroyedEvent> { public void onApplicationEvent(HttpSessionDestroyedEvent evt) { HttpSession session = evt.getSession(); // Your logic here } }

To receive repeated events, make sure you register HttpSessionEventPublisher in your web.xml.

 <listener> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> </listener>

The main advantage of this solution is that you can also process sessions with a timeout and not only regular exits.

+1
source

If you need to perform some operation just before logging out, I suggest that Spring hooks can help you.

You can implement a class like this:

 public class JustBeforeLogoutInterceptor extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { boolean res = super.preHandle(request, response, handler); // // your code... // return res; } }

Then you need to configure the interceptor:

 <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/logout" /> <bean class="your.app.JustBeforeLogoutInterceptor" /> </mvc:interceptor> </mvc:interceptors>

That should work. Give it a try.

+1
source

You can try to extend the current LogoutFilter and execute your own logic before calling the doFilter superclass method.

Like this

 public class CustomLogoutFilter extends LogoutFilter { @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; if (requiresLogout(request, response)) { // IMPLEMENT YOUR CUSTOM LOGIC HERE super.doFilter(req, res, chain); return; } chain.doFilter(request, response); } }

Then you should replace default LogoutFilter with your CustomLogoutFilter

 <http> <custom-filter position="LOGOUT_FILTER" ref="customLogoutFilter" /> </http> <bean id="customLogutFilter" class="example.CustomLogoutFilter"> <property name="filterProcessesUrl" value="/logout" /> <!-- Put other needed properties here--> </bean>
0
source

Source: https://habr.com/ru/post/1207377/

More articles:


All Articles