English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
The previous article introduced the integration of Shiro with SpringMVC for the login process, obtaining the user's account and password through the FormAuthenticationFilter.
Shiro is a widely used security layer framework that seamlessly integrates with Spring through XML configuration. The user's login/Logout/Permission Control/The management of basic functions such as Cookie is entrusted to Shiro.
Generally, in a JavaWEB management platform system, before a user logs out of the system, it is necessary to clear user data and close connections to prevent the accumulation of garbage data. Shiro provides the LogoutFilter to achieve this. We can inherit LogoutFilter, override the preHandle method, and implement the cache clearing function.
spring-shiro.xml:
<!-- Security Authentication Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/b/login" />
<property name="successUrl" value="/b" />
<property name="filters">
<map>
<!--Logout Filter-->
<entry key="logout" value-ref="systemLogoutFilter" />
</map>
</property>
<property name="filterChainDefinitions">
<value>
/b/login = authc
/b/logout = logout
/b/** = user
</value>
</property>
</bean>
When the called path matches to/b/When the logout operation is performed, it will enter the SystemLogoutFilter filter. SystemLogoutFilter inherits from LogoutFilter and overrides the preHandle method to clear the necessary data.
@Service
public class SystemLogoutFilter extends LogoutFilter {
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
//Data that needs to be cleared before executing the system logout operation should be executed here
Subject subject = getSubject(request, response);
String redirectUrl = getRedirectUrl(request, response, subject);
try {
subject.logout();
} catch (SessionException ise) {
ise.printStackTrace();
}
issueRedirect(request, response, redirectUrl);
//Returning false indicates that the subsequent filter is not executed, and the page is directly returned to the login page
return false;
}
}
Note that it needs to be managed by the Spring container through the @Service annotation, in spring-Configure shiro filter directly in shiro.xml
<entry key="logout" value-ref="systemLogoutFilter" />
That's all for this article, I hope it will be helpful to everyone's learning, and I also hope everyone will support the呐喊 tutorial more.
Declaration: The content of this article is from the Internet, the copyright belongs to the original author, the content is contributed and uploaded by Internet users spontaneously, this website does not own the copyright, has not been manually edited, and does not bear relevant legal liability. If you find content suspected of copyright infringement, please send an email to: notice#oldtoolbag.com (Please replace # with @ when sending an email for reporting, and provide relevant evidence. Once verified, this site will immediately delete the content suspected of infringement.)