Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-15 14:53:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-491: Add alternative options for determining logout URL.

Browse Source
This commit is contained in:
Luke Taylor 2008-01-31 15:48:04 +00:00
parent a305c9111f
commit 9f45f95fab
1 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
core/src/main/java/org/springframework/security/ui/logout/LogoutFilter.java
View File

@ -30,6 +30,7 @@ import org.springframework.security.context.SecurityContextHolder;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/** /**
* Logs a principal out. * Logs a principal out.
@ -64,7 +65,6 @@ public class LogoutFilter extends SpringSecurityFilter {
//~ Constructors =================================================================================================== //~ Constructors ===================================================================================================
public LogoutFilter(String logoutSuccessUrl, LogoutHandler[] handlers) { public LogoutFilter(String logoutSuccessUrl, LogoutHandler[] handlers) {
Assert.hasText(logoutSuccessUrl, "LogoutSuccessUrl required");
Assert.notEmpty(handlers, "LogoutHandlers are required"); Assert.notEmpty(handlers, "LogoutHandlers are required");
this.logoutSuccessUrl = logoutSuccessUrl; this.logoutSuccessUrl = logoutSuccessUrl;
this.handlers = handlers; this.handlers = handlers;
@ -86,7 +86,9 @@ public class LogoutFilter extends SpringSecurityFilter {
handlers[i].logout(request, response, auth); handlers[i].logout(request, response, auth);
} }
sendRedirect(request, response, logoutSuccessUrl); String targetUrl = determineTargetUrl(request, response);
sendRedirect(request, response, targetUrl);
return; return;
} }
@ -125,6 +127,32 @@ public class LogoutFilter extends SpringSecurityFilter {
return uri.endsWith(request.getContextPath() + filterProcessesUrl); return uri.endsWith(request.getContextPath() + filterProcessesUrl);
} }
/**
* Returns the target URL to redirect to after logout.
* <p>
* By default it will check for a <tt>logoutSuccessUrl</tt> parameter in
* the request and use this. If that isn't present it will use the configured <tt>logoutSuccessUrl</tt>. If this
* hasn't been set it will check the Referer header and use the URL from there.
*
*/
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
String targetUrl = request.getParameter("logoutSuccessUrl");
if(!StringUtils.hasLength(targetUrl)) {
targetUrl = logoutSuccessUrl;
}
if (!StringUtils.hasLength(targetUrl)) {
targetUrl = request.getHeader("Referer");
}
if (!StringUtils.hasLength(targetUrl)) {
targetUrl = "/";
}
return targetUrl;
}
/** /**
* Allow subclasses to modify the redirection message. * Allow subclasses to modify the redirection message.
* *