appfuse开读5

wutao8818

Appfuse Version 1.9.3

org.acegisecurity.ui.logout.LogoutFilter

if (requiresLogout(httpRequest, httpResponse)) {
   
/**
  判断是不是请求logout,如何实现uri以getContextPath+/j_acegi_logout结束的
*/
protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response)
{
        String uri = request.getRequestURI();
        int pathParamIndex = uri.indexOf(';');
        if (pathParamIndex > 0) {
            // strip everything after the first semi-colon
         //去处;后面所有的字符,得到uri
            uri = uri.substring(0, pathParamIndex);
        }
        //判断uri是不是以getContextPath+/j_acegi_logout的字符串
        return uri.endsWith(request.getContextPath() + filterProcessesUrl);
    }

/**
实现LogoutHandler的类，通过在security.xml中注入实现这个接口的类来实现

               

rememberMeServices实现类 TokenBasedRememberMeServices
cancelCookie(request, response, "Logout of user " + authentication.getName());
注销了在客户端的cookie,看看它是怎么实现的。
  response.addCookie(makeCancelCookie(request));
添加了一个cookie

makeCancalCookie做了什么?

Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, null);
        cookie.setMaxAge(0);
        cookie.setPath(request.getContextPath());
name=ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE
value=null
时间为0，path为request.getContextPath())
以此来消除客户端的cookie??


org.acegisecurity.ui.logout.SecurityContextLogoutHandler
实现LogoutHandler,它做了一件事SecurityContextHolder.clearContext();


*/
handlers.logout(httpRequest, httpResponse, auth);
/**
至此logout操作完成了？

顺便看看
RememberMeServices接口在TokenBasedRememberMeServices中的实现

autoLogin方法

Cookie[] cookies = request.getCookies();

if (ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY.equals(cookies.getName())) {

String cookieValue = cookies.getValue();

Base64.isArrayByteBase64(cookieValue.getBytes())//对cookie value做了base64加密

String cookieAsPlainText = new String(Base64.decodeBase64(cookieValue.getBytes()));








本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/19271/showart_146109.html