- 论坛徽章:
- 0
|
Appfuse Version 1.9.3
org.acegisecurity.ui.logout.LogoutFilter
if (requiresLogout(httpRequest, httpResponse)) {
/**
判断是不是请求logout,如何实现uri以getContextPath+/j_acegi_logout结束的
*/
protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response)
{
String uri = request.getRequestURI();
int pathParamIndex = uri.indexOf(';');
if (pathParamIndex > 0) {
// strip everything after the first semi-colon
//去处;后面所有的字符,得到uri
uri = uri.substring(0, pathParamIndex);
}
//判断uri是不是以getContextPath+/j_acegi_logout的字符串
return uri.endsWith(request.getContextPath() + filterProcessesUrl);
}
/**
实现LogoutHandler的类,通过在security.xml中注入实现这个接口的类来实现
rememberMeServices实现类 TokenBasedRememberMeServices
cancelCookie(request, response, "Logout of user " + authentication.getName());
注销了在客户端的cookie,看看它是怎么实现的。
response.addCookie(makeCancelCookie(request));
添加了一个cookie
makeCancalCookie做了什么?
Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, null);
cookie.setMaxAge(0);
cookie.setPath(request.getContextPath());
name=ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE
value=null
时间为0,path为request.getContextPath())
以此来消除客户端的cookie??
org.acegisecurity.ui.logout.SecurityContextLogoutHandler
实现LogoutHandler,它做了一件事SecurityContextHolder.clearContext();
*/
handlers.logout(httpRequest, httpResponse, auth);
/**
至此logout操作完成了?
顺便看看
RememberMeServices接口在TokenBasedRememberMeServices中的实现
autoLogin方法
Cookie[] cookies = request.getCookies();
if (ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY.equals(cookies.getName())) {
String cookieValue = cookies.getValue();
Base64.isArrayByteBase64(cookieValue.getBytes())//对cookie value做了base64加密
String cookieAsPlainText = new String(Base64.decodeBase64(cookieValue.getBytes()));
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/19271/showart_146109.html |
|