Announcement Announcement Module
Collapse
No announcement yet.
Why my logourFilter doesn't work& Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Why my logourFilter doesn't work&

    Please help me! Why my logout filter doesn't work? It is not redirecting me to logout.htm. But if i put it redirect to <http> section, it works
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
    	xmlns:beans="http://www.springframework.org/schema/beans"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
    								 http://www.springframework.org/schema/beans/spring-beans.xsd
    						         http://www.springframework.org/schema/jdbc
            						 http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
    								 http://www.springframework.org/schema/security
    								 http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    	<http use-expressions="true">
    		<intercept-url pattern="/home.htm" access="hasRole('ROLE_CANDIDATE')"
    			requires-channel="https" />
    		<intercept-url pattern="/*" access="permitAll"
    			requires-channel="https" />
    		<logout />
    		<form-login default-target-url="/home.htm" />
    
    	</http>
    
    	<beans:bean id="logoutHandler" class="business.service.UserLogoutHandler" />
    	<beans:bean id="logoutFilter"
    		class="org.springframework.security.web.authentication.logout.LogoutFilter">
    
    		<beans:constructor-arg value="/logout.htm" />
    		<beans:constructor-arg>
    			<beans:list>
    				<beans:ref bean="logoutHandler" />
    			</beans:list>
    		</beans:constructor-arg>
    	
    	</beans:bean>
    
    	<beans:bean id="userLoginService" class="business.service.UserLoginService" />
    	<authentication-manager>
    		<authentication-provider user-service-ref="userLoginService" />
    	</authentication-manager>
    </beans:beans>

  • #2
    You're assuming that just declaring a bean will automatically cause it to be used. This isn't the case.

    In your configuration, <logout /> will create a separate filter which will be used and your separate bean will be ignored. If you want to use a custom logout filter, remove the namespace element and plug your filter into the namespace as described in the namespace documentation.

    Comment


    • #3
      If i add
      Code:
      <custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>
      it must work, but it doesn't
      Last edited by Shikarno; Nov 8th, 2010, 07:54 AM.

      Comment


      • #4
        It should.

        When it comes down to it, there's not very much to logging out. It is just a URL with some functionality attached (typically invalidating the session). It is just as easily done in something like an MVC controller so you might find that easier to understand. There's no real requirement that it is implemented within Spring Security.

        Comment


        • #5
          It doesn't work because of this error
          Code:
          INFO: Undeploying context [/staffing]
          8 ышёЄ 2010 15:39:00 org.apache.catalina.startup.HostConfig deployWAR
          INFO: Deploying web application archive staffing.war
          log4j:WARN No appenders could be found for logger (org.springframework.web.
          xt.ContextLoader).
          log4j:WARN Please initialize the log4j system properly.
          8 ышёЄ 2010 15:39:01 org.apache.catalina.core.StandardContext start
          SEVERE: Error listenerStart
          8 ышёЄ 2010 15:39:01 org.apache.catalina.core.StandardContext start
          SEVERE: Context [/staffing] startup failed due to previous errors
          8 ышёЄ 2010 15:39:42 org.apache.catalina.startup.HostConfig checkResources
          Without custom filter it is undeployed and works fine

          Comment


          • #6
            That's just output from Tomcat - you'll need to get some proper debug logging output from Spring to see what the real error is. Debug logging is essential. As always I'd recommend that you use one of the sample applications as a setup guide so that you are starting with a working configuration.

            Comment


            • #7
              Thanks a lot! The last problem was that my filter has the same order as default logoutfilter. I need my own logoutfilter for the future. Now it all works fine!

              Comment


              • #8
                Originally posted by Shikarno View Post
                Thanks a lot! The last problem was that my filter has the same order as default logoutfilter. I need my own logoutfilter for the future. Now it all works fine!
                That's why you need to remove the <logout /> element. Good to hear you worked it out.

                Comment

                Working...
                X