Why my logourFilter doesn't work&

Printable View

Nov 8th, 2010, 05:26 AM
Shikarno

Why my logourFilter doesn't work&

Please help me! Why my logout filter doesn't work? It is not redirecting me to logout.htm. But if i put it redirect to <http> section, it works

Code:

<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http use-expressions="true"> <intercept-url pattern="/home.htm" access="hasRole('ROLE_CANDIDATE')" requires-channel="https" /> <intercept-url pattern="/*" access="permitAll" requires-channel="https" /> <logout /> <form-login default-target-url="/home.htm" /> </http> <beans:bean id="logoutHandler" class="business.service.UserLogoutHandler" /> <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg value="/logout.htm" /> <beans:constructor-arg> <beans:list> <beans:ref bean="logoutHandler" /> </beans:list> </beans:constructor-arg> </beans:bean> <beans:bean id="userLoginService" class="business.service.UserLoginService" /> <authentication-manager> <authentication-provider user-service-ref="userLoginService" /> </authentication-manager> </beans:beans>
Nov 8th, 2010, 05:33 AM
Luke Taylor

You're assuming that just declaring a bean will automatically cause it to be used. This isn't the case.

In your configuration, <logout /> will create a separate filter which will be used and your separate bean will be ignored. If you want to use a custom logout filter, remove the namespace element and plug your filter into the namespace as described in the namespace documentation.
Nov 8th, 2010, 06:45 AM
Shikarno

If i add

Code:

<custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>

it must work, but it doesn't
Nov 8th, 2010, 07:00 AM
Luke Taylor

It should.

When it comes down to it, there's not very much to logging out. It is just a URL with some functionality attached (typically invalidating the session). It is just as easily done in something like an MVC controller so you might find that easier to understand. There's no real requirement that it is implemented within Spring Security.
Nov 8th, 2010, 07:57 AM
Shikarno

It doesn't work because of this error

Code:

INFO: Undeploying context [/staffing] 8 ышёЄ 2010 15:39:00 org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive staffing.war log4j:WARN No appenders could be found for logger (org.springframework.web. xt.ContextLoader). log4j:WARN Please initialize the log4j system properly. 8 ышёЄ 2010 15:39:01 org.apache.catalina.core.StandardContext start SEVERE: Error listenerStart 8 ышёЄ 2010 15:39:01 org.apache.catalina.core.StandardContext start SEVERE: Context [/staffing] startup failed due to previous errors 8 ышёЄ 2010 15:39:42 org.apache.catalina.startup.HostConfig checkResources

Without custom filter it is undeployed and works fine
Nov 8th, 2010, 09:40 AM
Luke Taylor

That's just output from Tomcat - you'll need to get some proper debug logging output from Spring to see what the real error is. Debug logging is essential. As always I'd recommend that you use one of the sample applications as a setup guide so that you are starting with a working configuration.
Nov 8th, 2010, 01:42 PM
Shikarno

Thanks a lot! The last problem was that my filter has the same order as default logoutfilter. I need my own logoutfilter for the future. Now it all works fine!
Nov 8th, 2010, 04:30 PM
Luke Taylor

Quote:

Originally Posted by Shikarno

Thanks a lot! The last problem was that my filter has the same order as default logoutfilter. I need my own logoutfilter for the future. Now it all works fine!

That's why you need to remove the <logout /> element. Good to hear you worked it out.