import javax.servlet.http.*;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.ui.logout.LogoutHandler;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
public class SecurityContextLogoutFams implements LogoutHandler, Ordered {
public SecurityContextLogoutFams() {
invalidateHttpSession = true;
order = 0x7fffffff;
}
//logout这个方法什么意思,有什么作用
public void logout(HttpServletRequest request,
HttpServletResponse response, Authentication authentication) {
Assert.notNull(request, "HttpServletRequest required");//什么意思
if (invalidateHttpSession) {
HttpSession session = request.getSession(false);//s什么意思
if (session != null)
session.invalidate();//什么意思
}
SecurityContextHolder.clearContext();//什么意思
}
public boolean isInvalidateHttpSession() {
return invalidateHttpSession;
}
public void setInvalidateHttpSession(boolean invalidateHttpSession) {
this.invalidateHttpSession = invalidateHttpSession;
}
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
private boolean invalidateHttpSession;
private int order;
}
------解决方案--------------------
logout该方法用于用户的注销,比如一个用户登陆某个网站,该网站肯定在session里面保存了用户的信息,在用户点击注销的时候触发该方法,用于销毁用户在session中存在的信息。
Assert.notNull(request, "HttpServletRequest required");//什么意思
起到提示的作用类似于前台的alert();
HttpSession session = request.getSession(false);//s什么意思
得到session
session.invalidate();//什么意思
注销
SecurityContextHolder.clearContext();//什么意思
spring自己封装的方法,可能也要清除一下