17 vuotta sitten · 9f45f95fab
--- a/core/src/main/java/org/springframework/security/ui/logout/LogoutFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/logout/LogoutFilter.java
@@ -30,6 +30,7 @@ import org.springframework.security.context.SecurityContextHolder;
 
				 import org.apache.commons.logging.Log;

			
 
				 import org.apache.commons.logging.LogFactory;

			
 
				 import org.springframework.util.Assert;

			
 
				+import org.springframework.util.StringUtils;

			
 
				 

			
 
				 /**

			
 
				  * Logs a principal out.

			
@@ -64,7 +65,6 @@ public class LogoutFilter extends SpringSecurityFilter {
 
				     //~ Constructors ===================================================================================================

			
 
				 

			
 
				     public LogoutFilter(String logoutSuccessUrl, LogoutHandler[] handlers) {

			
 
				-        Assert.hasText(logoutSuccessUrl, "LogoutSuccessUrl required");

			
 
				         Assert.notEmpty(handlers, "LogoutHandlers are required");

			
 
				         this.logoutSuccessUrl = logoutSuccessUrl;

			
 
				         this.handlers = handlers;

			
@@ -86,7 +86,9 @@ public class LogoutFilter extends SpringSecurityFilter {
 
				                 handlers[i].logout(request, response, auth);

			
 
				             }

			
 
				 

			
 
				-            sendRedirect(request, response, logoutSuccessUrl);

			
 
				+            String targetUrl = determineTargetUrl(request, response);

			
 
				+

			
 
				+            sendRedirect(request, response, targetUrl);

			
 
				 

			
 
				             return;

			
 
				         }

			
@@ -125,6 +127,32 @@ public class LogoutFilter extends SpringSecurityFilter {
 
				         return uri.endsWith(request.getContextPath() + filterProcessesUrl);

			
 
				     }

			
 
				 

			
 
				+    /**

			
 
				+     * Returns the target URL to redirect to after logout.

			
 
				+     * <p>

			
 
				+     * By default it will check for a <tt>logoutSuccessUrl</tt> parameter in

			
 
				+     * the request and use this. If that isn't present it will use the configured <tt>logoutSuccessUrl</tt>. If this

			
 
				+     * hasn't been set it will check the Referer header and use the URL from there.

			
 
				+     *

			
 
				+     */

			
 
				+    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {

			
 
				+        String targetUrl = request.getParameter("logoutSuccessUrl");

			
 
				+

			
 
				+        if(!StringUtils.hasLength(targetUrl)) {

			
 
				+            targetUrl = logoutSuccessUrl;

			
 
				+        }

			
 
				+

			
 
				+        if (!StringUtils.hasLength(targetUrl)) {

			
 
				+            targetUrl = request.getHeader("Referer");

			
 
				+        }        

			
 
				+

			
 
				+        if (!StringUtils.hasLength(targetUrl)) {

			
 
				+            targetUrl = "/";

			
 
				+        }

			
 
				+

			
 
				+        return targetUrl;

			
 
				+    }

			
 
				+

			
 
				     /**

			
 
				      * Allow subclasses to modify the redirection message.

			
 
				      *