Spring Security 支持在继承 WebSecurityConfigurerAdapter 的配置类中配置注销登录:
HttpSecurity 内的 logout()方法以一个 LogoutConfigurer 作为配置基础,创建一个用于注销登录的过滤器:
HttpSecurity:
public LogoutConfigurer<HttpSecurity> logout() throws Exception {return (LogoutConfigurer)this.getOrApply(new LogoutConfigurer());}public HttpSecurity logout(Customizer<LogoutConfigurer<HttpSecurity>> logoutCustomizer) throws Exception {logoutCustomizer.customize(this.getOrApply(new LogoutConfigurer()));return this;}
LogoutConfigurer:
public void configure(H http) throws Exception {LogoutFilter logoutFilter = this.createLogoutFilter(http);http.addFilter(logoutFilter);}private LogoutFilter createLogoutFilter(H http) {this.logoutHandlers.add(this.contextLogoutHandler);this.logoutHandlers.add(this.postProcess(new LogoutSuccessEventPublishingLogoutHandler()));LogoutHandler[] handlers = (LogoutHandler[])this.logoutHandlers.toArray(new LogoutHandler[0]);LogoutFilter result = new LogoutFilter(this.getLogoutSuccessHandler(), handlers);result.setLogoutRequestMatcher(this.getLogoutRequestMatcher(http));result = (LogoutFilter)this.postProcess(result);return result;}
它默认注册了一个 / logout 路由,用户通过访问该路由可以安全地注销其登录状态,包括使 HttpSession 失效、清空已配置的 Remember-me 验证,以及清空 SecurityContextHolder,并在注销成功之后重定向到 / login?logout 页面。
如有必要,还可以重新配置:
若有收获,就点个赞吧
0 人点赞
