退出登录
Spring Security 默认提供了一个退出登录端点。登录后,你可以通过 GET /logout 查看默认的退出登录确认页面,或者通过 POST /logout 发起退出登录。这将
-
清除
ServerCsrfTokenRepository、ServerSecurityContextRepository,并且 -
重定向回登录页面
通常,你可能还希望在退出登录时使会话失效。为此,你可以将 WebSessionServerLogoutHandler 添加到退出登录配置中,如下所示
-
Java
-
Kotlin
@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
new SecurityContextServerLogoutHandler(), new WebSessionServerLogoutHandler()
);
http
.authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
.logout((logout) -> logout.logoutHandler(logoutHandler));
return http.build();
}@Bean
fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
val customLogoutHandler = DelegatingServerLogoutHandler(
SecurityContextServerLogoutHandler(), WebSessionServerLogoutHandler()
)
return http {
authorizeExchange {
authorize(anyExchange, authenticated)
}
logout {
logoutHandler = customLogoutHandler
}
}
}
