登出

Spring Security 默认提供一个登出端点。登录后,你可以 GET /logout 查看默认的登出确认页面,或者 POST /logout 来发起登出。这将

  • 清除 ServerCsrfTokenRepositoryServerSecurityContextRepository,并且

  • 重定向回登录页面

通常,你还会希望在登出时使会话失效。为此,你可以将 WebSessionServerLogoutHandler 添加到你的登出配置中,如下所示

  • Java

  • Kotlin

@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
    DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
            new SecurityContextServerLogoutHandler(), new WebSessionServerLogoutHandler()
    );

    http
        .authorizeExchange((authorize) -> authorize.anyExchange().authenticated())
        .logout((logout) -> logout.logoutHandler(logoutHandler));

    return http.build();
}
@Bean
fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
    val customLogoutHandler = DelegatingServerLogoutHandler(
        SecurityContextServerLogoutHandler(), WebSessionServerLogoutHandler()
    )

    return http {
        authorizeExchange {
            authorize(anyExchange, authenticated)
        }
        logout {
            logoutHandler = customLogoutHandler
        }
    }
}
© . This site is unofficial and not affiliated with VMware.