退出登录
Spring Security 默认提供了一个退出登录端点。登录后,您可以使用 `GET /logout` 查看默认的退出登录确认页面,或者使用 `POST /logout` 来启动退出登录。这将
-
清除 `ServerCsrfTokenRepository`、`ServerSecurityContextRepository` 和
-
重定向回登录页面
通常,您还希望在退出登录时使会话失效。要实现此目的,您可以将 `WebSessionServerLogoutHandler` 添加到您的退出登录配置中,如下所示:
-
Java
-
Kotlin
@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
new SecurityContextServerLogoutHandler(), new WebSessionServerLogoutHandler()
);
http
.authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
.logout((logout) -> logout.logoutHandler(logoutHandler));
return http.build();
}@Bean
fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
val customLogoutHandler = DelegatingServerLogoutHandler(
SecurityContextServerLogoutHandler(), WebSessionServerLogoutHandler()
)
return http {
authorizeExchange {
authorize(anyExchange, authenticated)
}
logout {
logoutHandler = customLogoutHandler
}
}
}
