注销
Spring Security 默认提供注销端点。登录后,您可以 GET /logout 查看默认注销确认页面,或者 POST /logout 启动注销。这将
-
清除
ServerCsrfTokenRepository、ServerSecurityContextRepository和 -
重定向回登录页面
通常,您还希望在注销时使会话失效。要实现此目的,您可以将 WebSessionServerLogoutHandler 添加到您的注销配置中,如下所示
-
Java
-
Kotlin
@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
new SecurityContextServerLogoutHandler(), new WebSessionServerLogoutHandler()
);
http
.authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
.logout((logout) -> logout.logoutHandler(logoutHandler));
return http.build();
}@Bean
fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
val customLogoutHandler = DelegatingServerLogoutHandler(
SecurityContextServerLogoutHandler(), WebSessionServerLogoutHandler()
)
return http {
authorizeExchange {
authorize(anyExchange, authenticated)
}
logout {
logoutHandler = customLogoutHandler
}
}
}
