怎么写spring security的登出处理器来控制登出

1.先写一个处理器,实现LogoutSuccessHandler接口

package com.lzy.security;

import cn.hutool.json.JSONUtil;
import com.lzy.common.lang.Result;
import com.lzy.util.JwtUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class JwtLogoutSuccessHandler implements LogoutSuccessHandler {
    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        if (authentication != null) {
            new SecurityContextLogoutHandler().logout(request, response, authentication);
        }
        // 将响应的内容类型设置为JSON
        response.setContentType("application/json;charset=utf-8");
        // 获取响应的输出流
        ServletOutputStream out = response.getOutputStream();
        //生成JWT,并且放置到请求头
        response.setHeader("Authorization", "");
        // 创建一个包含异常消息的Result对象
        Result result = Result.success("成功");
        // 将Result对象转换为JSON字符串，并写入输出流
        out.write(JSONUtil.toJsonStr(result).getBytes("UTF-8"));
        // 刷新输出流
        out.flush();
        // 关闭输出流
        out.close();
    }
}

2.在配置文件中使用就行了

package com.lzy.config;
 
import com.lzy.security.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启方法级别的权限注解
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    LoginFailureHandler loginFailureHandler;
    @Autowired
    LoginSuccessHandler loginSuccessHandler;
    @Autowired
    CaptchaFilter captchaFilter;
    @Autowired
    JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
    @Autowired
    JwtAccessDeniedHandler jwtAccessDeniedHandler;
    @Autowired
    UserDetailsServiceImpl userDetailsServiceImpl;

    @Bean
    JwtAuthenticationFilter jwtAuthenticationFilter() throws Exception {
        return new JwtAuthenticationFilter(authenticationManager());
    }
    @Bean
    BCryptPasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Autowired
    JwtLogoutSuccessHandler jwtLogoutSuccessHandler;


    private static final String[] URL_WHITELIST = {
            "/login",
            "/logout",
            "/captcha",
            "/favicon.ico", // 防止 favicon 请求被拦截
    };

    protected void configure(HttpSecurity http) throws Exception {

        //跨域配置
        http.cors().and().csrf().disable()
                //登录配置
                .formLogin()
                .successHandler(loginSuccessHandler).failureHandler(loginFailureHandler)
                //登出配置
                .and().logout().logoutSuccessHandler(jwtLogoutSuccessHandler)
                //禁用session
                .and().sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                //配置拦截规则
                .and().authorizeRequests()
                //白名单
                .antMatchers(URL_WHITELIST).permitAll()
                //其他请求都需要认证
                .anyRequest().authenticated()
                //异常处理器
                .and().exceptionHandling()
                .authenticationEntryPoint(jwtAuthenticationEntryPoint)
                .accessDeniedHandler(jwtAccessDeniedHandler)
                //JWT验证过滤器
                .and().addFilter(jwtAuthenticationFilter())
                //配置自定义的过滤器
                .addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class);

    }


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(passwordEncoder());
    }

}

在这里进行引用

 .and().logout().logoutSuccessHandler(jwtLogoutSuccessHandler)