1.先写一个处理器,实现LogoutSuccessHandler接口
package com.lzy.security;
import cn.hutool.json.JSONUtil;
import com.lzy.common.lang.Result;
import com.lzy.util.JwtUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class JwtLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
if (authentication != null) {
new SecurityContextLogoutHandler().logout(request, response, authentication);
}
// 将响应的内容类型设置为JSON
response.setContentType("application/json;charset=utf-8");
// 获取响应的输出流
ServletOutputStream out = response.getOutputStream();
//生成JWT,并且放置到请求头
response.setHeader("Authorization", "");
// 创建一个包含异常消息的Result对象
Result result = Result.success("成功");
// 将Result对象转换为JSON字符串,并写入输出流
out.write(JSONUtil.toJsonStr(result).getBytes("UTF-8"));
// 刷新输出流
out.flush();
// 关闭输出流
out.close();
}
}
2.在配置文件中使用就行了
package com.lzy.config;
import com.lzy.security.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启方法级别的权限注解
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
LoginFailureHandler loginFailureHandler;
@Autowired
LoginSuccessHandler loginSuccessHandler;
@Autowired
CaptchaFilter captchaFilter;
@Autowired
JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
@Autowired
JwtAccessDeniedHandler jwtAccessDeniedHandler;
@Autowired
UserDetailsServiceImpl userDetailsServiceImpl;
@Bean
JwtAuthenticationFilter jwtAuthenticationFilter() throws Exception {
return new JwtAuthenticationFilter(authenticationManager());
}
@Bean
BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Autowired
JwtLogoutSuccessHandler jwtLogoutSuccessHandler;
private static final String[] URL_WHITELIST = {
"/login",
"/logout",
"/captcha",
"/favicon.ico", // 防止 favicon 请求被拦截
};
protected void configure(HttpSecurity http) throws Exception {
//跨域配置
http.cors().and().csrf().disable()
//登录配置
.formLogin()
.successHandler(loginSuccessHandler).failureHandler(loginFailureHandler)
//登出配置
.and().logout().logoutSuccessHandler(jwtLogoutSuccessHandler)
//禁用session
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//配置拦截规则
.and().authorizeRequests()
//白名单
.antMatchers(URL_WHITELIST).permitAll()
//其他请求都需要认证
.anyRequest().authenticated()
//异常处理器
.and().exceptionHandling()
.authenticationEntryPoint(jwtAuthenticationEntryPoint)
.accessDeniedHandler(jwtAccessDeniedHandler)
//JWT验证过滤器
.and().addFilter(jwtAuthenticationFilter())
//配置自定义的过滤器
.addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(passwordEncoder());
}
}
在这里进行引用
.and().logout().logoutSuccessHandler(jwtLogoutSuccessHandler)