首先 都说自带默认 /logout 的登出地址。但是你不配置的话 默认是没有的
需要在
ResourceServerConfigurerAdapter中的
public void configure(HttpSecurity http) throws Exception
中增加
and()
.logout()
.logoutSuccessHandler(userLogoutSuccessHandler);
然后实现handler
@Component
public class UserLogoutSuccessHandler implements LogoutSuccessHandler {
@Autowired
private TokenStore tokenStore;
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
String accessToken = httpServletRequest.getHeader("authorization");
if(StringUtils.isNotBlank(accessToken)){
OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(accessToken.replace("Bearer ",""));
if(oAuth2AccessToken != null){
tokenStore.removeAccessToken(oAuth2AccessToken);
OAuth2RefreshToken oAuth2RefreshToken = oAuth2AccessToken.getRefreshToken();
tokenStore.removeRefreshToken(oAuth2RefreshToken);
tokenStore.removeAccessTokenUsingRefreshToken(oAuth2RefreshToken);
}
}
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().write("退出成功");
}