一:Spring Security默认退出处理逻辑
- 使当前session失效
- 清楚与当前用户相关的remember-me记录
- 清空当前的SecurityContext
- 重定向到登录页
二:Spring Security 登出配置
spring security登出配置sping给出了一套默认值,如果不使用默认值,可以配置自己的值
- logoutUrl:登出对应的地址
- logoutSuccessHandler:登出成功后可以在这里处理自己的登出逻辑
- deleteCookies:登出成功后删除指定的Cookie
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.antMatchers("/login", "/session/invalid", "/logout", "/signOut").permitAll()
.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(myLogoutSuccessHandler)
.deleteCookies("JSESSIONID")
.permitAll();
}
@Slf4j
@Component
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
log.info("退出成功");
response.sendRedirect("/signOut");
}
}
三:登出页面
路径与视图的简单映射
@Configuration
public class WebMvcConfiguration implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.addViewController("/signOut").setViewName("signOut");
registry.addViewController("/index").setViewName("index");
}
}
signOut.html 登出页面
<!DOCTYPE html>
<html lang="en"
xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="utf-8">
<title>退出</title>
</head>
<body>
退出成功
</body>
</html>