接上文Spring Cloud下基于OAUTH2认证授权的实现,我们将基于Spring Cloud实现OAUTH2的注销功能。
1 增加自定义注销Endpoint
所谓注销只需将access_token
和refresh_token
失效即可,我们模仿org.springframework.security.oauth2.provider.endpoint.TokenEndpoint
写一个使access_token
和refresh_token
失效的Endpoint
:
@FrameworkEndpoint
public class RevokeTokenEndpoint {
@Autowired
@Qualifier("consumerTokenServices")
ConsumerTokenServices consumerTokenServices;
@RequestMapping(method = RequestMethod.DELETE, value = "/oauth/token")
@ResponseBody
public String revokeToken(String access_token) {
if (consumerTokenServices.revokeToken(access_token)){
return "注销成功";
}else{
return "注销失败";
}
}
}