登出
Spring Security 預設提供一個登出端點。登入後,你可以 GET /logout 檢視預設的登出確認頁面,或者 POST /logout 來發起登出。這將
-
清除
ServerCsrfTokenRepository、ServerSecurityContextRepository,並且 -
重定向回登入頁面
通常,你還會希望在登出時使會話失效。為此,你可以將 WebSessionServerLogoutHandler 新增到你的登出配置中,如下所示
-
Java
-
Kotlin
@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
new SecurityContextServerLogoutHandler(), new WebSessionServerLogoutHandler()
);
http
.authorizeExchange((authorize) -> authorize.anyExchange().authenticated())
.logout((logout) -> logout.logoutHandler(logoutHandler));
return http.build();
}@Bean
fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
val customLogoutHandler = DelegatingServerLogoutHandler(
SecurityContextServerLogoutHandler(), WebSessionServerLogoutHandler()
)
return http {
authorizeExchange {
authorize(anyExchange, authenticated)
}
logout {
logoutHandler = customLogoutHandler
}
}
}
