退出登入
Spring Security 預設提供了一個退出登入端點。登入後,你可以透過 GET /logout 檢視預設的退出登入確認頁面,或者透過 POST /logout 發起退出登入。這將
-
清除
ServerCsrfTokenRepository、ServerSecurityContextRepository,並且 -
重定向回登入頁面
通常,你可能還希望在退出登入時使會話失效。為此,你可以將 WebSessionServerLogoutHandler 新增到退出登入配置中,如下所示
-
Java
-
Kotlin
@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
new SecurityContextServerLogoutHandler(), new WebSessionServerLogoutHandler()
);
http
.authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
.logout((logout) -> logout.logoutHandler(logoutHandler));
return http.build();
}@Bean
fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
val customLogoutHandler = DelegatingServerLogoutHandler(
SecurityContextServerLogoutHandler(), WebSessionServerLogoutHandler()
)
return http {
authorizeExchange {
authorize(anyExchange, authenticated)
}
logout {
logoutHandler = customLogoutHandler
}
}
}
