这一篇就来讲讲如何退出登录的一些处理,包括如何退出登录、Spring Security默认的退出处理逻辑以及退出登录相关的配置项。
退出处理
如何退出登录
- 登录页
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
index<br>
<a href="/signOut">退出</a>
</body>
</html>
- 需要在主配置类中配置登出,将上面的url配置为登出路径,同时配置登出后跳转页面
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
.formLogin()
.loginPage("/authentication/require")
.loginProcessingUrl("/authentication/form")
.successHandler(meicloudAuthenticationSuccessHandler)
.failureHandler(meicloudAuthenticationFailureHandler)
.and()
.rememberMe()
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(3600)
.userDetailsService(userDetailsService)
.and()
.authorizeRequests()
.antMatchers("/authentication/require", securityProperties.getBrowser().getSignInPage(), "/code/*").permitAll()
.anyRequest()
.authenticated()
.and()
.logout()
// 配置推出的登录接口
.logoutUrl("/signOut")
// 退出登录后跳到的页面
.logoutSuccessUrl("meicloud-logout.html")
.and()
.csrf().disable()
.apply(smsCodeAuthenticationSecurityConfig);
Spring Security默认的退出处理逻辑
- 使当前
Session失效
- 清除与当前用户相关的
remember-me记录
- 清空当前的
SecurityContext
- 重定向到
登录页
与退出登录相关的配置
- 上面只是配置了登出页面跳转,和Spring Security默认的一些退出处理逻辑,如果想要退出之前做一些自定义处理,就需要配置登出成功处理器,实现
LogoutSuccessHandler
接口。
public class MeicloudLogoutSuccessHandler implements LogoutSuccessHandler {
private Logger logger = LoggerFactory.getLogger(getClass());
public MeicloudLogoutSuccessHandler(String signOutSuccessUrl) {
this.signOutSuccessUrl = signOutSuccessUrl;
}
private String signOutSuccessUrl;
private ObjectMapper objectMapper = new ObjectMapper();
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
logger.info("退出成功");
// 具体退出登录还要做啥,可以自定义,比如记录退出登录的一些信息等
if (StringUtils.isBlank(signOutSuccessUrl)) {
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(new SimpleResponse("退出成功")));
} else {
response.sendRedirect(signOutSuccessUrl);
}
}
}
- 需要将这个自定义的登出处理器
MeicloudLogoutSuccessHandler
配置到主配置类,注意logoutSuccessHandler
配置项和logoutSuccessUrl
配置项是互斥的。
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
.formLogin()
.loginPage("/authentication/require")
.loginProcessingUrl("/authentication/form")
.successHandler(meicloudAuthenticationSuccessHandler)
.failureHandler(meicloudAuthenticationFailureHandler)
.and()
.rememberMe()
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(3600)
.userDetailsService(userDetailsService)
.and()
.authorizeRequests()
.antMatchers("/authentication/require", securityProperties.getBrowser().getSignInPage(), "/code/*").permitAll()
.anyRequest()
.authenticated()
.and()
.logout()
// 配置推出的登录接口
.logoutUrl("/signOut")
// 退出登录后跳到的页面
// .logoutSuccessUrl("meicloud-logout.html")
// 配置登出成功处理器
.logoutSuccessHandler(logoutSuccessHandler)
.and()
.csrf().disable()
.apply(smsCodeAuthenticationSecurityConfig);
- 退出过程中还需要把浏览器的cookie信息清除掉,对应的配置项是
deleteCookies
.logout()
// 配置推出的登录接口
.logoutUrl("/signOut")
// 退出登录后跳到的页面
// .logoutSuccessUrl("meicloud-logout.html")
// 配置登出成功处理器
.logoutSuccessHandler(logoutSuccessHandler)
.deleteCookies("JSESSIONID")
.and()