登出
Spring Security 預設提供登出端點。登入後,您可以 GET /logout 以查看預設的登出確認頁面,或您可以 POST /logout 以啟動登出。這將會
-
清除
ServerCsrfTokenRepository、ServerSecurityContextRepository和 -
重新導向回登入頁面
通常,您也會希望在登出時使 session 失效。為了實現這一點,您可以將 WebSessionServerLogoutHandler 新增至您的登出設定,如下所示
-
Java
-
Kotlin
@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
new SecurityContextServerLogoutHandler(), new WebSessionServerLogoutHandler()
);
http
.authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
.logout((logout) -> logout.logoutHandler(logoutHandler));
return http.build();
}@Bean
fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
val customLogoutHandler = DelegatingServerLogoutHandler(
SecurityContextServerLogoutHandler(), WebSessionServerLogoutHandler()
)
return http {
authorizeExchange {
authorize(anyExchange, authenticated)
}
logout {
logoutHandler = customLogoutHandler
}
}
}
