退出登錄
- 如何退出登錄
- Spring security 默認的退出處理邏輯
- 與退出登錄相關的配置
默認退出處理邏輯
- 使當前session失效
- 清除與當前用戶相關的remember-me記錄
- 清空當前的SecurityContext
- 重定向到登錄頁
還記得以前登錄的時候有一個默認的登錄地址:/login,同樣默認了一個退出/logout;
直接訪問該地址:如果看到下面的報錯,請檢查 之前開發記住我的功能的配置
Mon Aug 06 23:55:25 CST 2018
There was an unexpected error (type=Internal Server Error, status=500).
PreparedStatementCallback; bad SQL grammar [delete from persistent_logins where username = ?]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table 'imooc-demo.persistent_logins' doesn't exist
cn.mrcode.imooc.springsecurity.securitybrowser.BrowserSecurityConfig#persistentTokenRepository
記住我功能的配置,自動生成表結構;像我公司和家來回學習的人。有時候會忘記
解決之後,訪問 /logout 發現跳轉到了認證頁面
http://localhost:8080/authentication/require?logout
上面的步驟,退出之後會重定向到登錄頁,我們的登錄頁是自定義的,處理授權前的連接,所以就跳轉到這裏了
cn.mrcode.imooc.springsecurity.securitycore.properties.SecurityConstants#DEFAULT_UNAUTHENTICATION_URL
退出常用基本配置
.logout()
.logoutUrl("/singout") // 退出請求路徑
.logoutSuccessUrl("/imocc-signOut.html") // 退出成功跳轉到的地址
.logoutSuccessHandler() // 與logoutSuccessUrl互斥,有handler則logoutSuccessUrl失效
.deleteCookies("JSESSIONID")
退出實現
.logout()
// .logoutUrl("/singout") // 退出請求路徑
// 與logoutSuccessUrl互斥,有handler則logoutSuccessUrl失效
// 通過處理器增加配置了頁面則跳轉到頁面,沒有則輸出json
.logoutSuccessHandler(logoutSuccessHandler)
.deleteCookies("JSESSIONID")
使用handler來處理退出邏輯
package cn.mrcode.imooc.springsecurity.securitybrowser.logout;
import cn.mrcode.imooc.springsecurity.securitybrowser.support.SimpleResponse;
import cn.mrcode.imooc.springsecurity.securitycore.properties.SecurityProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @author : zhuqiang
* @version : V1.0
* @date : 2018/8/7 0:18
*/
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
private org.slf4j.Logger logger = LoggerFactory.getLogger(getClass());
private ObjectMapper objectMapper = new ObjectMapper();
private SecurityProperties securityProperties;
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
// 當退出成功的時候,如果配置了一個頁面,則跳轉到頁面,
// 沒有配置頁面則打印session
// 這裏增加了一個屬性,默認爲空
String signOutUrl = securityProperties.getBrowser().getSignOutUrl();
if (StringUtils.isBlank(signOutUrl)) {
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(new SimpleResponse("退出成功")));
} else {
response.sendRedirect(signOutUrl);
}
}
public SecurityProperties getSecurityProperties() {
return securityProperties;
}
public void setSecurityProperties(SecurityProperties securityProperties) {
this.securityProperties = securityProperties;
}
}
配置處理器的初始化bean
cn.mrcode.imooc.springsecurity.securitybrowser.BrowserSecurityBeanConfig#logoutSuccessHandler
@Bean
@ConditionalOnMissingBean(LogoutSuccessHandler.class)
public LogoutSuccessHandler logoutSuccessHandler() {
MyLogoutSuccessHandler myLogoutSuccessHandler = new MyLogoutSuccessHandler();
myLogoutSuccessHandler.setSecurityProperties(securityProperties);
return myLogoutSuccessHandler;
}