退出登录
- 如何退出登录
- Spring security 默认的退出处理逻辑
- 与退出登录相关的配置
默认退出处理逻辑
- 使当前session失效
- 清除与当前用户相关的remember-me记录
- 清空当前的SecurityContext
- 重定向到登录页
还记得以前登录的时候有一个默认的登录地址:/login,同样默认了一个退出/logout;
直接访问该地址:如果看到下面的报错,请检查 之前开发记住我的功能的配置
Mon Aug 06 23:55:25 CST 2018
There was an unexpected error (type=Internal Server Error, status=500).
PreparedStatementCallback; bad SQL grammar [delete from persistent_logins where username = ?]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table 'imooc-demo.persistent_logins' doesn't exist
cn.mrcode.imooc.springsecurity.securitybrowser.BrowserSecurityConfig#persistentTokenRepository
记住我功能的配置,自动生成表结构;像我公司和家来回学习的人。有时候会忘记
解决之后,访问 /logout 发现跳转到了认证页面
http://localhost:8080/authentication/require?logout
上面的步骤,退出之后会重定向到登录页,我们的登录页是自定义的,处理授权前的连接,所以就跳转到这里了
cn.mrcode.imooc.springsecurity.securitycore.properties.SecurityConstants#DEFAULT_UNAUTHENTICATION_URL
退出常用基本配置
.logout()
.logoutUrl("/singout") // 退出请求路径
.logoutSuccessUrl("/imocc-signOut.html") // 退出成功跳转到的地址
.logoutSuccessHandler() // 与logoutSuccessUrl互斥,有handler则logoutSuccessUrl失效
.deleteCookies("JSESSIONID")
退出实现
.logout()
// .logoutUrl("/singout") // 退出请求路径
// 与logoutSuccessUrl互斥,有handler则logoutSuccessUrl失效
// 通过处理器增加配置了页面则跳转到页面,没有则输出json
.logoutSuccessHandler(logoutSuccessHandler)
.deleteCookies("JSESSIONID")
使用handler来处理退出逻辑
package cn.mrcode.imooc.springsecurity.securitybrowser.logout;
import cn.mrcode.imooc.springsecurity.securitybrowser.support.SimpleResponse;
import cn.mrcode.imooc.springsecurity.securitycore.properties.SecurityProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @author : zhuqiang
* @version : V1.0
* @date : 2018/8/7 0:18
*/
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
private org.slf4j.Logger logger = LoggerFactory.getLogger(getClass());
private ObjectMapper objectMapper = new ObjectMapper();
private SecurityProperties securityProperties;
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
// 当退出成功的时候,如果配置了一个页面,则跳转到页面,
// 没有配置页面则打印session
// 这里增加了一个属性,默认为空
String signOutUrl = securityProperties.getBrowser().getSignOutUrl();
if (StringUtils.isBlank(signOutUrl)) {
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(new SimpleResponse("退出成功")));
} else {
response.sendRedirect(signOutUrl);
}
}
public SecurityProperties getSecurityProperties() {
return securityProperties;
}
public void setSecurityProperties(SecurityProperties securityProperties) {
this.securityProperties = securityProperties;
}
}
配置处理器的初始化bean
cn.mrcode.imooc.springsecurity.securitybrowser.BrowserSecurityBeanConfig#logoutSuccessHandler
@Bean
@ConditionalOnMissingBean(LogoutSuccessHandler.class)
public LogoutSuccessHandler logoutSuccessHandler() {
MyLogoutSuccessHandler myLogoutSuccessHandler = new MyLogoutSuccessHandler();
myLogoutSuccessHandler.setSecurityProperties(securityProperties);
return myLogoutSuccessHandler;
}
