2023-06-18  阅读(264)
原文作者:代码有毒 mrcode 原文地址:https://mrcode.blog.csdn.net/article/details/81502532

退出登录

  • 如何退出登录
  • Spring security 默认的退出处理逻辑
  • 与退出登录相关的配置

默认退出处理逻辑

  • 使当前session失效
  • 清除与当前用户相关的remember-me记录
  • 清空当前的SecurityContext
  • 重定向到登录页

还记得以前登录的时候有一个默认的登录地址:/login,同样默认了一个退出/logout;
直接访问该地址:如果看到下面的报错,请检查 之前开发记住我的功能的配置

    Mon Aug 06 23:55:25 CST 2018
    There was an unexpected error (type=Internal Server Error, status=500).
    PreparedStatementCallback; bad SQL grammar [delete from persistent_logins where username = ?]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table 'imooc-demo.persistent_logins' doesn't exist
    cn.mrcode.imooc.springsecurity.securitybrowser.BrowserSecurityConfig#persistentTokenRepository
    
    记住我功能的配置,自动生成表结构;像我公司和家来回学习的人。有时候会忘记

解决之后,访问 /logout 发现跳转到了认证页面

    http://localhost:8080/authentication/require?logout

上面的步骤,退出之后会重定向到登录页,我们的登录页是自定义的,处理授权前的连接,所以就跳转到这里了

    cn.mrcode.imooc.springsecurity.securitycore.properties.SecurityConstants#DEFAULT_UNAUTHENTICATION_URL

退出常用基本配置

    .logout()
                    .logoutUrl("/singout")  // 退出请求路径
                    .logoutSuccessUrl("/imocc-signOut.html") // 退出成功跳转到的地址
                    .logoutSuccessHandler()  // 与logoutSuccessUrl互斥,有handler则logoutSuccessUrl失效
                    .deleteCookies("JSESSIONID")

退出实现

    .logout()
    //                .logoutUrl("/singout")  // 退出请求路径
    // 与logoutSuccessUrl互斥,有handler则logoutSuccessUrl失效
    // 通过处理器增加配置了页面则跳转到页面,没有则输出json
    .logoutSuccessHandler(logoutSuccessHandler)
    .deleteCookies("JSESSIONID")

使用handler来处理退出逻辑

    package cn.mrcode.imooc.springsecurity.securitybrowser.logout;
    
    import cn.mrcode.imooc.springsecurity.securitybrowser.support.SimpleResponse;
    import cn.mrcode.imooc.springsecurity.securitycore.properties.SecurityProperties;
    import com.fasterxml.jackson.databind.ObjectMapper;
    import org.apache.commons.lang3.StringUtils;
    import org.slf4j.LoggerFactory;
    import org.springframework.security.core.Authentication;
    import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
    
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.io.IOException;
    
    /**
     * @author : zhuqiang
     * @version : V1.0
     * @date : 2018/8/7 0:18
     */
    public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
        private org.slf4j.Logger logger = LoggerFactory.getLogger(getClass());
    
        private ObjectMapper objectMapper = new ObjectMapper();
    
        private SecurityProperties securityProperties;
    
        @Override
        public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
            // 当退出成功的时候,如果配置了一个页面,则跳转到页面,
            // 没有配置页面则打印session
            // 这里增加了一个属性,默认为空
            String signOutUrl = securityProperties.getBrowser().getSignOutUrl();
            if (StringUtils.isBlank(signOutUrl)) {
                response.setContentType("application/json;charset=UTF-8");
                response.getWriter().write(objectMapper.writeValueAsString(new SimpleResponse("退出成功")));
            } else {
                response.sendRedirect(signOutUrl);
            }
        }
    
        public SecurityProperties getSecurityProperties() {
            return securityProperties;
        }
    
        public void setSecurityProperties(SecurityProperties securityProperties) {
            this.securityProperties = securityProperties;
        }
    }

配置处理器的初始化bean

    cn.mrcode.imooc.springsecurity.securitybrowser.BrowserSecurityBeanConfig#logoutSuccessHandler
    
    @Bean
    @ConditionalOnMissingBean(LogoutSuccessHandler.class)
    public LogoutSuccessHandler logoutSuccessHandler() {
        MyLogoutSuccessHandler myLogoutSuccessHandler = new MyLogoutSuccessHandler();
        myLogoutSuccessHandler.setSecurityProperties(securityProperties);
        return myLogoutSuccessHandler;
    }
阅读全文
  • 点赞