Closed Mryemaozi closed 6 years ago
也可以指定AppLogoutSuccessHandler
+@Slf4j
public class AppLogoutSuccessHandler implements LogoutSuccessHandler {
@Autowired
private SessionRegistry sessionRegistry;
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
if (authentication != null && authentication.getDetails() != null) {
removeAuthSession(authentication, sessionRegistry);
httpServletRequest.getSession().invalidate();
httpServletResponse.sendRedirect("login.html?logout");
}
}
private void removeAuthSession(Authentication authentication, SessionRegistry sessionRegistry) {
List<SessionInformation> sessions = sessionRegistry.getAllSessions(authentication.getPrincipal(), false);
if (sessions.size() > 0) { // there is only 1 session allowed
log.debug("removing session {} from registry", sessions.get(0).getSessionId());
sessionRegistry.removeSessionInformation(sessions.get(0).getSessionId());
}
}
}
谢谢哈!!!
可以实现 logout吗? 就是 使之前的authorization失效!!!