search

longfeizheng / logback

💡 SpringBoot+Spring Security基本配置
MIT License
822 stars 348 forks source link

可以实现 logout吗? #7

Closed Mryemaozi closed 6 years ago

Mryemaozi commented 6 years ago

可以实现 logout吗? 就是 使之前的authorization失效!!!

longfeizheng commented 6 years ago

https://github.com/longfeizheng/logback/blob/master/src/main/java/cn/merryyou/logback/security/MerryyouSecurityConfig.java#L111

是这里吗?

longfeizheng commented 6 years ago

也可以指定AppLogoutSuccessHandler

+@Slf4j
 public class AppLogoutSuccessHandler implements LogoutSuccessHandler {

     @Autowired
     private SessionRegistry sessionRegistry;

     @Override
     public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
         if (authentication != null && authentication.getDetails() != null) {
             removeAuthSession(authentication, sessionRegistry);
             httpServletRequest.getSession().invalidate();
             httpServletResponse.sendRedirect("login.html?logout");
         }
     }

     private void removeAuthSession(Authentication authentication, SessionRegistry sessionRegistry) {
         List<SessionInformation> sessions = sessionRegistry.getAllSessions(authentication.getPrincipal(), false);
         if (sessions.size() > 0) { // there is only 1 session allowed
             log.debug("removing session {} from registry", sessions.get(0).getSessionId());
             sessionRegistry.removeSessionInformation(sessions.get(0).getSessionId());
         }
     }
 }
Mryemaozi commented 6 years ago

谢谢哈!!!