spring security oauth2 sso logout 单点登录退出 |
您所在的位置:网站首页 › oauth2单点登录token抓包 › spring security oauth2 sso logout 单点登录退出 |
|
方法一:集成WebSecurityConfigurerAdapter,重写方法如下: 需要客户端先退出,然后再退出认证服务中心,有以下两种方式 方式1: @Override protected void configure(HttpSecurity http) throws Exception { http.logout() .logoutSuccessUrl("http://127.0.0.1:8200/your-auth-server/logout"); //认证服务中心退出请求 }方式2: @GetMapping("/authlogout") public String authLogout(HttpServletRequest request, HttpServletResponse response) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth != null) {//清除认证 new SecurityContextLogoutHandler().logout(request, response, auth); } // 认证中心退出请求 return "redirect:" + authServerLogoutUrl + "?" + request.getQueryString(); }或者退出认证服务也可以通过前端请求 方法二:通过ConsumerTokenServices进行退出(在认证服务端) /** * 所谓注销只需将access_token和refresh_token失效即可,我们模仿org.springframework.security.oauth2.provider.endpoint.TokenEndpoint写一个使access_token和refresh_token失效的Endpoint: */ @FrameworkEndpoint public class RevokeTokenEndpoint { @Autowired @Qualifier("consumerTokenServices") ConsumerTokenServices consumerTokenServices; @RequestMapping(method = RequestMethod.DELETE, value = "/oauth/token") @ResponseBody public String revokeToken(String access_token) { if (consumerTokenServices.revokeToken(access_token)){ return "注销成功"; }else{ return "注销失败"; } } }或者 @Autowired private TokenStore tokenStore; /** * 移除access_token和refresh_token * * @param access_token */ @DeleteMapping(value = "/remove_token", params = "access_token") public void removeToken(Principal principal, String access_token) { OAuth2AccessToken accessToken = tokenStore.readAccessToken(access_token); if (accessToken != null) { // 移除access_token tokenStore.removeAccessToken(accessToken); // 移除refresh_token if (accessToken.getRefreshToken() != null) { tokenStore.removeRefreshToken(accessToken.getRefreshToken()); } } }
|
今日新闻 |
推荐新闻 |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |