|
方法一:集成WebSecurityConfigurerAdapter,重写方法如下:
需要客户端先退出,然后再退出认证服务中心,有以下两种方式
方式1:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.logout()
.logoutSuccessUrl("http://127.0.0.1:8200/your-auth-server/logout"); //认证服务中心退出请求
}
方式2:
@GetMapping("/authlogout")
public String authLogout(HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {//清除认证
new SecurityContextLogoutHandler().logout(request, response, auth);
}
// 认证中心退出请求
return "redirect:" + authServerLogoutUrl + "?" + request.getQueryString();
}
或者退出认证服务也可以通过前端请求
方法二:通过ConsumerTokenServices进行退出(在认证服务端)
/**
* 所谓注销只需将access_token和refresh_token失效即可,我们模仿org.springframework.security.oauth2.provider.endpoint.TokenEndpoint写一个使access_token和refresh_token失效的Endpoint:
*/
@FrameworkEndpoint
public class RevokeTokenEndpoint {
@Autowired
@Qualifier("consumerTokenServices")
ConsumerTokenServices consumerTokenServices;
@RequestMapping(method = RequestMethod.DELETE, value = "/oauth/token")
@ResponseBody
public String revokeToken(String access_token) {
if (consumerTokenServices.revokeToken(access_token)){
return "注销成功";
}else{
return "注销失败";
}
}
}
或者
@Autowired
private TokenStore tokenStore;
/**
* 移除access_token和refresh_token
*
* @param access_token
*/
@DeleteMapping(value = "/remove_token", params = "access_token")
public void removeToken(Principal principal, String access_token) {
OAuth2AccessToken accessToken = tokenStore.readAccessToken(access_token);
if (accessToken != null) {
// 移除access_token
tokenStore.removeAccessToken(accessToken);
// 移除refresh_token
if (accessToken.getRefreshToken() != null) {
tokenStore.removeRefreshToken(accessToken.getRefreshToken());
}
}
}
| 
转播
