如何解决Oauth2 SpringBoot 注销问题
以下配置代码不适用于注销。注销后我仍然可以访问受限制的网址。
@Autowired ClientRegistrationRepository clientRegistrationRepository;
OidcclientinitiatedlogoutSuccessHandler oidclogoutSuccessHandler() {
OidcclientinitiatedlogoutSuccessHandler successHandler = new OidcclientinitiatedlogoutSuccessHandler(clientRegistrationRepository);
//successHandler.setPostlogoutRedirectUri(URI.create("http://localhost:8081/"));
successHandler.setPostlogoutRedirectUri("{baseUrl}");
return successHandler;
}
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
.antMatchers("/","/error").permitAll()
.anyRequest().authenticated()
.and().logout().logoutSuccessHandler(oidclogoutSuccessHandler())
.and().logout().invalidateHttpSession(true) .clearauthentication(true).logoutSuccessUrl("/").deleteCookies("JSESSIONID").permitAll().and().csrf().csrftokenRepository(CookieCsrftokenRepository.withHttpOnlyFalse())
.and().oauth2Login()
.redirectionEndpoint()
.baseUri("/api/v1/oauth/callback");
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。