Oauth2 SpringBoot 注销问题

问题描述 投票:0回答:1

下面的配置代码不适用于注销。注销后我仍然可以访问受限制的网址。

@Autowired 客户端注册存储库 客户端注册存储库;

OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler() {
    OidcClientInitiatedLogoutSuccessHandler successHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
    //successHandler.setPostLogoutRedirectUri(URI.create("http://localhost:8081/"));
    successHandler.setPostLogoutRedirectUri("{baseUrl}");
    return successHandler;
}

@覆盖

public void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
    .authorizeRequests()
    .antMatchers("/","/error").permitAll()
        .anyRequest().authenticated() 
    .and().logout().logoutSuccessHandler(oidcLogoutSuccessHandler())
        .and().logout().invalidateHttpSession(true)     .clearAuthentication(true).logoutSuccessUrl("/").deleteCookies("JSESSIONID").permitAll().and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
    .and().oauth2Login()
    .redirectionEndpoint()
    .baseUri("/api/v1/oauth/callback");             
}
spring-boot spring-security oauth-2.0 spring-security-oauth2 spring-oauth2
1个回答
0
投票

您使用

logout().invalidateHttpSession(true)
。也许你可以尝试添加

logout().deleteCookies("cookie-names-to-clear")

也许这个答案可以帮助

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.