时间戳

首页 > 解决方案 > 注销时 Spring Boot OAuth2 安全会话不清楚

google-oauth - 注销时 Spring Boot OAuth2 安全会话不清楚

问题描述

我使用了以下配置,但用户仍然存在。它没有清除cookies。那么如何清除会话和cookies?

.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").deleteCookies("JSESSIONID")
.invalidateHttpSession(true) ;

之后我使用以下代码然后它得到错误“redirect_uri_mismatch”

@RequestMapping(value = "/logout", method = RequestMethod.POST)
public String logout(HttpServletRequest request,
                   HttpServletResponse response) {

    HttpSession session = request.getSession(false);
    if (request.isRequestedSessionIdValid() && session != null) {
        session.invalidate();
    }
    for (Cookie cookie : request.getCookies()) {
        cookie.setMaxAge(0);
        cookie.setValue(null);
        cookie.setPath("/");
        response.addCookie(cookie);
    }
    return  ("/new");
}

然后我使用下面的代码再次出现错误“redirect_uri_mismatch”

@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (auth != null){
        new SecurityContextLogoutHandler().logout(request, response, auth);
    }
    return "redirect:/new";
}

我分别使用了上面的代码,但没有任何反应

标签: google-oauthspring-boot-gradle-plugin

解决方案

默认登录名是 .formlogin() 所以我使用了 .oauth2Login() 然后它工作了。

.and()
.oauth2Login()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").deleteCookies("JSESSIONID")
.invalidateHttpSession(true) ;

而且我还使用了默认的spring oauth配置

@GetMapping("/secured")
public String securedPage(Model model, OAuth2AuthenticationToken authentication) {

    OAuth2AuthorizedClient client = authorizedClientService.loadAuthorizedClient(authentication.getAuthorizedClientRegistrationId(), authentication.getName());

    String userInfoEndpointUri = client.getClientRegistration()
            .getProviderDetails()
            .getUserInfoEndpoint()
            .getUri();

    if (!StringUtils.isEmpty(userInfoEndpointUri)) {
        RestTemplate restTemplate = new RestTemplate();
        HttpHeaders headers = new HttpHeaders();
        headers.add(HttpHeaders.AUTHORIZATION, "Bearer " + client.getAccessToken().getTokenValue());

        HttpEntity<String> entity = new HttpEntity<String>("", headers);

        ResponseEntity<Map> response = restTemplate.exchange(userInfoEndpointUri, HttpMethod.GET, entity, Map.class);
        Map userAttributes = response.getBody();
        model.addAttribute("name", userAttributes.get("name"));
    }

    return "/secured";

推荐阅读