google-oauth - 注销时 Spring Boot OAuth2 安全会话不清楚
问题描述
我使用了以下配置,但用户仍然存在。它没有清除cookies。那么如何清除会话和cookies?
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").deleteCookies("JSESSIONID")
.invalidateHttpSession(true) ;
之后我使用以下代码然后它得到错误“redirect_uri_mismatch”
@RequestMapping(value = "/logout", method = RequestMethod.POST)
public String logout(HttpServletRequest request,
HttpServletResponse response) {
HttpSession session = request.getSession(false);
if (request.isRequestedSessionIdValid() && session != null) {
session.invalidate();
}
for (Cookie cookie : request.getCookies()) {
cookie.setMaxAge(0);
cookie.setValue(null);
cookie.setPath("/");
response.addCookie(cookie);
}
return ("/new");
}
然后我使用下面的代码再次出现错误“redirect_uri_mismatch”
@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null){
new SecurityContextLogoutHandler().logout(request, response, auth);
}
return "redirect:/new";
}
我分别使用了上面的代码,但没有任何反应
解决方案
默认登录名是 .formlogin() 所以我使用了 .oauth2Login() 然后它工作了。
.and()
.oauth2Login()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").deleteCookies("JSESSIONID")
.invalidateHttpSession(true) ;
而且我还使用了默认的spring oauth配置
@GetMapping("/secured")
public String securedPage(Model model, OAuth2AuthenticationToken authentication) {
OAuth2AuthorizedClient client = authorizedClientService.loadAuthorizedClient(authentication.getAuthorizedClientRegistrationId(), authentication.getName());
String userInfoEndpointUri = client.getClientRegistration()
.getProviderDetails()
.getUserInfoEndpoint()
.getUri();
if (!StringUtils.isEmpty(userInfoEndpointUri)) {
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add(HttpHeaders.AUTHORIZATION, "Bearer " + client.getAccessToken().getTokenValue());
HttpEntity<String> entity = new HttpEntity<String>("", headers);
ResponseEntity<Map> response = restTemplate.exchange(userInfoEndpointUri, HttpMethod.GET, entity, Map.class);
Map userAttributes = response.getBody();
model.addAttribute("name", userAttributes.get("name"));
}
return "/secured";
推荐阅读
- javascript - P5.js 椭圆不跟随 mouseX 和 Y
- javascript - 用 forwardedRef 反应 FC
- c++ - 传递对类构造函数的引用,“不提供初始化器”
- api - 将 Microsoft Graph API 刷新令牌与 Delphi OAuth2 一起使用
- android - 进行适当更新后,Android 视图绑定弃用警告在 Android Studio 4 中仍然存在
- powershell - 使用随机字母创建时如何删除映射的网络驱动器
- python - 字典理解的唯一值,返回字符串的字典插入
- javascript - 制作新的 todolist 时更改 li 标签颜色
- python - TypeError 'Item' 主题不可迭代
- google-bigquery - 创建嵌套结构表