SpringSecurity如何退出登录

⒈如何退出登录？　　

　　SpringSecurity默认为我们提供了退出操作，我们只需要访问特定的url就可以退出登录了

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>退出登录</title>
</head>
<body>
    <a href="/logout">退出登录</a>
</body>
</html>

⒉SpringSecurity默认为我们做了什么？

　　1.使当前Session失效

　　2.清除与当前用户相关的remember-me记录

　　3.清空当前的SecurityContext

　　4.重定向到登陆页面

⒊我们如何自定义退出登录

 

package cn.coreqi.security.config;

import cn.coreqi.security.Filter.SmsCodeFilter;
import cn.coreqi.security.Filter.ValidateCodeFilter;
import cn.coreqi.security.handler.CoreqiLogoutSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler;

    @Autowired
    private AuthenticationFailureHandler coreqiAuthenticationFailureHandler;

    @Autowired
    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

    @Bean
    public PasswordEncoder passwordEncoder(){
        return NoOpPasswordEncoder.getInstance();
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
        validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);

        SmsCodeFilter smsCodeFilter = new SmsCodeFilter();


        //http.httpBasic()    //httpBasic登录 BasicAuthenticationFilter
        http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class)    //加载用户名密码过滤器的前面
                .addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)    //加载用户名密码过滤器的前面
                .formLogin()    //表单登录 UsernamePasswordAuthenticationFilter
                    .loginPage("/coreqi-signIn.html")  //指定登录页面
                    //.loginPage("/authentication/require")
                    .loginProcessingUrl("/authentication/form") //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址
                    .successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要用我们自定义的登录成功处理器，不用Spring默认的。
                    .failureHandler(coreqiAuthenticationFailureHandler) //自己体会把
                .and()
                .logout()   //退出登录相关配置
                    .logoutUrl("signOut")   //自定义退出登录页面
                    .logoutSuccessHandler(new CoreqiLogoutSuccessHandler()) //退出成功后要做的操作（如记录日志），和logoutSuccessUrl互斥
                    //.logoutSuccessUrl("/index") //退出成功后跳转的页面
                    .deleteCookies("JSESSIONID")    //退出时要删除的Cookies的名字
                .and()
                .authorizeRequests()    //对授权请求进行配置
                    .antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll() //指定登录页面不需要身份认证
                    .anyRequest().authenticated()  //任何请求都需要身份认证
                    .and().csrf().disable()    //禁用CSRF
                .apply(smsCodeAuthenticationSecurityConfig);
            //FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环
    }
}