【发布时间】:2022-07-07 04:22:48
【问题描述】:
有人可以帮我从谷歌注销吗? 我正在尝试从这里为我的应用程序登录和注销的示例:https://spring.io/guides/tutorials/spring-boot-oauth2/ 我无法成功注销,用户始终处于登录状态。我看到 XSRF-TOKEN 仍然存在于 cookie 中。我尝试了各种示例,但没有任何效果。这是原始代码https://github.com/spring-guides/tut-spring-boot-oauth2,这是我的尝试:
@SpringBootApplication
@RestController
public class SocialApplication extends WebSecurityConfigurerAdapter {
@RequestMapping("/user")
public Map<String, Object> user(@AuthenticationPrincipal OAuth2User principal) {
return Collections.singletonMap("name", principal.getAttribute("name"));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests(a -> a.antMatchers("/", "/error", "/webjars/**").permitAll().anyRequest().authenticated()).csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
.exceptionHandling(e -> e.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))
.logout(l -> l.logoutSuccessUrl("/").deleteCookies("JSESSIONID", "XSRF-TOKEN").invalidateHttpSession(true).permitAll()
.logoutSuccessHandler(new LogoutSuccessHandler()))
.oauth2Login();
// @formatter:on
}
public static void main(String[] args) {
SpringApplication.run(SocialApplication.class, args);
}
class LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
authentication.setAuthenticated(false);
invalidateCurrentSession(request, response);
super.onLogoutSuccess(request, response, authentication);
}
}
private void invalidateCurrentSession(HttpServletRequest request, HttpServletResponse response) {
SecurityContextHolder.clearContext();
HttpSession session = request.getSession(false);
CookieCsrfTokenRepository.withHttpOnlyFalse().saveToken(null, request, response);
// session is anyway null
if (session != null) {
session.invalidate();
request.getSession();
}
}
}
【问题讨论】:
-
你能解决这个问题吗?
-
很遗憾没有。