Spring Security 實戰 - 退出

摘要： 原理 Cookie remember-me session SecurityContext Spring Security 的退出請求（預設為 /logout ）由LogoutFilter過濾器攔截處理 實現 主頁中新增退出連結 配置Merryyo...

原理

Cookie
remember-me
session
SecurityContext

Spring Security 的退出請求（預設為 /logout ）由LogoutFilter過濾器攔截處理

實現

主頁中新增退出連結

配置MerryyouSecurityConfig

原始碼分析

LogoutFilter#doFilter

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// 1 匹配到/logout請求
if (requiresLogout(request, response)) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
// 2 處理1-4步
this.handler.logout(request, response, auth);
// 3 重定向到註冊介面
logoutSuccessHandler.onLogoutSuccess(request, response, auth);

return;
}

chain.doFilter(request, response);
}