注销

Spring Security 默认提供了一个登出端点。登录后，您可以通过 GET /logout 查看默认的登出确认页面，或者通过 POST /logout 来开始登出。这将会:spring-doc.cadn.net.cn

清除ServerCsrfTokenRepository，ServerSecurityContextRepository，和spring-doc.cadn.net.cn
跳转回登录页面spring-doc.cadn.net.cn

通常，在注销时您也希望同时失效会话。
要实现这一点，可以将WebSessionServerLogoutHandler添加到您的注销配置中，如下所示：spring-doc.cadn.net.cn

Javaspring-doc.cadn.net.cn
Kotlinspring-doc.cadn.net.cn

@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
    DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
            new SecurityContextServerLogoutHandler(), new WebSessionServerLogoutHandler()
    );

    http
        .authorizeExchange((authorize) -> authorize.anyExchange().authenticated())
        .logout((logout) -> logout.logoutHandler(logoutHandler));

    return http.build();
}

@Bean
fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
    val customLogoutHandler = DelegatingServerLogoutHandler(
        SecurityContextServerLogoutHandler(), WebSessionServerLogoutHandler()
    )

    return http {
        authorizeExchange {
            authorize(anyExchange, authenticated)
        }
        logout {
            logoutHandler = customLogoutHandler
        }
    }
}