Spring Boot OAuth2 Single Sign Off (Logout)

前端未结

关注

 1  1084

无人共我

I\'m considering to use OAuth2 for my application. The architecture I\'m trying to implement is as follows:

I will have my own (and only this) Authorization Se

相关标签:

1条回答

迷失自我

2020-12-01 09:08

After a lot of tests I have realized that this can be solved just with a redirect to the AuthServer and doing logout programmatically like this:

In the client app (WebSecurityConfigurerAdapter):

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .logout()
            .logoutSuccessUrl("http://your-auth-server/exit");
}

In the authorization server:

@Controller
public class LogoutController {

    @RequestMapping("/exit")
    public void exit(HttpServletRequest request, HttpServletResponse response) {
        // token can be revoked here if needed
        new SecurityContextLogoutHandler().logout(request, null, null);
        try {
            //sending back to client app
            response.sendRedirect(request.getHeader("referer"));
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

I have posted a sample app on github with a full example of this implementation.

0 讨论(0)