如何使用Spring Security手动注销用户? [英] How to manually log out a user with spring security?

问题描述

答案可能很简单:如何在Spring Security中手动注销当前登录的用户? 致电是否足够:

Probably the answer is simple: How can I manually logout the currently logged in user in spring security? Is it sufficient to call:

SecurityContextHolder.getContext().getAuthentication().setAuthenticated(false); 

?

推荐答案

在Servlet 3.0容器中，Spring注销功能与Servlet集成在一起，您只需在HttpServletRequest上调用logout().仍然需要编写有效的响应内容.

In Servlet 3.0 container Spring logout functionality is integrated with servlet and you just invoke logout() on your HttpServletRequest. Still need to write valid response content.

根据文档 (春季3.2):

According to documentation (Spring 3.2):

HttpServletRequest.logout()方法可用于注销当前用户.

通常，这意味着将清除SecurityContextHolder 出来，HttpSession将失效，任何记住我" 身份验证将被清除，等等.

Typically this means that the SecurityContextHolder will be cleared out, the HttpSession will be invalidated, any "Remember Me" authentication will be cleaned up, etc.

这篇关于如何使用Spring Security手动注销用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！