如何使用Spring Security手动注销用户? [英] How to manually log out a user with spring security?
问题描述
答案可能很简单:如何在Spring Security中手动注销当前登录的用户? 致电是否足够:
Probably the answer is simple: How can I manually logout the currently logged in user in spring security? Is it sufficient to call:
SecurityContextHolder.getContext().getAuthentication().setAuthenticated(false);
?
推荐答案
在Servlet 3.0容器中,Spring注销功能与Servlet集成在一起,您只需在HttpServletRequest
上调用logout()
.仍然需要编写有效的响应内容.
In Servlet 3.0 container Spring logout functionality is integrated with servlet and you just invoke logout()
on your HttpServletRequest
. Still need to write valid response content.
根据文档 (春季3.2):
According to documentation (Spring 3.2):
HttpServletRequest.logout()方法可用于注销当前用户.
通常,这意味着将清除SecurityContextHolder 出来,HttpSession将失效,任何记住我" 身份验证将被清除,等等.
Typically this means that the SecurityContextHolder will be cleared out, the HttpSession will be invalidated, any "Remember Me" authentication will be cleaned up, etc.
这篇关于如何使用Spring Security手动注销用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!