Spring Security:如何以编程方式清除“记住我" cookie? [英] Spring Security: How to clear `remember me` cookie programmatically?
本文介绍了Spring Security:如何以编程方式清除“记住我" cookie?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在如下所示的Web应用程序中使用注销方法,但是如果我检查remember me
,注销将不起作用,因为未清除cookie.如何以编程方式在我的方法中清除此Cookie(或如何使注销方法更好)?
I'm using logout method in web-app like below, but if i check remember me
logout doesn't work, because cookie isn't cleared. How to clear programmatically this cookie in my method (or how to make better logout method) ?
public void logout() {
AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("anonymous", "anonymous", new ArrayList(Arrays.asList(new GrantedAuthorityImpl("ROLE_ANONYMOUS"))));
SecurityContextHolder.getContext().setAuthentication(anonymous);
}
推荐答案
如果您使用的是标准Spring Security cookie名称(SPRING_SECURITY_REMEMBER_ME_COOKIE
),则可以执行以下操作:
If you are using the standard Spring Security cookie name (which is SPRING_SECURITY_REMEMBER_ME_COOKIE
), you can do this:
void cancelCookie(HttpServletRequest request, HttpServletResponse response)
{
String cookieName = "SPRING_SECURITY_REMEMBER_ME_COOKIE";
Cookie cookie = new Cookie(cookieName, null);
cookie.setMaxAge(0);
cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");
response.addCookie(cookie);
}
如果您使用的是自定义Cookie名称,则必须更改cookieName
值.
You'll have to change the cookieName
value if you are using a custom cookie name.
这篇关于Spring Security:如何以编程方式清除“记住我" cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文