Spring Boot、Security OAuth2 Google Logout 和 no Autologin [英] Spring Boot, Security OAuth2 Google Logout and no Autologin
本文介绍了Spring Boot、Security OAuth2 Google Logout 和 no Autologin的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的配置是:
@Configuration
@EnableWebSecurity(debug = false)
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private SaveNewOidcUserService saveNewOidcUserService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout()
.clearAuthentication(true)
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.permitAll()
.and()
.oauth2Login()
.userInfoEndpoint()
.oidcUserService(saveNewOidcUserService);
}
}
版本:
spring-security-oauth2-client 5.3.2.RELEASE
spring-boot-starter-security 2.3.0.RELEASE
我通过谷歌登录我的应用程序,在注销我的应用程序后,我在 firefox 控制台日志中看到有 GET 到/login 页面,所以如果我仍然登录谷歌,我的安全应用程序的内容会显示(因为自动登录)但应该被要求通过谷歌登录以选择帐户等.如果我已注销谷歌,它工作正常.
I login to my app via google and after logout my app I see in firefox console log that there is GET to /login page so if I'm still logged in google the content of my secured app is shown (because of auto login) but should be asked to login via google with screen to choose account etc. If I'm logged out google it works fine.
退出后如何强制不自动登录?
How to force no auto login after logout?
推荐答案
我加了之后解决了
.exceptionHandling()
.defaultAuthenticationEntryPointFor(
customAuthEP(),
new AntPathRequestMatcher("/**")
)
喜欢这里https://stackoverflow.com/a/15875641/13729723
这篇关于Spring Boot、Security OAuth2 Google Logout 和 no Autologin的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
