mgt logout invalidate http Session

f84e1d56 · MaxKey · 91514cce · f84e1d56
隐藏空白更改
内联并排

Showing with 9 addition and 1 deletion

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java ...c/main/java/org/maxkey/web/contorller/LogoutEndpoint.java +9 -1

未找到文件。
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java
@@ -17,10 +17,14 @@

 package org.maxkey.web.contorller;

+import javax.servlet.http.HttpServletRequest;
+
 import org.maxkey.authn.annotation.CurrentUser;
 import org.maxkey.authn.session.SessionManager;
 import org.maxkey.entity.Message;
 import org.maxkey.entity.UserInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -29,16 +33,20 @@ import org.springframework.web.bind.annotation.RequestMapping;

 @Controller
 public class LogoutEndpoint {
+	private static Logger _logger = LoggerFactory.getLogger(LogoutEndpoint.class);
 	
 	@Autowired
    protected SessionManager sessionManager;
 	
 	@RequestMapping(value={"/logout"}, produces = {MediaType.APPLICATION_JSON_VALUE})
- 	public  ResponseEntity<?> logout(@CurrentUser UserInfo currentUser){
+ 	public  ResponseEntity<?> logout(HttpServletRequest request,@CurrentUser UserInfo currentUser){
 		sessionManager.terminate(
 				currentUser.getSessionId(), 
 				currentUser.getId(),
 				currentUser.getUsername());
+ 		//invalidate http session
+		_logger.debug("/logout invalidate http Session id {}",request.getSession().getId());
+ 		request.getSession().invalidate();
 		return new Message<String>().buildResponse();
 	}