# 注销

Spring 安全性默认情况下提供注销端点。登录后,你可以GET /logout查看默认的注销确认页,或者POST /logout启动注销。这将:

  • 清除ServerCsrfTokenRepositoryServerSecurityContextRepository,并

  • 重定向回登录页面

通常,你也希望注销时的会话无效。为了实现这一点,你可以将WebSessionServerLogoutHandler添加到你的注销配置中,如下所示:

@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
    DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
            new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler()
    );

    http
        .authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
        .logout((logout) -> logout.logoutHandler(logoutHandler));

    return http.build();
}