# 注销
Spring 安全性默认情况下提供注销端点。登录后,你可以GET /logout
查看默认的注销确认页,或者POST /logout
启动注销。这将:
清除
ServerCsrfTokenRepository
,ServerSecurityContextRepository
,并重定向回登录页面
通常,你也希望注销时的会话无效。为了实现这一点,你可以将WebSessionServerLogoutHandler
添加到你的注销配置中,如下所示:
@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler()
);
http
.authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
.logout((logout) -> logout.logoutHandler(logoutHandler));
return http.build();
}