发表新帖
发表新帖

How to manually log out a user with spring security?

后端 未结
关注
9 1288
情话喂你
情话喂你 2020-11-29 21:06

Probably the answer is simple: How can I manually logout the currently logged in user in spring security? Is it sufficient to call:

SecurityContextHolder.get
9条回答
  • 独厮守ぢ
    独厮守ぢ (楼主)
    2020-11-29 21:20

    It's hard for me to say for sure if your code is enough. However standard Spring-security's implementation of logging out is different. If you took a look at SecurityContextLogoutHandler you would see they do:

        SecurityContextHolder.clearContext();

    Moreover they optionally invalidate the HttpSession:

        if (invalidateHttpSession) {
        HttpSession session = request.getSession(false);
        if (session != null) {
            session.invalidate();
        }
    }

    You may find more information in some other question about logging out in Spring Security and by looking at the source code of org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler.

    0 讨论(0)
 看不清?
提交回复
热议问题