问题
My configuration is:
@Configuration
@EnableWebSecurity(debug = false)
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private SaveNewOidcUserService saveNewOidcUserService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout()
.clearAuthentication(true)
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.permitAll()
.and()
.oauth2Login()
.userInfoEndpoint()
.oidcUserService(saveNewOidcUserService);
}
}
version of:
spring-security-oauth2-client 5.3.2.RELEASE
spring-boot-starter-security 2.3.0.RELEASE
I login to my app via google and after logout my app I see in firefox console log that there is GET to /login page so if I'm still logged in google the content of my secured app is shown (because of auto login) but should be asked to login via google with screen to choose account etc. If I'm logged out google it works fine.
How to force no auto login after logout?
回答1:
I solved it after adding
.exceptionHandling()
.defaultAuthenticationEntryPointFor(
customAuthEP(),
new AntPathRequestMatcher("/**")
)
like here https://stackoverflow.com/a/15875641/13729723
来源:https://stackoverflow.com/questions/62332377/spring-boot-security-oauth2-google-logout-and-no-autologin