spring security logout 实现基于redis存储的tokenstroe 的 app登出

首先 都说自带默认 /logout  的登出地址。但是你不配置的话 默认是没有的

需要在

ResourceServerConfigurerAdapter中的

public void configure(HttpSecurity http) throws Exception

中增加

and()
                .logout()
                .logoutSuccessHandler(userLogoutSuccessHandler);

然后实现handler

@Component
public class UserLogoutSuccessHandler implements LogoutSuccessHandler {

    @Autowired
    private TokenStore tokenStore;


    @Override
    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        String accessToken = httpServletRequest.getHeader("authorization");
        if(StringUtils.isNotBlank(accessToken)){
            OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(accessToken.replace("Bearer ",""));
            if(oAuth2AccessToken != null){
                tokenStore.removeAccessToken(oAuth2AccessToken);
                OAuth2RefreshToken oAuth2RefreshToken = oAuth2AccessToken.getRefreshToken();
                tokenStore.removeRefreshToken(oAuth2RefreshToken);
                tokenStore.removeAccessTokenUsingRefreshToken(oAuth2RefreshToken);
            }
        }
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.getWriter().write("退出成功");
    }