Spring Boot + OAuth2 + Google Login - How to Implement Logout
I have an Auth Server implementation using Spring Boot + OAuth2 + Google Login. And a resource server for my internal data services. I used the JDBC token store. Everything works fine. But I am at a loss to understand the logout. Currently, whenever the user clicks out, I simply remove the token from the local memory of the browser, but the session remains active on the Auth server, so I don't have to log in again. I want that whenever you click on logout, I want to cancel the session and force it to log back in.
Is there a good way to do this? I currently don't have a Spring Boot Auth server configuration exit.
thank
+3
source to share
1 answer
Try registering LogoutSuccessHandler to do this. Something like:
@Configuration
@EnableWebSecurity
@EnableResourceServer
public class SecurityConfig extends ResourceServerConfigurerAdapter {
@Bean
public DefaultTokenServices tokenServices() {
return new DefaultTokenServices();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("myResourceId");
resources.tokenServices(tokenServices());
}
@Override
public void configure(HttpSecurity http) throws Exception {
// configure http security here...
http.logout().logoutSuccessHandler(new SimpleUrlLogoutSuccessHandler() {
@Override
public void onLogoutSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) {
OAuth2AccessToken token = tokenServices().getAccessToken((OAuth2Authentication) authentication);
tokenServices().revokeToken(token.getValue());
}
});
}
}
0
source to share