在用户注销时,我也想撤销刷新令牌。问题是我在LogoutHandler中找不到它。我只有访问令牌。 Authentication对象也为null。
配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.....
.and()
.csrf().disable()
.logout()
.logoutUrl("/logout").permitAll()
.addLogoutHandler(customLogoutHandler)
.deleteCookies("rememberMe")
.logoutSuccessUrl(loginPage)
.....
;
}
您可以尝试尝试全局搜索@component(" customLogouthandler"),@service(" customLogouthandler")," customlogouthandler"等。
。我在配置文件中具有与登录成功处理程序相似的设置,看起来像这样:
@Autowired
private LogoutSuccessHandler myLogoutSuccessHandler;
然后,自定义处理程序,请注意,您撤销刷新令牌将取决于您正在使用的tokenstore,jdbc,inmemory等:
:@Component("myLogoutSuccessHandler")
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
//logic to revoke tokens
}
}