Spring Security OAuth2 token存储Redis用户登出logOut

Joe.Ye 2023-03-20 Spring Security

Redis用户登出有两种方案,一种是通过资源服务器配置logoutSuccessHandler处理函数,并实现LogoutSuccessHandler接口来处理退出用户;
另外一种是自定义封装接口,通过RedisTokenStore来删除用户信息的形式;

通过资源服务器或认证服务器配置的方式

  • WebSecurityConfigurerAdapter配置
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/auth_user/*").denyAll()
        .antMatchers("/oauth2/**", "/oauth/**").permitAll()
        .anyRequest().authenticated()
    .and()
        .logout()
        .logoutSuccessHandler(logoutSuccessHandler)
    .and()
        .csrf().disable();

}
  • 退出成功处理LogoutSuccessHandler
/**
 * @Description: 用户成功退出
 * @Package: cn.appblog.security.handler.AjaxLogoutSuccessHandler
 * @Version: 1.0
 */
@Component
public class UserLogoutSuccessHandler implements LogoutSuccessHandler {
    @Autowired
    private TokenStore tokenStore;

    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
        String accessToken = request.getParameter("access_token");
        if (StringUtils.isNotBlank(accessToken)) {
            OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(accessToken);
            if (oAuth2AccessToken != null) {
                System.out.println("access_token: " + oAuth2AccessToken.getValue());
                tokenStore.removeAccessToken(oAuth2AccessToken);
                OAuth2RefreshToken oAuth2RefreshToken = oAuth2AccessToken.getRefreshToken();
                tokenStore.removeRefreshToken(oAuth2RefreshToken);
                tokenStore.removeAccessTokenUsingRefreshToken(oAuth2RefreshToken);
            }
        }
        HttpUtils.writeSuccess(BaseResponse.createResponse(HttpStatusMsg.OK.getStatus(), "退出成功"), response);
    }
}

访问:http://127.0.0.1:9003/logout?access_token=0decd3ef67804618bfb87d7b99f1d3ad

{
    "status": 200,
    "message": "退出成功"
}

自定义退出接口方案

/**
 * 账号退出
 */
@RequestMapping(value = "logout", method = RequestMethod.POST)
public ResponseEntity<BaseResponse> logOut(String access_token) {
    if (StringUtils.isNotBlank(access_token)) {
        OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(access_token);
        if (oAuth2AccessToken != null) {
            System.out.println("access_token: " + oAuth2AccessToken.getValue());
            tokenStore.removeAccessToken(oAuth2AccessToken);
            OAuth2RefreshToken oAuth2RefreshToken = oAuth2AccessToken.getRefreshToken();
            tokenStore.removeRefreshToken(oAuth2RefreshToken);
            tokenStore.removeAccessTokenUsingRefreshToken(oAuth2RefreshToken);
        }
    }
    return ResponseEntity.ok(BaseResponse.createResponse(HttpStatusMsg.OK));
}

POST访问:http://127.0.0.1:9003/oauth2/logout
参数:access_token

{
    "status": 200,
    "message": "SUCCESS"
}

本文转载参考 原文 并加以调试

版权声明:
作者:Joe.Ye
链接:https://www.appblog.cn/index.php/2023/03/20/spring-security-oauth2-token-storage-redis-user-login-logout/
来源:APP全栈技术分享
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
打赏
海报
Spring Security OAuth2 token存储Redis用户登出logOut
Redis用户登出有两种方案,一种是通过资源服务器配置logoutSuccessHandler处理函数,并实现LogoutSuccessHandler接口来处理退出用户; 另外一种是自定义封装接……
<<上一篇
下一篇>>
文章目录
关闭
目 录