以下配置代码不适用于注销。注销后我仍然可以访问受限制的网址。
@Autowired ClientRegistrationRepository clientRegistrationRepository;
OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler() {
OidcClientInitiatedLogoutSuccessHandler successHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
//successHandler.setPostLogoutRedirectUri(URI.create("http://localhost:8081/"));
successHandler.setPostLogoutRedirectUri("{baseUrl}");
return successHandler;
}
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
.antMatchers("/","/error").permitAll()
.anyRequest().authenticated()
.and().logout().logoutSuccessHandler(oidcLogoutSuccessHandler())
.and().logout().invalidateHttpSession(true) .clearAuthentication(true).logoutSuccessUrl("/").deleteCookies("JSESSIONID").permitAll().and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and().oauth2Login()
.redirectionEndpoint()
.baseUri("/api/v1/oauth/callback");
}