Cookie
remember-me
记录session
失效SecurityContext
Spring Security
的退出请求(默认为/logout
)由LogoutFilter过滤器拦截处理
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// 1 匹配到/logout请求
if (requiresLogout(request, response)) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
// 2 清空Cookie、remember-me、session和SecurityContext
this.handler.logout(request, response, auth);
// 3 重定向到注册界面
logoutSuccessHandler.onLogoutSuccess(request, response, auth);
return;
}
chain.doFilter(request, response);
}
Cookie置为null
清空persistent_logins表中记录
使当前session失效 清空当前的SecurityContext
获取配置的跳转地址 跳转请求