经过大量测试,我意识到只需重定向到AuthServer并以编程方式进行注销即可解决此问题:
- 在客户端应用程序(WebSecurityConfigurerAdapter)中:
@Overrideprotected void configure(HttpSecurity http) throws Exception { http .logout() .logoutSuccessUrl("http://your-auth-server/exit");}- 在授权服务器中:
@Controllerpublic class LogoutController { @RequestMapping("/exit") public void exit(HttpServletRequest request, HttpServletResponse response) { // token can be revoked here if needed new SecurityContextLogoutHandler().logout(request, null, null); try { //sending back to client app response.sendRedirect(request.getHeader("referer")); } catch (IOException e) { e.printStackTrace(); } }}
