如何在Spring Security中撤消身份验证令牌?
问题描述:
在注销控制器中,我尝试编写许多代码组合.现在我有了这个:
In logout controller I tryed to write a lot of combination of code. Now I have this:
final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
}
SecurityContextHolder.getContext().setAuthentication(null);
auth.setAuthenticated(false);
但是在提供的代码执行令牌之后,令牌仍然有效.
But after provided code execution token still valid.
我怎么了?最终如何撤销令牌?
What do I wrong? How to revoke token eventually?
答
您要查找的类是
DefaultServices ,方法revokeToken(String tokenValue).
此处撤销令牌的控制器的示例,并且此处使用DefaultServices bean的oauth2配置.
Here an exemple of a controller that revokes token, and here the oauth2 configuration with the DefaultServices bean.