| 
									
										
										
										
											2021-08-16 13:09:42 -06:00
										 |  |  | [[reactive-logout]] | 
					
						
							|  |  |  | = Logout | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Spring Security provides a logout endpoint by default. | 
					
						
							|  |  |  | Once logged in, you can `GET /logout` to see a default logout confirmation page, or you can `POST /logout` to initiate logout. | 
					
						
							|  |  |  | This will: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - clear the `ServerCsrfTokenRepository`, `ServerSecurityContextRepository`, and | 
					
						
							|  |  |  | - redirect back to the login page | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Often, you will want to also invalidate the session on logout. | 
					
						
							|  |  |  | To achieve this, you can add the `WebSessionServerLogoutHandler` to your logout configuration, like so: | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-10 23:07:20 +07:00
										 |  |  | .Java | 
					
						
							|  |  |  | [source,java,role="primary"] | 
					
						
							| 
									
										
										
										
											2021-08-16 13:09:42 -06:00
										 |  |  | ---- | 
					
						
							|  |  |  | @Bean | 
					
						
							|  |  |  | SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception { | 
					
						
							|  |  |  |     DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler( | 
					
						
							|  |  |  |             new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler() | 
					
						
							|  |  |  |     ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     http | 
					
						
							|  |  |  |         .authorizeExchange((exchange) -> exchange.anyExchange().authenticated()) | 
					
						
							|  |  |  |         .logout((logout) -> logout.logoutHandler(logoutHandler)); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return http.build(); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | ---- | 
					
						
							| 
									
										
										
										
											2022-02-10 23:07:20 +07:00
										 |  |  | 
 | 
					
						
							|  |  |  | .Kotlin | 
					
						
							|  |  |  | [source,kotlin,role="secondary"] | 
					
						
							|  |  |  | ---- | 
					
						
							|  |  |  | @Bean | 
					
						
							|  |  |  | fun http(http: ServerHttpSecurity): SecurityWebFilterChain { | 
					
						
							|  |  |  |     val customLogoutHandler = DelegatingServerLogoutHandler( | 
					
						
							|  |  |  |         WebSessionServerLogoutHandler(), SecurityContextServerLogoutHandler() | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return http { | 
					
						
							|  |  |  |         authorizeExchange { | 
					
						
							|  |  |  |             authorize(anyExchange, authenticated) | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         logout { | 
					
						
							|  |  |  |             logoutHandler = customLogoutHandler | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | ---- |