Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Docs for WebSessionServerLogoutHandler 

Issue gh-4838
This commit is contained in:
Josh Cummings 2021-08-16 13:09:42 -06:00
parent a4c088a3b3
commit aed203f367
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/manual/src/docs/asciidoc/_includes/reactive/index.adoc
View File

@ -10,6 +10,8 @@ include::registered-oauth2-authorized-client.adoc[leveloffset=+1]
include::x509.adoc[leveloffset=+1]
include::logout.adoc[leveloffset=+1]
include::webclient.adoc[leveloffset=+1]
include::method.adoc[leveloffset=+1]

28
docs/manual/src/docs/asciidoc/_includes/reactive/logout.adoc Normal file
View File

@ -0,0 +1,28 @@
[[reactive-logout]]
= Logout
Spring Security provides a logout endpoint by default.
Once logged in, you can `GET /logout` to see a default logout confirmation page, or you can `POST /logout` to initiate logout.
This will:
- clear the `ServerCsrfTokenRepository`, `ServerSecurityContextRepository`, and
- redirect back to the login page
Often, you will want to also invalidate the session on logout.
To achieve this, you can add the `WebSessionServerLogoutHandler` to your logout configuration, like so:
[source,java]
----
@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler()
);
http
.authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
.logout((logout) -> logout.logoutHandler(logoutHandler));
return http.build();
}
----