Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 00:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
spring-security/docs/modules/ROOT/pages/reactive/logout.adoc
Rob Winch f01a13aa52 Antora 
mkdir -p docs/modules/ROOT/
mkdir -p docs/modules/ROOT/pages/
git checkout antora-2.x docs/antora.yml
git checkout antora-2.x docs/modules/ROOT/nav.adoc
mv docs/manual/src/docs/asciidoc/images docs/modules/ROOT/
mv docs/manual/src/docs/asciidoc/_includes/* docs/modules/ROOT/pages/
cp ~/code/rwinch/spring-reference/*antora* ~/code/spring-projects/spring-security/
mv docs/modules/ROOT/pages/about docs/modules/ROOT/pages/overview
2021-09-23 15:45:22 -05:00

29 lines
976 B
Plaintext
Raw Blame History

[[reactive-logout]]
= Logout
Spring Security provides a logout endpoint by default.
Once logged in, you can `GET /logout` to see a default logout confirmation page, or you can `POST /logout` to initiate logout.
This will:
- clear the `ServerCsrfTokenRepository`, `ServerSecurityContextRepository`, and
- redirect back to the login page
Often, you will want to also invalidate the session on logout.
To achieve this, you can add the `WebSessionServerLogoutHandler` to your logout configuration, like so:
[source,java]
----
@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler()
);
http
.authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
.logout((logout) -> logout.logoutHandler(logoutHandler));
return http.build();
}
----
Reference in New Issue View Git Blame Copy Permalink