mirror of
				https://github.com/spring-projects/spring-security.git
				synced 2025-10-26 20:28:44 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			55 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			55 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| [[reactive-logout]]
 | |
| = Logout
 | |
| 
 | |
| Spring Security provides a logout endpoint by default.
 | |
| Once logged in, you can `GET /logout` to see a default logout confirmation page, or you can `POST /logout` to initiate logout.
 | |
| This will:
 | |
| 
 | |
| - clear the `ServerCsrfTokenRepository`, `ServerSecurityContextRepository`, and
 | |
| - redirect back to the login page
 | |
| 
 | |
| Often, you will want to also invalidate the session on logout.
 | |
| To achieve this, you can add the `WebSessionServerLogoutHandler` to your logout configuration, like so:
 | |
| 
 | |
| [tabs]
 | |
| ======
 | |
| Java::
 | |
| +
 | |
| [source,java,role="primary"]
 | |
| ----
 | |
| @Bean
 | |
| SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
 | |
|     DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
 | |
|             new SecurityContextServerLogoutHandler(), new WebSessionServerLogoutHandler()
 | |
|     );
 | |
| 
 | |
|     http
 | |
|         .authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
 | |
|         .logout((logout) -> logout.logoutHandler(logoutHandler));
 | |
| 
 | |
|     return http.build();
 | |
| }
 | |
| ----
 | |
| 
 | |
| Kotlin::
 | |
| +
 | |
| [source,kotlin,role="secondary"]
 | |
| ----
 | |
| @Bean
 | |
| fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
 | |
|     val customLogoutHandler = DelegatingServerLogoutHandler(
 | |
|         SecurityContextServerLogoutHandler(), WebSessionServerLogoutHandler()
 | |
|     )
 | |
|     
 | |
|     return http {
 | |
|         authorizeExchange {
 | |
|             authorize(anyExchange, authenticated)
 | |
|         }
 | |
|         logout {
 | |
|             logoutHandler = customLogoutHandler
 | |
|         }
 | |
|     }
 | |
| }
 | |
| ----
 | |
| ======
 |