SpringSecurity如何退出登录

⒈如何退出登录？　　

　　SpringSecurity默认为我们提供了退出操作，我们只需要访问特定的url就可以退出登录了

 <!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
     <title>退出登录</title>
 </head>
 <body>
     <a href="/logout">退出登录</a>
 </body>
 </html>

⒉SpringSecurity默认为我们做了什么？

　　1.使当前Session失效

　　2.清除与当前用户相关的remember-me记录

　　3.清空当前的SecurityContext

　　4.重定向到登陆页面

⒊我们如何自定义退出登录

 package cn.coreqi.security.config;

 import cn.coreqi.security.Filter.SmsCodeFilter;
 import cn.coreqi.security.Filter.ValidateCodeFilter;
 import cn.coreqi.security.handler.CoreqiLogoutSuccessHandler;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

 @Configuration
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

     @Autowired
     private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler;

     @Autowired
     private AuthenticationFailureHandler coreqiAuthenticationFailureHandler;

     @Autowired
     private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

     @Bean
     public PasswordEncoder passwordEncoder(){
         return NoOpPasswordEncoder.getInstance();
     }

     @Override
     protected void configure(HttpSecurity http) throws Exception {
         ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
         validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);

         SmsCodeFilter smsCodeFilter = new SmsCodeFilter();

         //http.httpBasic()    //httpBasic登录 BasicAuthenticationFilter
         http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class)    //加载用户名密码过滤器的前面
                 .addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)    //加载用户名密码过滤器的前面
                 .formLogin()    //表单登录 UsernamePasswordAuthenticationFilter
                     .loginPage("/coreqi-signIn.html")  //指定登录页面
                     //.loginPage("/authentication/require")
                     .loginProcessingUrl("/authentication/form") //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址
                     .successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要用我们自定义的登录成功处理器，不用Spring默认的。
                     .failureHandler(coreqiAuthenticationFailureHandler) //自己体会把
                 .and()
                 .logout()   //退出登录相关配置
                     .logoutUrl("signOut")   //自定义退出登录页面
                     .logoutSuccessHandler(new CoreqiLogoutSuccessHandler()) //退出成功后要做的操作（如记录日志），和logoutSuccessUrl互斥
                     //.logoutSuccessUrl("/index") //退出成功后跳转的页面
                     .deleteCookies("JSESSIONID")    //退出时要删除的Cookies的名字
                 .and()
                 .authorizeRequests()    //对授权请求进行配置
                     .antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll() //指定登录页面不需要身份认证
                     .anyRequest().authenticated()  //任何请求都需要身份认证
                     .and().csrf().disable()    //禁用CSRF
                 .apply(smsCodeAuthenticationSecurityConfig);
             //FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环
     }
 }