public class MyLogoutHandler implements LogoutHandler {
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private RedisTemplate<String, TokenEntity> tokenEntityRedisTemplate;
@Override
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
logger.info("开始执行退出逻辑===");
// 获取Token
String accessToken = request.getHeader(Constant.AUTHORIZATION);
accessToken = accessToken.replace("Bearer ", "");
String telephone = null;
if (accessToken != null) {
DecodedJWT jwt = JWT.decode(accessToken);
telephone = String.valueOf(jwt.getClaims().get(com.codeus.basic.constant.Constant.USER_INFO).asMap().get("telephone"));
}
TokenUtil.logout(telephone,tokenEntityRedisTemplate,accessToken);
logger.info("执行退出成功==");
}
}
修改WebSecurityConfig
protected void configure(HttpSecurity http) throws Exception {
// 由于使用的是JWT,我们这里不需要csrf
http.cors().
and().csrf().disable()
.authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll().and()
.logout().addLogoutHandler(getLogoutHandler()).logoutSuccessHandler(getLogoutSuccessHandler()).and()
.addFilterBefore(getPhoneLoginAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(getQrLoginAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(getUsernameLoginAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(getOpenIdLoginAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(getCodeLoginAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class)
.authorizeRequests().antMatchers("/oauth/**").permitAll().and()
.authorizeRequests().antMatchers("/logout/**").permitAll().and()
.authorizeRequests().antMatchers("/js/**","/favicon.ico").permitAll().and()
.authorizeRequests().antMatchers("/v2/api-docs/**","/webjars/**","/swagger-resources/**","/*.html").permitAll().and()
// 其余所有请求全部需要鉴权认证
.authorizeRequests().anyRequest().authenticated()
;
}