foreword
Earlier we explained the process of user login and user authorization. Today we will take a look at the common functions of logout and automatic login in the system!
logout operation
For the logout operation, we first need to add our logout path in our configuration class. For the main configuration, see the code marked in red below, which marks the exit path and the launched handler processing class.
@Override protected void configure(HttpSecurity http) throws Exception { logger.info("========================= Configuration file parameters - enable: {}, checkToken : {}",enable,checkToken); http.cors(); http.exceptionHandling() .authenticationEntryPoint(new UnauthEntryPoint()) // no access.and ().csrf().disable() // close csrf Protection.authorizeRequests () .anyRequest().authenticated() //Any request can be accessed after login.and ().logout().logoutUrl(loginOutUrl)//exit path.addLogoutHandler (new TokenLogoutHandler(tokenManager,redisService) ) .and() .addFilter(new TokenLoginFilter(authenticationManager(), tokenManager, redisService, loginUrl, permissionSuffix)) .addFilter(new TokenAuthFilter(authenticationManager(), tokenManager, redisService, permissionSuffix, oldTokenSuffix, refTokenSuffix, Boolean.valueOf(enable), Boolean.valueOf(checkToken), Boolean.valueOf(checkPermission))).httpBasic(); // . and().sessionManagement().maximumSessions(1); // Set up to allow one person to log in, the latter will kick the former }
TokenLogoutHandler
Exit Handler to clear the token information in the cache for us
@Override public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { //1 get token from header //2 token is not empty, remove token, delete token from redis String token = request.getHeader("token" ); if(token != null) { //Remove tokenManager.removeToken(token); //Get username from token String username = tokenManager.getUserInfoFromToken(token,response); if(!StringUtils.isEmpty(username)) { redisService.delete(username); } } ResponseUtil.out(response, new ApiResult()); }
remember me
The automatic login function provided by Spring Security is the remember me option that we usually see on many websites.
Today we look at the remember me function based on the database table.
Table Structure
The table creation statement is as follows:
CREATE TABLE `persistent_logins` ( `username` varchar(64) NOT NULL, `series` varchar(64) NOT NULL, `token` varchar(64) NOT NULL, `last_used` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`series`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8
database configuration file
spring: application: name: blog-web datasource: driver-class-name: com.mysql.jdbc.Driver url: jdbc:mysql://127.0.0.1:3306/test?serverTimezone=GMT%2B8&zeroDateTimeBehavior=convertToNull username: root1 password: root1
Spring Security configuration class
remember me page
Remember me:
here: the value of the name attribute must be remember-me. It cannot be changed to other values
Well, let’s stop here today about the logout and automatic login functions.
Welcome everyone to click on the card below to pay attention to "coder trainees"