对于最新的稳定版本，请使用 Spring Security 6.5.3！spring-doc.cadn.net.cn

注销

默认情况下，Spring Security 提供注销端点。登录后，您可以GET /logout查看默认注销确认页面，或者您可以POST /logout以启动注销。这将：spring-doc.cadn.net.cn

清除ServerCsrfTokenRepository,ServerSecurityContextRepository和spring-doc.cadn.net.cn
重定向回登录页面spring-doc.cadn.net.cn

通常，您还希望在注销时使会话失效。为此，您可以将WebSessionServerLogoutHandler到注销配置，如下所示：spring-doc.cadn.net.cn

Javaspring-doc.cadn.net.cn
Kotlinspring-doc.cadn.net.cn

@Bean
SecurityWebFilterChain http(ServerHttpSecurity http) throws Exception {
    DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler(
            new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler()
    );

    http
        .authorizeExchange((exchange) -> exchange.anyExchange().authenticated())
        .logout((logout) -> logout.logoutHandler(logoutHandler));

    return http.build();
}

@Bean
fun http(http: ServerHttpSecurity): SecurityWebFilterChain {
    val customLogoutHandler = DelegatingServerLogoutHandler(
        WebSessionServerLogoutHandler(), SecurityContextServerLogoutHandler()
    )

    return http {
        authorizeExchange {
            authorize(anyExchange, authenticated)
        }
        logout {
            logoutHandler = customLogoutHandler
        }
    }
}