Spring Security OAuth2 token存储Redis用户登出logOut

Redis用户登出有两种方案,一种是通过资源服务器配置logoutSuccessHandler处理函数，并实现LogoutSuccessHandler接口来处理退出用户；
另外一种是自定义封装接口，通过RedisTokenStore来删除用户信息的形式；

1.通过资源服务器配置的方式
ResourceServerConfigurerAdapter配置
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(“/auth_user/*”).denyAll()
.antMatchers(“/oauth2/**”,”/oauth/**”).permitAll()
.anyRequest().authenticated()
.and()
.logout()
//
.logoutSuccessHandler(logoutSuccessHandler)
.and()
.csrf().disable();

} 
退出成功处理LogoutSuccessHandler类

package com.yaomy.security.oauth2.handler;

import com.yaomy.common.enums.HttpStatusMsg;
import com.yaomy.common.po.BaseResponse;
import com.yaomy.common.utils.HttpUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
* @Description: 用户成功退出
* @ProjectName: spring-parent
* @Package: com.yaomy.security.handler.AjaxLogoutSuccessHandler
* @Date: 2019/7/1 15:39
* @Version: 1.0
*//*

@Component
public class UserLogoutSuccessHandler implements LogoutSuccessHandler {
@Autowired
private TokenStore tokenStore;

@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
String accessToken = request.getParameter(“access_token”);
if(StringUtils.isNotBlank(accessToken)){
OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(accessToken);
if(oAuth2AccessToken != null){
System.out.println(“—-access_token是：”+oAuth2AccessToken.getValue());
tokenStore.removeAccessToken(oAuth2AccessToken);
OAuth2RefreshToken oAuth2RefreshToken = oAuth2AccessToken.getRefreshToken();
tokenStore.removeRefreshToken(oAuth2RefreshToken);
tokenStore.removeAccessTokenUsingRefreshToken(oAuth2RefreshToken);
}
}
HttpUtils.writeSuccess(BaseResponse.createResponse(HttpStatusMsg.OK.getStatus(), “退出成功”), response);

}
} 
2.自定义退出接口方案
@RequestMapping(value = “refresh_token”, method = RequestMethod.POST)
public ResponseEntity<BaseResponse> refreshToken(String refresh_token){

ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
resource.setClientId(resourceClientId);
resource.setClientSecret(resourceClientSecret);
resource.setGrantType(“refresh_token”);
resource.setAccessTokenUri(tokenUri);

ResourceOwnerPasswordAccessTokenProvider provider = new ResourceOwnerPasswordAccessTokenProvider();
OAuth2RefreshToken refreshToken = tokenStore.readRefreshToken(refresh_token);
OAuth2AccessToken accessToken = provider.refreshAccessToken(resource, refreshToken, new DefaultAccessTokenRequest());
BaseResponse response = BaseResponse.createResponse(HttpStatusMsg.OK, accessToken);
return ResponseEntity.ok(response);
}
————————————————
版权声明：本文为CSDN博主「随风yy」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。
原文链接：https://blog.csdn.net/yaomingyang/article/details/97284851