All geek questions in one place

Spring boot Security, Oauth2 exit, invalid session to go through the authentication and approval cycle on the authorization server

I am following the Dave Syer tutorial, SSO with OAuth2, part 5 https://github.com/spring-guides/tut-spring-security-and-angular-js/tree/master/oauth2

It has a UI / API gateway, resource server, and authorization server. When I exit the UI / API application exit, I get the following: enter here image description Cors issue

What is currently coming from the Dave Syer tutorial is that when the user logs out, he changes the authentication flag to false, so it seems that the user is logged out, but they just left the UI / API gateway application.

When the user clicks on the login, remember that they do not have an exit from the authentication server. Thus, the user has not yet gone through the authentication and approval cycle.

What I want, when the user logs out and tries to log in again, the user must enter a username and password. In fact, they should start over, that is, the system must cancel the session and / or token.

I hit my head against the wall, trying to find a solution for this. Can anyone point out how to solve / achieve this.

+4
source share
2 answers
@SuppressWarnings("null")
    @RequestMapping(value="/login")
    public String login(HttpServletRequest request){
         HttpSession session= request.getSession();
        SecurityContextHolder.clearContext();
        if(session == null) {
            session.invalidate();
        }
        return"login";
    }
0
source

. , , , , -, SSO, , () ( oauth2). Dave Syers . , .

0

Source: https://habr.com/ru/post/1652078/

More articles:


All Articles