Java – spring starts security, and oauth2 logs off to invalidate the session, so as to complete the authentication and approval cycle in the authorization server
I've been following Dave syer tutorial, SSO and oauth2, Part 5 https://github.com/spring-guides/tut-spring-security-and-angular-js/tree/master/oauth2
It has UI / API gateway, resource server and authorization server When I click log out from the UI / API gateway application, I get the following, enter image description here CORS problem
What's happening in the Dave syer tutorial right now is that when a user clicks log off, it changes the authentication flag to false, which makes it appear that the user has logged off, but they just log off from the UI / API gateway application
When users click log in, remember that they are not logged out of the authentication server Therefore, the user will not pass the authentication and approval cycle again
What I want is that when the user clicks log out and tries to log in again, the user must enter a user name and password In fact, they should restart, which means that the system should invalidate the session and / or token
I've been banging against the wall trying to find a solution Anyone can point out how to solve / achieve this
Solution
@SuppressWarnings("null")
@SuppressWarnings("null") @RequestMapping(value="/login") public String login(HttpServletRequest request){ HttpSession session= request.getSession(); SecurityContextHolder.clearContext(); if(session == null) { session.invalidate(); } return"login"; }