一：Spring Security默认退出处理逻辑

使当前session失效清楚与当前用户相关的remember-me记录清空当前的SecurityContext重定向到登录页

二：Spring Security 登出配置

spring security登出配置sping给出了一套默认值，如果不使用默认值，可以配置自己的值

logoutUrl：登出对应的地址logoutSuccessHandler：登出成功后可以在这里处理自己的登出逻辑deleteCookies：登出成功后删除指定的Cookie protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .antMatchers("/login", "/session/invalid", "/logout", "/signOut").permitAll() .logout() .logoutUrl("/logout") .logoutSuccessHandler(myLogoutSuccessHandler) .deleteCookies("JSESSIONID") .permitAll(); } @Slf4j @Component public class MyLogoutSuccessHandler implements LogoutSuccessHandler { @Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { log.info("退出成功"); response.sendRedirect("/signOut"); } }

三：登出页面

路径与视图的简单映射

@Configuration public class WebMvcConfiguration implements WebMvcConfigurer { @Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/login").setViewName("login"); registry.addViewController("/signOut").setViewName("signOut"); registry.addViewController("/index").setViewName("index"); } }

signOut.html 登出页面

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="utf-8"> <title>退出</title> </head> <body> 退出成功 </body> </html>