[英]Spring Oauth2 SSO - Unable to logout from the Auth server
I am using @EnableOauth2Sso
following an architecture similar as the one described in Spring's oauth2 tutorial : an auth server, a zuul proxy that enables the sso, a separated UI application etc. 我使用
@EnableOauth2Sso
遵循与Spring的oauth2教程中描述的架构类似的架构:身份验证服务器,启用sso的zuul代理,独立的UI应用程序等。
Auth server ---- Resource Server (Zuul app) ---- Angular UI App
The problem is that when the UI logs out against the resource server it successfully deletes the resource server JSESSIONID, then the user is redirected to a home page. 问题是,当UI针对资源服务器注销时,它成功删除了资源服务器JSESSIONID,然后将用户重定向到主页。 When the user wants to login again, he's redirected to the auth server but instead of asking for the user+password, it considers he's still logged.
当用户想要再次登录时,他被重定向到身份验证服务器,但是没有询问用户+密码,而是认为他仍在登录。 The auth server JSESSIONID is still there and wasn't affected by the previous Resource Server lougout.
身份验证服务器JSESSIONID仍然存在,并且不受以前的资源服务器中断的影响。
How could I also logout from the auth server? 我如何也可以从身份验证服务器注销?
Since there isn't an out of the box Spring OAuth2 Single Logout we had to work around this creating a /revoke endpoint that calls the Auth Server to logout from it: 由于没有开箱即用的Spring OAuth2 Single Logout,我们必须解决此问题,以创建一个/ revoke端点,该端点调用Auth Server从中注销:
UI: 用户界面:
$http({
method: 'POST',
url: API + '/logout'
}).then(function() {
$http({
method: 'GET',
url: API + '/auth/oauth/session/revoke'
}).then(function() {
window.location = '/';
});
});
Zuul server: Zuul服务器:
zuul:
...
routes:
authServer:
path: /auth/**
url: ${authServer.url}/auth/
...
Auth Server: 验证服务器:
@RestController
public class RevokeController {
@RequestMapping(value = "/oauth/session/revoke", method = RequestMethod.GET)
public void revoke(HttpServletRequest request) throws InvalidClientException {
request.getSession().invalidate();
}
}
This is correct the behavior, when you logout form Angular app, it will not logout from Auth server. 这是正确的行为,当您从Angular应用注销时,它不会从Auth服务器注销。
Example :- Suppose we want to login stackoverflow.com using google or facebook account, we need not to enter password again, ones we are login to Auth service. 示例:-假设我们要使用google或facebook帐户登录stackoverflow.com,我们不需要再次输入密码,我们要登录Auth服务。
If we need to show SSO login again and again , we need to logout Angular UI and OAuth server both. 如果需要一次又一次显示SSO登录,则需要注销Angular UI和OAuth服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.