diff --git a/ym-admin/src/main/java/com/cnbm/admin/config/SecurityConfig.java b/ym-admin/src/main/java/com/cnbm/admin/config/SecurityConfig.java index d6fb33b..fbbd13b 100644 --- a/ym-admin/src/main/java/com/cnbm/admin/config/SecurityConfig.java +++ b/ym-admin/src/main/java/com/cnbm/admin/config/SecurityConfig.java @@ -1,6 +1,7 @@ package com.cnbm.admin.config; import com.cnbm.admin.filter.JwtAuthenticationTokenFilter; +import com.cnbm.admin.handler.LogoutSuccessHandlerImpl; import com.cnbm.admin.service.impl.UserDetailsServiceImpl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; @@ -45,6 +46,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsServiceImpl userDetailsService; + @Autowired + private LogoutSuccessHandlerImpl logoutSuccessHandler; + @Override protected void configure(HttpSecurity http) throws Exception { @@ -56,14 +60,19 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .and() .authorizeRequests() // 对于登录接口 允许匿名访问 - .antMatchers("/login","/swagger/**","/v2/**", + .antMatchers("/login","/doLogout","/swagger/**","/v2/**", "/doc.html", "/swagger-resources/**", "/swagger-ui/**", "/webjars/**").anonymous() // .antMatchers("/testCors").hasAuthority("system:dept:list222") // 除上面外的所有请求全部需要鉴权认证 - .anyRequest().authenticated(); + .anyRequest() + .authenticated() + // 退出登录,默认为/logout,这里修改接口地址为 /doLogout + .and().logout().logoutUrl("/doLogout") + // 设置退出登录成功处理程序,退出成功后返回JSON字符串 + .logoutSuccessHandler(logoutSuccessHandler); //添加过滤器 http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);