스프링 시큐리티 로그아웃 하기

먼저

생성한다
그다음

customLogout.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
     <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
    <%@taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1>Logout Page</h1>
<form action="/customLogout" method="post">
<input type="hidden" name="${_csrf.parameterName }" value="${_csrf.token }"/>
<button>로그아웃</button>
</form>
</body>
</html>

CommonController.java

package org.conan.controller;

import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;

import lombok.extern.log4j.Log4j;

@Controller
@Log4j
public class CommonController {
	@GetMapping("/accessError")
	public void accessDenied(Authentication auth, Model model) {
		log.info("access Denied : "+auth);
		model.addAttribute("msg", "Access Denied");
	}
	
	@GetMapping("/customLogin")
	public void loginInput(String error, String logout, Model model) {
		log.info("error : "+error);
		log.info("logout : "+error);
		if(error != null) {
			model.addAttribute("error", "Login Error Check Your Account");
		}
		if(logout != null) {
			model.addAttribute("logout", "LogOut!");
		}
		
	}
	
	@GetMapping("/customLogout")
	public void logoutGET() {
		log.info("custom logout~");
	}
}

security-context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:security="http://www.springframework.org/schema/security"
   xsi:schemaLocation="http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security-5.2.xsd
      http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">


   <security:http auto-config="true" use-expressions="true">
   <security:intercept-url pattern="/sample/all" access="permitAll" />
   <security:intercept-url pattern="/sample/member" access="hasRole('ROLE_MEMBER')" />
   <security:intercept-url pattern="/sample/admin" access="hasRole('ROLE_ADMIN')" />
      <security:form-login login-page="/customLogin" authentication-success-handler-ref="customLoginSuccess"/>
      <!-- 내가 만든 로그인 페이지(/customLogin) 를 쓰겠다고 하는거 -->
      <security:logout logout-url="/customLogout" invalidate-session="true"/>
   <security:access-denied-handler ref="customAccessDenied"/>
   </security:http>
   <security:authentication-manager>
   <security:authentication-provider>
   	<security:user-service>
   		<security:user name="member" password="{noop}member" authorities="ROLE_MEMBER"/>
   		<security:user name="admin" password="{noop}admin" authorities="ROLE_MEMBER, ROLE_ADMIN"/>
   	</security:user-service>
   </security:authentication-provider>
   </security:authentication-manager>
		
<bean id="customAccessDenied" class="org.conan.security.CustomAccessDeniedHandler"></bean>
<bean id="customLoginSuccess" class="org.conan.security.CustomLoginSuccessHandler"></bean>
<bean id="bcryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
</beans>

이렇게하면 로그아웃이 되고 로그아웃이 되면
로그인 페이지에서 로그아웃이 됐다고 뜬다

좋은 웹페이지 즐겨찾기