原理

1. 清除Cookie
2. 清除当前用户的remember-me记录
3. 使当前session失效
4. 清空当前的SecurityContext
5. 重定向到登录界面

Spring Security的退出请求（默认为/logout）由LogoutFilter过滤器拦截处理

实现

主页中添加退出链接

配置MerryyouSecurityConfig

源码分析

LogoutFilter#doFilter

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        // 1 匹配到/logout请求
        if (requiresLogout(request, response)) {
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
            // 2 清空Cookie、remember-me、session和SecurityContext
            this.handler.logout(request, response, auth);
            // 3 重定向到注册界面
            logoutSuccessHandler.onLogoutSuccess(request, response, auth);

            return;
        }

        chain.doFilter(request, response);
    }

• CookieClearingLogoutHandler清空Cookie
• PersistentTokenBasedRememberMeServices清空remember-me
• SecurityContextLogoutHandler 使当前session无效,清空当前的SecurityContext

CookieClearingLogoutHandler#logout

Cookie置为null

PersistentTokenBasedRememberMeServices#logout

清空persistent_logins表中记录

SecurityContextLogoutHandler#logout

使当前session失效
清空当前的SecurityContext

AbstractAuthenticationTargetUrlRequestHandler#handle

获取配置的跳转地址
跳转请求