我试图....如何在用户注销oauth 2.0时删除refreshtoken和访问令牌?
<sec:logout invalidate-session="true" logout-success-url="/logoutsuccess" logouturl="/logout/>
,但它不能正常工作.... 我想清楚一切都像刷新令牌和访问令牌会话,饼干当用户注销....
我的安全servlet.xml中看起来像这样
<!-- Protected resources -->
<sec:http create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager"
xmlns="http://www.springframework.org/schema/security">
<sec:anonymous enabled="false" />
<sec:intercept-url pattern="/data/user/*"
access="IS_AUTHENTICATED_FULLY" />
<sec:logout delete-cookies="JSESSIONID" invalidate-session="true" />
<sec:custom-filter ref="resourceServerFilter"
before="PRE_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
</sec:http>
有什么办法解决这个使用配置? – Prince 2014-09-25 12:42:53