package com.blueskykong.auth.security.filter; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2RefreshToken; import org.springframework.security.oauth2.common.exceptions.BadClientCredentialsException; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.web.authentication.logout.LogoutHandler; import org.springframework.util.Assert; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * @author keets * @date 2017/10/17 */ public class CustomLogoutHandler implements LogoutHandler { private static final Logger LOGGER = LoggerFactory.getLogger(CustomLogoutHandler.class); @Autowired private TokenStore tokenStore; @Override public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { Assert.notNull(tokenStore, "tokenStore must be set"); String token = request.getHeader("Authorization"); Assert.hasText(token, "token must be set"); if (isJwtBearerToken(token)) { token = token.substring(6).trim(); OAuth2AccessToken existingAccessToken = tokenStore.readAccessToken(token); OAuth2RefreshToken refreshToken; if (existingAccessToken != null) { if (existingAccessToken.getRefreshToken() != null) { LOGGER.info("remove refreshToken!", existingAccessToken.getRefreshToken()); refreshToken = existingAccessToken.getRefreshToken(); tokenStore.removeRefreshToken(refreshToken); } LOGGER.info("remove existingAccessToken!", existingAccessToken); tokenStore.removeAccessToken(existingAccessToken); } return; } else { throw new BadClientCredentialsException(); } } private boolean isJwtBearerToken(String token) { return StringUtils.countMatches(token, ".") == 2 && (token.startsWith("Bearer") || token.startsWith("bearer")); } }