Security OAuth2 Single Sign Off












0















I have two clients (client1, client2) and an OAuth (authorization, resource).



I want to logout from one of clients and the other will be logout. I have tried this spring-boot-oauth2-single-sign-off-logout but this only logout my client1 and client2 is still logged in!



Then I try to revoke my tokens while I use this code below:



String username = principal.getName();

Collection<OAuth2AccessToken> accessTokens = tokenStore.findTokensByClientIdAndUserName("client1", username);

accessTokens.forEach(a -> tokenServices.revokeToken(a.getValue()));


This code did not work, even the client1 is still logged in! While I see my redis is empty and there is no token already, but my client1 is still logged in! How that possible?



===========================================================================
Here is my configuration:



Client - application.yml:



server:

  port: 8081

  servlet:

    context-path: /clt1



spring:

  application:

    name: client1



  thymeleaf: 

    cache: false



security:

  oauth2:

    client:

      client-id: client1 

      client-secret: secret1

      userAuthorizationUri: http://localhost:8000/oa/oauth/authorize

      access-token-uri: http://localhost:8000/oa/oauth/token

      scope: read, write

      #pre-established-redirect-uri: http://localhost:8081/clt1/callback 

      #registered-redirect-uri: http://localhost:8081/clt1/callback

      #use-current-uri: false 

    resource:

      user-info-uri: http://localhost:8000/oa/user 

      #jwt:

      #  key-uri: http://localhost:8000/oa/oauth/token_key 



logging:

  level:

    root: info


Client - SecurityConfig:



@Configuration

@EnableOAuth2Sso

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {



        http

            .csrf().disable()

            .antMatcher("/**")

            .authorizeRequests()

            .antMatchers().permitAll()

            .anyRequest().authenticated()

            .and()

            .logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();

    }



}


Oauth - application.yml:



server:

  port: 8000

  servlet:

    context-path: /oa



spring:

  application:

    name: security



  redis:

    host: 127.0.0.1

    port: 6379



  thymeleaf: 

    cache: false



logging:

  level:

    root: info


Oauth - AuthorizationConfig:



@Configuration

@EnableAuthorizationServer

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {



    @Autowired

    private TokenStore tokenStore;



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients

            .inMemory()

            .withClient("client1")

            .secret(passwordEncoder.encode("secret1"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8081/clt1/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true)

            .and()

            .withClient("client2")

            .secret(passwordEncoder.encode("secret2"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8082/clt2/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true);

    }



    @Override

    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.tokenStore(tokenStore);

    }



}


Oauth - ResourceConfig:



@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {



    @Override

    public void configure(HttpSecurity http) throws Exception {

        http

            .antMatcher("/**")

            .authorizeRequests().anyRequest().authenticated();

    }



}


Oauth - SecurityConfig:



@Configuration

@EnableWebSecurity

@Order(1)//SecurityConfig >> ResourceConfig

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Autowired

    private CustomUserDetailsService customUserDetailsService;



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

            .csrf().disable()

            .requestMatchers()

            .antMatchers("/loginPage", "/login**", "/registerPage", "/register", "/oauth/authorize", "/revokeClient")

            .and()

            .authorizeRequests()

            .antMatchers("/registerPage", "/register").permitAll()

            .anyRequest()

            .authenticated()

            .and()

            .formLogin().loginPage("/loginPage").loginProcessingUrl("/login").permitAll();



    }



    @Override

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);

    }



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/css/**", "/docs/**", "/fonts/**", "/img/**", "/js/**", "/plugins/**");

    }



}


Oauth - Application:



@SpringBootApplication

@Configuration

public class SsoDemoOauthApplication {



    @Bean

    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();

    }



    @Autowired

    private RedisConnectionFactory connectionFactory;



    @Bean

    public TokenStore tokenStore() {

        return new RedisTokenStore(connectionFactory);

    }



    public static void main(String args) {

        SpringApplication.run(SsoDemoOauthApplication.class, args);

    }



}





java spring-boot redis token spring-security-oauth2







share|improve this question

























  • what kind of token are you using ?

    – JEY
    Nov 26 '18 at 9:22











  • I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

    – exces
    Nov 27 '18 at 1:38













  • Could you provide your spring configuration ?

    – JEY
    Nov 27 '18 at 8:33











  • Hi @JEY. I pasted all my configuration.

    – exces
    Nov 28 '18 at 8:47
















0















I have two clients (client1, client2) and an OAuth (authorization, resource).



I want to logout from one of clients and the other will be logout. I have tried this spring-boot-oauth2-single-sign-off-logout but this only logout my client1 and client2 is still logged in!



Then I try to revoke my tokens while I use this code below:



String username = principal.getName();

Collection<OAuth2AccessToken> accessTokens = tokenStore.findTokensByClientIdAndUserName("client1", username);

accessTokens.forEach(a -> tokenServices.revokeToken(a.getValue()));


This code did not work, even the client1 is still logged in! While I see my redis is empty and there is no token already, but my client1 is still logged in! How that possible?



===========================================================================
Here is my configuration:



Client - application.yml:



server:

  port: 8081

  servlet:

    context-path: /clt1



spring:

  application:

    name: client1



  thymeleaf: 

    cache: false



security:

  oauth2:

    client:

      client-id: client1 

      client-secret: secret1

      userAuthorizationUri: http://localhost:8000/oa/oauth/authorize

      access-token-uri: http://localhost:8000/oa/oauth/token

      scope: read, write

      #pre-established-redirect-uri: http://localhost:8081/clt1/callback 

      #registered-redirect-uri: http://localhost:8081/clt1/callback

      #use-current-uri: false 

    resource:

      user-info-uri: http://localhost:8000/oa/user 

      #jwt:

      #  key-uri: http://localhost:8000/oa/oauth/token_key 



logging:

  level:

    root: info


Client - SecurityConfig:



@Configuration

@EnableOAuth2Sso

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {



        http

            .csrf().disable()

            .antMatcher("/**")

            .authorizeRequests()

            .antMatchers().permitAll()

            .anyRequest().authenticated()

            .and()

            .logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();

    }



}


Oauth - application.yml:



server:

  port: 8000

  servlet:

    context-path: /oa



spring:

  application:

    name: security



  redis:

    host: 127.0.0.1

    port: 6379



  thymeleaf: 

    cache: false



logging:

  level:

    root: info


Oauth - AuthorizationConfig:



@Configuration

@EnableAuthorizationServer

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {



    @Autowired

    private TokenStore tokenStore;



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients

            .inMemory()

            .withClient("client1")

            .secret(passwordEncoder.encode("secret1"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8081/clt1/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true)

            .and()

            .withClient("client2")

            .secret(passwordEncoder.encode("secret2"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8082/clt2/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true);

    }



    @Override

    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.tokenStore(tokenStore);

    }



}


Oauth - ResourceConfig:



@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {



    @Override

    public void configure(HttpSecurity http) throws Exception {

        http

            .antMatcher("/**")

            .authorizeRequests().anyRequest().authenticated();

    }



}


Oauth - SecurityConfig:



@Configuration

@EnableWebSecurity

@Order(1)//SecurityConfig >> ResourceConfig

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Autowired

    private CustomUserDetailsService customUserDetailsService;



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

            .csrf().disable()

            .requestMatchers()

            .antMatchers("/loginPage", "/login**", "/registerPage", "/register", "/oauth/authorize", "/revokeClient")

            .and()

            .authorizeRequests()

            .antMatchers("/registerPage", "/register").permitAll()

            .anyRequest()

            .authenticated()

            .and()

            .formLogin().loginPage("/loginPage").loginProcessingUrl("/login").permitAll();



    }



    @Override

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);

    }



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/css/**", "/docs/**", "/fonts/**", "/img/**", "/js/**", "/plugins/**");

    }



}


Oauth - Application:



@SpringBootApplication

@Configuration

public class SsoDemoOauthApplication {



    @Bean

    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();

    }



    @Autowired

    private RedisConnectionFactory connectionFactory;



    @Bean

    public TokenStore tokenStore() {

        return new RedisTokenStore(connectionFactory);

    }



    public static void main(String args) {

        SpringApplication.run(SsoDemoOauthApplication.class, args);

    }



}





java spring-boot redis token spring-security-oauth2







share|improve this question

























  • what kind of token are you using ?

    – JEY
    Nov 26 '18 at 9:22











  • I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

    – exces
    Nov 27 '18 at 1:38













  • Could you provide your spring configuration ?

    – JEY
    Nov 27 '18 at 8:33











  • Hi @JEY. I pasted all my configuration.

    – exces
    Nov 28 '18 at 8:47














0












0








0








I have two clients (client1, client2) and an OAuth (authorization, resource).



I want to logout from one of clients and the other will be logout. I have tried this spring-boot-oauth2-single-sign-off-logout but this only logout my client1 and client2 is still logged in!



Then I try to revoke my tokens while I use this code below:



String username = principal.getName();

Collection<OAuth2AccessToken> accessTokens = tokenStore.findTokensByClientIdAndUserName("client1", username);

accessTokens.forEach(a -> tokenServices.revokeToken(a.getValue()));


This code did not work, even the client1 is still logged in! While I see my redis is empty and there is no token already, but my client1 is still logged in! How that possible?



===========================================================================
Here is my configuration:



Client - application.yml:



server:

  port: 8081

  servlet:

    context-path: /clt1



spring:

  application:

    name: client1



  thymeleaf: 

    cache: false



security:

  oauth2:

    client:

      client-id: client1 

      client-secret: secret1

      userAuthorizationUri: http://localhost:8000/oa/oauth/authorize

      access-token-uri: http://localhost:8000/oa/oauth/token

      scope: read, write

      #pre-established-redirect-uri: http://localhost:8081/clt1/callback 

      #registered-redirect-uri: http://localhost:8081/clt1/callback

      #use-current-uri: false 

    resource:

      user-info-uri: http://localhost:8000/oa/user 

      #jwt:

      #  key-uri: http://localhost:8000/oa/oauth/token_key 



logging:

  level:

    root: info


Client - SecurityConfig:



@Configuration

@EnableOAuth2Sso

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {



        http

            .csrf().disable()

            .antMatcher("/**")

            .authorizeRequests()

            .antMatchers().permitAll()

            .anyRequest().authenticated()

            .and()

            .logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();

    }



}


Oauth - application.yml:



server:

  port: 8000

  servlet:

    context-path: /oa



spring:

  application:

    name: security



  redis:

    host: 127.0.0.1

    port: 6379



  thymeleaf: 

    cache: false



logging:

  level:

    root: info


Oauth - AuthorizationConfig:



@Configuration

@EnableAuthorizationServer

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {



    @Autowired

    private TokenStore tokenStore;



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients

            .inMemory()

            .withClient("client1")

            .secret(passwordEncoder.encode("secret1"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8081/clt1/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true)

            .and()

            .withClient("client2")

            .secret(passwordEncoder.encode("secret2"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8082/clt2/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true);

    }



    @Override

    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.tokenStore(tokenStore);

    }



}


Oauth - ResourceConfig:



@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {



    @Override

    public void configure(HttpSecurity http) throws Exception {

        http

            .antMatcher("/**")

            .authorizeRequests().anyRequest().authenticated();

    }



}


Oauth - SecurityConfig:



@Configuration

@EnableWebSecurity

@Order(1)//SecurityConfig >> ResourceConfig

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Autowired

    private CustomUserDetailsService customUserDetailsService;



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

            .csrf().disable()

            .requestMatchers()

            .antMatchers("/loginPage", "/login**", "/registerPage", "/register", "/oauth/authorize", "/revokeClient")

            .and()

            .authorizeRequests()

            .antMatchers("/registerPage", "/register").permitAll()

            .anyRequest()

            .authenticated()

            .and()

            .formLogin().loginPage("/loginPage").loginProcessingUrl("/login").permitAll();



    }



    @Override

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);

    }



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/css/**", "/docs/**", "/fonts/**", "/img/**", "/js/**", "/plugins/**");

    }



}


Oauth - Application:



@SpringBootApplication

@Configuration

public class SsoDemoOauthApplication {



    @Bean

    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();

    }



    @Autowired

    private RedisConnectionFactory connectionFactory;



    @Bean

    public TokenStore tokenStore() {

        return new RedisTokenStore(connectionFactory);

    }



    public static void main(String args) {

        SpringApplication.run(SsoDemoOauthApplication.class, args);

    }



}





java spring-boot redis token spring-security-oauth2







share|improve this question
















I have two clients (client1, client2) and an OAuth (authorization, resource).



I want to logout from one of clients and the other will be logout. I have tried this spring-boot-oauth2-single-sign-off-logout but this only logout my client1 and client2 is still logged in!



Then I try to revoke my tokens while I use this code below:



String username = principal.getName();

Collection<OAuth2AccessToken> accessTokens = tokenStore.findTokensByClientIdAndUserName("client1", username);

accessTokens.forEach(a -> tokenServices.revokeToken(a.getValue()));


This code did not work, even the client1 is still logged in! While I see my redis is empty and there is no token already, but my client1 is still logged in! How that possible?



===========================================================================
Here is my configuration:



Client - application.yml:



server:

  port: 8081

  servlet:

    context-path: /clt1



spring:

  application:

    name: client1



  thymeleaf: 

    cache: false



security:

  oauth2:

    client:

      client-id: client1 

      client-secret: secret1

      userAuthorizationUri: http://localhost:8000/oa/oauth/authorize

      access-token-uri: http://localhost:8000/oa/oauth/token

      scope: read, write

      #pre-established-redirect-uri: http://localhost:8081/clt1/callback 

      #registered-redirect-uri: http://localhost:8081/clt1/callback

      #use-current-uri: false 

    resource:

      user-info-uri: http://localhost:8000/oa/user 

      #jwt:

      #  key-uri: http://localhost:8000/oa/oauth/token_key 



logging:

  level:

    root: info


Client - SecurityConfig:



@Configuration

@EnableOAuth2Sso

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {



        http

            .csrf().disable()

            .antMatcher("/**")

            .authorizeRequests()

            .antMatchers().permitAll()

            .anyRequest().authenticated()

            .and()

            .logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();

    }



}


Oauth - application.yml:



server:

  port: 8000

  servlet:

    context-path: /oa



spring:

  application:

    name: security



  redis:

    host: 127.0.0.1

    port: 6379



  thymeleaf: 

    cache: false



logging:

  level:

    root: info


Oauth - AuthorizationConfig:



@Configuration

@EnableAuthorizationServer

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {



    @Autowired

    private TokenStore tokenStore;



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients

            .inMemory()

            .withClient("client1")

            .secret(passwordEncoder.encode("secret1"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8081/clt1/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true)

            .and()

            .withClient("client2")

            .secret(passwordEncoder.encode("secret2"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8082/clt2/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true);

    }



    @Override

    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.tokenStore(tokenStore);

    }



}


Oauth - ResourceConfig:



@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {



    @Override

    public void configure(HttpSecurity http) throws Exception {

        http

            .antMatcher("/**")

            .authorizeRequests().anyRequest().authenticated();

    }



}


Oauth - SecurityConfig:



@Configuration

@EnableWebSecurity

@Order(1)//SecurityConfig >> ResourceConfig

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Autowired

    private CustomUserDetailsService customUserDetailsService;



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

            .csrf().disable()

            .requestMatchers()

            .antMatchers("/loginPage", "/login**", "/registerPage", "/register", "/oauth/authorize", "/revokeClient")

            .and()

            .authorizeRequests()

            .antMatchers("/registerPage", "/register").permitAll()

            .anyRequest()

            .authenticated()

            .and()

            .formLogin().loginPage("/loginPage").loginProcessingUrl("/login").permitAll();



    }



    @Override

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);

    }



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/css/**", "/docs/**", "/fonts/**", "/img/**", "/js/**", "/plugins/**");

    }



}


Oauth - Application:



@SpringBootApplication

@Configuration

public class SsoDemoOauthApplication {



    @Bean

    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();

    }



    @Autowired

    private RedisConnectionFactory connectionFactory;



    @Bean

    public TokenStore tokenStore() {

        return new RedisTokenStore(connectionFactory);

    }



    public static void main(String args) {

        SpringApplication.run(SsoDemoOauthApplication.class, args);

    }



}





java spring-boot redis token spring-security-oauth2




java spring-boot redis token spring-security-oauth2






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 28 '18 at 8:45







exces

















asked Nov 26 '18 at 7:25









excesexces

11




11













  • what kind of token are you using ?

    – JEY
    Nov 26 '18 at 9:22











  • I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

    – exces
    Nov 27 '18 at 1:38













  • Could you provide your spring configuration ?

    – JEY
    Nov 27 '18 at 8:33











  • Hi @JEY. I pasted all my configuration.

    – exces
    Nov 28 '18 at 8:47



















  • what kind of token are you using ?

    – JEY
    Nov 26 '18 at 9:22











  • I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

    – exces
    Nov 27 '18 at 1:38













  • Could you provide your spring configuration ?

    – JEY
    Nov 27 '18 at 8:33











  • Hi @JEY. I pasted all my configuration.

    – exces
    Nov 28 '18 at 8:47

















what kind of token are you using ?

– JEY
Nov 26 '18 at 9:22





what kind of token are you using ?

– JEY
Nov 26 '18 at 9:22













I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

– exces
Nov 27 '18 at 1:38







I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

– exces
Nov 27 '18 at 1:38















Could you provide your spring configuration ?

– JEY
Nov 27 '18 at 8:33





Could you provide your spring configuration ?

– JEY
Nov 27 '18 at 8:33













Hi @JEY. I pasted all my configuration.

– exces
Nov 28 '18 at 8:47





Hi @JEY. I pasted all my configuration.

– exces
Nov 28 '18 at 8:47












1 Answer
1






active

oldest

votes


















0














I admit not beeing too clever, but what about putting 



.logout().logoutSuccessUrl("http://localhost:8000/oa/logout").permitAll();


instead of 



.logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();


in SecurityConfig of client app? Any drawback?






share|improve this answer
























  • I tried this. Actually it logout my client1, but client2 is still logged in. :(

    – exces
    Dec 6 '18 at 1:57











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53476408%2fsecurity-oauth2-single-sign-off%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














I admit not beeing too clever, but what about putting 



.logout().logoutSuccessUrl("http://localhost:8000/oa/logout").permitAll();


instead of 



.logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();


in SecurityConfig of client app? Any drawback?






share|improve this answer
























  • I tried this. Actually it logout my client1, but client2 is still logged in. :(

    – exces
    Dec 6 '18 at 1:57
















0














I admit not beeing too clever, but what about putting 



.logout().logoutSuccessUrl("http://localhost:8000/oa/logout").permitAll();


instead of 



.logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();


in SecurityConfig of client app? Any drawback?






share|improve this answer
























  • I tried this. Actually it logout my client1, but client2 is still logged in. :(

    – exces
    Dec 6 '18 at 1:57














0












0








0







I admit not beeing too clever, but what about putting 



.logout().logoutSuccessUrl("http://localhost:8000/oa/logout").permitAll();


instead of 



.logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();


in SecurityConfig of client app? Any drawback?






share|improve this answer













I admit not beeing too clever, but what about putting 



.logout().logoutSuccessUrl("http://localhost:8000/oa/logout").permitAll();


instead of 



.logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();


in SecurityConfig of client app? Any drawback?







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 4 '18 at 22:26









user2329441user2329441

33




33













  • I tried this. Actually it logout my client1, but client2 is still logged in. :(

    – exces
    Dec 6 '18 at 1:57



















  • I tried this. Actually it logout my client1, but client2 is still logged in. :(

    – exces
    Dec 6 '18 at 1:57

















I tried this. Actually it logout my client1, but client2 is still logged in. :(

– exces
Dec 6 '18 at 1:57





I tried this. Actually it logout my client1, but client2 is still logged in. :(

– exces
Dec 6 '18 at 1:57




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53476408%2fsecurity-oauth2-single-sign-off%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Create new schema in PostgreSQL using DBeaver

Image
0 At the beginning of my current job I had limited access to DB but recently my role is changed to superuser, admin, and owner. My colleague who was the previous DB admin is able to create a schema or change the permissions as there is a permission tab in the properties and he can change permissions by clicking easily. Would you please let me know how I can create schema and change permissions as well? Why his dbeaver looks different from me? He can easily right click on the schema folder on top of all schemas on the left side column and select create new schema while I do not have that, like the following picture I found on the internet. postgresql database-schema dbeaver share | improve this question
Read more

Deepest pit of an array with Javascript: test on Codility

Image
0 $begingroup$ This is the question from a Codility test, as a task in an interview: DeepestPit - problem description A non-empty zero-indexed array A consisting of N integers is given. A pit in this array is any triplet of integers (P, Q, R) such that: ·         0 ≤ P < Q < R < N; ·         sequence [A[P], A[P+1], ..., A[Q]] is strictly decreasing, i.e. A[P] > A[P+1] > ... > A[Q]; ·         sequence A[Q], A[Q+1], ..., A[R] is strictly increasing, i.e. A[Q] < A[Q+1] < ... < A[R]. The depth of a pit (P, Q, R) is the number min {A[P] − A[Q], A[R] − A[Q]}. For example, consider array A consisting of 10 elements such that: A[0] = 0 A[1] = 1 A[2] = 3 A[3] = -2 A[4] = 0 A[5] = 1 A[6] = 0 A[7] = -3 A[8] = 2 A[9] = 3 Triplet (2, 3, 4) is
Read more

Costa Masnaga

Image
.mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento Lombardia non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Segui i suggerimenti del progetto di riferimento. Costa Masnaga comune Localizzazione Stato   Italia Regione Lombardia Provincia Lecco Amministrazione Sindaco Sabina Panzeri (Al centro il cittadino) dall'08/06/2009 Territorio Coordinate 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Coordinate: 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Altitudine 318 m s.l.m
Read more