Security OAuth2 Single Sign Off












0















I have two clients (client1, client2) and an OAuth (authorization, resource).



I want to logout from one of clients and the other will be logout. I have tried this spring-boot-oauth2-single-sign-off-logout but this only logout my client1 and client2 is still logged in!



Then I try to revoke my tokens while I use this code below:



String username = principal.getName();

Collection<OAuth2AccessToken> accessTokens = tokenStore.findTokensByClientIdAndUserName("client1", username);

accessTokens.forEach(a -> tokenServices.revokeToken(a.getValue()));


This code did not work, even the client1 is still logged in! While I see my redis is empty and there is no token already, but my client1 is still logged in! How that possible?



===========================================================================
Here is my configuration:



Client - application.yml:



server:

  port: 8081

  servlet:

    context-path: /clt1



spring:

  application:

    name: client1



  thymeleaf: 

    cache: false



security:

  oauth2:

    client:

      client-id: client1 

      client-secret: secret1

      userAuthorizationUri: http://localhost:8000/oa/oauth/authorize

      access-token-uri: http://localhost:8000/oa/oauth/token

      scope: read, write

      #pre-established-redirect-uri: http://localhost:8081/clt1/callback 

      #registered-redirect-uri: http://localhost:8081/clt1/callback

      #use-current-uri: false 

    resource:

      user-info-uri: http://localhost:8000/oa/user 

      #jwt:

      #  key-uri: http://localhost:8000/oa/oauth/token_key 



logging:

  level:

    root: info


Client - SecurityConfig:



@Configuration

@EnableOAuth2Sso

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {



        http

            .csrf().disable()

            .antMatcher("/**")

            .authorizeRequests()

            .antMatchers().permitAll()

            .anyRequest().authenticated()

            .and()

            .logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();

    }



}


Oauth - application.yml:



server:

  port: 8000

  servlet:

    context-path: /oa



spring:

  application:

    name: security



  redis:

    host: 127.0.0.1

    port: 6379



  thymeleaf: 

    cache: false



logging:

  level:

    root: info


Oauth - AuthorizationConfig:



@Configuration

@EnableAuthorizationServer

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {



    @Autowired

    private TokenStore tokenStore;



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients

            .inMemory()

            .withClient("client1")

            .secret(passwordEncoder.encode("secret1"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8081/clt1/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true)

            .and()

            .withClient("client2")

            .secret(passwordEncoder.encode("secret2"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8082/clt2/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true);

    }



    @Override

    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.tokenStore(tokenStore);

    }



}


Oauth - ResourceConfig:



@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {



    @Override

    public void configure(HttpSecurity http) throws Exception {

        http

            .antMatcher("/**")

            .authorizeRequests().anyRequest().authenticated();

    }



}


Oauth - SecurityConfig:



@Configuration

@EnableWebSecurity

@Order(1)//SecurityConfig >> ResourceConfig

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Autowired

    private CustomUserDetailsService customUserDetailsService;



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

            .csrf().disable()

            .requestMatchers()

            .antMatchers("/loginPage", "/login**", "/registerPage", "/register", "/oauth/authorize", "/revokeClient")

            .and()

            .authorizeRequests()

            .antMatchers("/registerPage", "/register").permitAll()

            .anyRequest()

            .authenticated()

            .and()

            .formLogin().loginPage("/loginPage").loginProcessingUrl("/login").permitAll();



    }



    @Override

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);

    }



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/css/**", "/docs/**", "/fonts/**", "/img/**", "/js/**", "/plugins/**");

    }



}


Oauth - Application:



@SpringBootApplication

@Configuration

public class SsoDemoOauthApplication {



    @Bean

    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();

    }



    @Autowired

    private RedisConnectionFactory connectionFactory;



    @Bean

    public TokenStore tokenStore() {

        return new RedisTokenStore(connectionFactory);

    }



    public static void main(String args) {

        SpringApplication.run(SsoDemoOauthApplication.class, args);

    }



}





java spring-boot redis token spring-security-oauth2







share|improve this question

























  • what kind of token are you using ?

    – JEY
    Nov 26 '18 at 9:22











  • I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

    – exces
    Nov 27 '18 at 1:38













  • Could you provide your spring configuration ?

    – JEY
    Nov 27 '18 at 8:33











  • Hi @JEY. I pasted all my configuration.

    – exces
    Nov 28 '18 at 8:47
















0















I have two clients (client1, client2) and an OAuth (authorization, resource).



I want to logout from one of clients and the other will be logout. I have tried this spring-boot-oauth2-single-sign-off-logout but this only logout my client1 and client2 is still logged in!



Then I try to revoke my tokens while I use this code below:



String username = principal.getName();

Collection<OAuth2AccessToken> accessTokens = tokenStore.findTokensByClientIdAndUserName("client1", username);

accessTokens.forEach(a -> tokenServices.revokeToken(a.getValue()));


This code did not work, even the client1 is still logged in! While I see my redis is empty and there is no token already, but my client1 is still logged in! How that possible?



===========================================================================
Here is my configuration:



Client - application.yml:



server:

  port: 8081

  servlet:

    context-path: /clt1



spring:

  application:

    name: client1



  thymeleaf: 

    cache: false



security:

  oauth2:

    client:

      client-id: client1 

      client-secret: secret1

      userAuthorizationUri: http://localhost:8000/oa/oauth/authorize

      access-token-uri: http://localhost:8000/oa/oauth/token

      scope: read, write

      #pre-established-redirect-uri: http://localhost:8081/clt1/callback 

      #registered-redirect-uri: http://localhost:8081/clt1/callback

      #use-current-uri: false 

    resource:

      user-info-uri: http://localhost:8000/oa/user 

      #jwt:

      #  key-uri: http://localhost:8000/oa/oauth/token_key 



logging:

  level:

    root: info


Client - SecurityConfig:



@Configuration

@EnableOAuth2Sso

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {



        http

            .csrf().disable()

            .antMatcher("/**")

            .authorizeRequests()

            .antMatchers().permitAll()

            .anyRequest().authenticated()

            .and()

            .logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();

    }



}


Oauth - application.yml:



server:

  port: 8000

  servlet:

    context-path: /oa



spring:

  application:

    name: security



  redis:

    host: 127.0.0.1

    port: 6379



  thymeleaf: 

    cache: false



logging:

  level:

    root: info


Oauth - AuthorizationConfig:



@Configuration

@EnableAuthorizationServer

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {



    @Autowired

    private TokenStore tokenStore;



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients

            .inMemory()

            .withClient("client1")

            .secret(passwordEncoder.encode("secret1"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8081/clt1/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true)

            .and()

            .withClient("client2")

            .secret(passwordEncoder.encode("secret2"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8082/clt2/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true);

    }



    @Override

    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.tokenStore(tokenStore);

    }



}


Oauth - ResourceConfig:



@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {



    @Override

    public void configure(HttpSecurity http) throws Exception {

        http

            .antMatcher("/**")

            .authorizeRequests().anyRequest().authenticated();

    }



}


Oauth - SecurityConfig:



@Configuration

@EnableWebSecurity

@Order(1)//SecurityConfig >> ResourceConfig

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Autowired

    private CustomUserDetailsService customUserDetailsService;



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

            .csrf().disable()

            .requestMatchers()

            .antMatchers("/loginPage", "/login**", "/registerPage", "/register", "/oauth/authorize", "/revokeClient")

            .and()

            .authorizeRequests()

            .antMatchers("/registerPage", "/register").permitAll()

            .anyRequest()

            .authenticated()

            .and()

            .formLogin().loginPage("/loginPage").loginProcessingUrl("/login").permitAll();



    }



    @Override

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);

    }



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/css/**", "/docs/**", "/fonts/**", "/img/**", "/js/**", "/plugins/**");

    }



}


Oauth - Application:



@SpringBootApplication

@Configuration

public class SsoDemoOauthApplication {



    @Bean

    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();

    }



    @Autowired

    private RedisConnectionFactory connectionFactory;



    @Bean

    public TokenStore tokenStore() {

        return new RedisTokenStore(connectionFactory);

    }



    public static void main(String args) {

        SpringApplication.run(SsoDemoOauthApplication.class, args);

    }



}





java spring-boot redis token spring-security-oauth2







share|improve this question

























  • what kind of token are you using ?

    – JEY
    Nov 26 '18 at 9:22











  • I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

    – exces
    Nov 27 '18 at 1:38













  • Could you provide your spring configuration ?

    – JEY
    Nov 27 '18 at 8:33











  • Hi @JEY. I pasted all my configuration.

    – exces
    Nov 28 '18 at 8:47














0












0








0








I have two clients (client1, client2) and an OAuth (authorization, resource).



I want to logout from one of clients and the other will be logout. I have tried this spring-boot-oauth2-single-sign-off-logout but this only logout my client1 and client2 is still logged in!



Then I try to revoke my tokens while I use this code below:



String username = principal.getName();

Collection<OAuth2AccessToken> accessTokens = tokenStore.findTokensByClientIdAndUserName("client1", username);

accessTokens.forEach(a -> tokenServices.revokeToken(a.getValue()));


This code did not work, even the client1 is still logged in! While I see my redis is empty and there is no token already, but my client1 is still logged in! How that possible?



===========================================================================
Here is my configuration:



Client - application.yml:



server:

  port: 8081

  servlet:

    context-path: /clt1



spring:

  application:

    name: client1



  thymeleaf: 

    cache: false



security:

  oauth2:

    client:

      client-id: client1 

      client-secret: secret1

      userAuthorizationUri: http://localhost:8000/oa/oauth/authorize

      access-token-uri: http://localhost:8000/oa/oauth/token

      scope: read, write

      #pre-established-redirect-uri: http://localhost:8081/clt1/callback 

      #registered-redirect-uri: http://localhost:8081/clt1/callback

      #use-current-uri: false 

    resource:

      user-info-uri: http://localhost:8000/oa/user 

      #jwt:

      #  key-uri: http://localhost:8000/oa/oauth/token_key 



logging:

  level:

    root: info


Client - SecurityConfig:



@Configuration

@EnableOAuth2Sso

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {



        http

            .csrf().disable()

            .antMatcher("/**")

            .authorizeRequests()

            .antMatchers().permitAll()

            .anyRequest().authenticated()

            .and()

            .logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();

    }



}


Oauth - application.yml:



server:

  port: 8000

  servlet:

    context-path: /oa



spring:

  application:

    name: security



  redis:

    host: 127.0.0.1

    port: 6379



  thymeleaf: 

    cache: false



logging:

  level:

    root: info


Oauth - AuthorizationConfig:



@Configuration

@EnableAuthorizationServer

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {



    @Autowired

    private TokenStore tokenStore;



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients

            .inMemory()

            .withClient("client1")

            .secret(passwordEncoder.encode("secret1"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8081/clt1/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true)

            .and()

            .withClient("client2")

            .secret(passwordEncoder.encode("secret2"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8082/clt2/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true);

    }



    @Override

    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.tokenStore(tokenStore);

    }



}


Oauth - ResourceConfig:



@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {



    @Override

    public void configure(HttpSecurity http) throws Exception {

        http

            .antMatcher("/**")

            .authorizeRequests().anyRequest().authenticated();

    }



}


Oauth - SecurityConfig:



@Configuration

@EnableWebSecurity

@Order(1)//SecurityConfig >> ResourceConfig

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Autowired

    private CustomUserDetailsService customUserDetailsService;



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

            .csrf().disable()

            .requestMatchers()

            .antMatchers("/loginPage", "/login**", "/registerPage", "/register", "/oauth/authorize", "/revokeClient")

            .and()

            .authorizeRequests()

            .antMatchers("/registerPage", "/register").permitAll()

            .anyRequest()

            .authenticated()

            .and()

            .formLogin().loginPage("/loginPage").loginProcessingUrl("/login").permitAll();



    }



    @Override

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);

    }



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/css/**", "/docs/**", "/fonts/**", "/img/**", "/js/**", "/plugins/**");

    }



}


Oauth - Application:



@SpringBootApplication

@Configuration

public class SsoDemoOauthApplication {



    @Bean

    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();

    }



    @Autowired

    private RedisConnectionFactory connectionFactory;



    @Bean

    public TokenStore tokenStore() {

        return new RedisTokenStore(connectionFactory);

    }



    public static void main(String args) {

        SpringApplication.run(SsoDemoOauthApplication.class, args);

    }



}





java spring-boot redis token spring-security-oauth2







share|improve this question
















I have two clients (client1, client2) and an OAuth (authorization, resource).



I want to logout from one of clients and the other will be logout. I have tried this spring-boot-oauth2-single-sign-off-logout but this only logout my client1 and client2 is still logged in!



Then I try to revoke my tokens while I use this code below:



String username = principal.getName();

Collection<OAuth2AccessToken> accessTokens = tokenStore.findTokensByClientIdAndUserName("client1", username);

accessTokens.forEach(a -> tokenServices.revokeToken(a.getValue()));


This code did not work, even the client1 is still logged in! While I see my redis is empty and there is no token already, but my client1 is still logged in! How that possible?



===========================================================================
Here is my configuration:



Client - application.yml:



server:

  port: 8081

  servlet:

    context-path: /clt1



spring:

  application:

    name: client1



  thymeleaf: 

    cache: false



security:

  oauth2:

    client:

      client-id: client1 

      client-secret: secret1

      userAuthorizationUri: http://localhost:8000/oa/oauth/authorize

      access-token-uri: http://localhost:8000/oa/oauth/token

      scope: read, write

      #pre-established-redirect-uri: http://localhost:8081/clt1/callback 

      #registered-redirect-uri: http://localhost:8081/clt1/callback

      #use-current-uri: false 

    resource:

      user-info-uri: http://localhost:8000/oa/user 

      #jwt:

      #  key-uri: http://localhost:8000/oa/oauth/token_key 



logging:

  level:

    root: info


Client - SecurityConfig:



@Configuration

@EnableOAuth2Sso

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {



        http

            .csrf().disable()

            .antMatcher("/**")

            .authorizeRequests()

            .antMatchers().permitAll()

            .anyRequest().authenticated()

            .and()

            .logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();

    }



}


Oauth - application.yml:



server:

  port: 8000

  servlet:

    context-path: /oa



spring:

  application:

    name: security



  redis:

    host: 127.0.0.1

    port: 6379



  thymeleaf: 

    cache: false



logging:

  level:

    root: info


Oauth - AuthorizationConfig:



@Configuration

@EnableAuthorizationServer

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {



    @Autowired

    private TokenStore tokenStore;



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Override

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients

            .inMemory()

            .withClient("client1")

            .secret(passwordEncoder.encode("secret1"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8081/clt1/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true)

            .and()

            .withClient("client2")

            .secret(passwordEncoder.encode("secret2"))

            .scopes("read", "write")

            .redirectUris("http://localhost:8082/clt2/login")

            .authorizedGrantTypes("authorization_code", "refresh_token")

            .autoApprove(true);

    }



    @Override

    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.tokenStore(tokenStore);

    }



}


Oauth - ResourceConfig:



@Configuration

@EnableResourceServer

public class ResourceServerConfig extends ResourceServerConfigurerAdapter {



    @Override

    public void configure(HttpSecurity http) throws Exception {

        http

            .antMatcher("/**")

            .authorizeRequests().anyRequest().authenticated();

    }



}


Oauth - SecurityConfig:



@Configuration

@EnableWebSecurity

@Order(1)//SecurityConfig >> ResourceConfig

public class SecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired

    private PasswordEncoder passwordEncoder;



    @Autowired

    private CustomUserDetailsService customUserDetailsService;



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

            .csrf().disable()

            .requestMatchers()

            .antMatchers("/loginPage", "/login**", "/registerPage", "/register", "/oauth/authorize", "/revokeClient")

            .and()

            .authorizeRequests()

            .antMatchers("/registerPage", "/register").permitAll()

            .anyRequest()

            .authenticated()

            .and()

            .formLogin().loginPage("/loginPage").loginProcessingUrl("/login").permitAll();



    }



    @Override

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);

    }



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/css/**", "/docs/**", "/fonts/**", "/img/**", "/js/**", "/plugins/**");

    }



}


Oauth - Application:



@SpringBootApplication

@Configuration

public class SsoDemoOauthApplication {



    @Bean

    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();

    }



    @Autowired

    private RedisConnectionFactory connectionFactory;



    @Bean

    public TokenStore tokenStore() {

        return new RedisTokenStore(connectionFactory);

    }



    public static void main(String args) {

        SpringApplication.run(SsoDemoOauthApplication.class, args);

    }



}





java spring-boot redis token spring-security-oauth2




java spring-boot redis token spring-security-oauth2






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 28 '18 at 8:45







exces

















asked Nov 26 '18 at 7:25









excesexces

11




11













  • what kind of token are you using ?

    – JEY
    Nov 26 '18 at 9:22











  • I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

    – exces
    Nov 27 '18 at 1:38













  • Could you provide your spring configuration ?

    – JEY
    Nov 27 '18 at 8:33











  • Hi @JEY. I pasted all my configuration.

    – exces
    Nov 28 '18 at 8:47



















  • what kind of token are you using ?

    – JEY
    Nov 26 '18 at 9:22











  • I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

    – exces
    Nov 27 '18 at 1:38













  • Could you provide your spring configuration ?

    – JEY
    Nov 27 '18 at 8:33











  • Hi @JEY. I pasted all my configuration.

    – exces
    Nov 28 '18 at 8:47

















what kind of token are you using ?

– JEY
Nov 26 '18 at 9:22





what kind of token are you using ?

– JEY
Nov 26 '18 at 9:22













I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

– exces
Nov 27 '18 at 1:38







I'm using redis tokenstore. And I have tried jwt but it dose not work too.@JEY

– exces
Nov 27 '18 at 1:38















Could you provide your spring configuration ?

– JEY
Nov 27 '18 at 8:33





Could you provide your spring configuration ?

– JEY
Nov 27 '18 at 8:33













Hi @JEY. I pasted all my configuration.

– exces
Nov 28 '18 at 8:47





Hi @JEY. I pasted all my configuration.

– exces
Nov 28 '18 at 8:47












1 Answer
1






active

oldest

votes


















0














I admit not beeing too clever, but what about putting 



.logout().logoutSuccessUrl("http://localhost:8000/oa/logout").permitAll();


instead of 



.logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();


in SecurityConfig of client app? Any drawback?






share|improve this answer
























  • I tried this. Actually it logout my client1, but client2 is still logged in. :(

    – exces
    Dec 6 '18 at 1:57











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53476408%2fsecurity-oauth2-single-sign-off%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














I admit not beeing too clever, but what about putting 



.logout().logoutSuccessUrl("http://localhost:8000/oa/logout").permitAll();


instead of 



.logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();


in SecurityConfig of client app? Any drawback?






share|improve this answer
























  • I tried this. Actually it logout my client1, but client2 is still logged in. :(

    – exces
    Dec 6 '18 at 1:57
















0














I admit not beeing too clever, but what about putting 



.logout().logoutSuccessUrl("http://localhost:8000/oa/logout").permitAll();


instead of 



.logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();


in SecurityConfig of client app? Any drawback?






share|improve this answer
























  • I tried this. Actually it logout my client1, but client2 is still logged in. :(

    – exces
    Dec 6 '18 at 1:57














0












0








0







I admit not beeing too clever, but what about putting 



.logout().logoutSuccessUrl("http://localhost:8000/oa/logout").permitAll();


instead of 



.logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();


in SecurityConfig of client app? Any drawback?






share|improve this answer













I admit not beeing too clever, but what about putting 



.logout().logoutSuccessUrl("http://localhost:8000/oa/logout").permitAll();


instead of 



.logout().logoutSuccessUrl("http://localhost:8000/oa/revokeClient").permitAll();


in SecurityConfig of client app? Any drawback?







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 4 '18 at 22:26









user2329441user2329441

33




33













  • I tried this. Actually it logout my client1, but client2 is still logged in. :(

    – exces
    Dec 6 '18 at 1:57



















  • I tried this. Actually it logout my client1, but client2 is still logged in. :(

    – exces
    Dec 6 '18 at 1:57

















I tried this. Actually it logout my client1, but client2 is still logged in. :(

– exces
Dec 6 '18 at 1:57





I tried this. Actually it logout my client1, but client2 is still logged in. :(

– exces
Dec 6 '18 at 1:57




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53476408%2fsecurity-oauth2-single-sign-off%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Costa Masnaga

Image
.mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento Lombardia non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Segui i suggerimenti del progetto di riferimento. Costa Masnaga comune Localizzazione Stato   Italia Regione Lombardia Provincia Lecco Amministrazione Sindaco Sabina Panzeri (Al centro il cittadino) dall'08/06/2009 Territorio Coordinate 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Coordinate: 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Altitudine 318 m s.l.m...
Read more

Fotorealismo

Image
Guerrino Boatto, Venice's St. Barnaba Church and canal Il fotorealismo è un genere di pittura basato sull'uso di una o più fotografie dalle quali l'artista prende le informazioni necessarie da utilizzare poi nel processo della creazione dell'opera, in genere ad olio o ad acrilico, al fine di avere un aspetto finale il più simile possibile alla fotografia. Indice 1 Storia 2 Lista dei fotorealisti 3 Note 4 Voci correlate 5 Altri progetti Storia | Il fotorealismo è un movimento che nasce negli Stati Uniti d'America alla fine degli anni sessanta [1] sulla scia della Pop Art [2] [3] [4] , e insieme condividono il carattere reazionario verso la travolgente ascesa dei media, che alla metà del ventesimo secolo si trasforma in un fenomeno di massa talmente imponente da minacciare il valore dell'immagine nell'arte. [5] [6] Ne consegue così che, colto il gesto d'inizio che fu della Pop Art, i fotorealisti aprono ad un ...
Read more

Sidney Franklin

Image
Questa voce sull'argomento registi statunitensi è solo un abbozzo . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Sidney Franklin, foto di Carl Van Vechten Oscar alla memoria Irving G. Thalberg 1943 Sidney Franklin , all'anagrafe Sidney Arnold Franklin , (San Francisco, 21 marzo 1893 – Santa Monica, 18 maggio 1972), è stato un regista, produttore cinematografico e attore statunitense. Il 20 giugno 1963, si sposò con l'attrice australiana Enid Bennett. Il matrimonio durò fino alla morte dell'attrice, il 14 maggio 1969 [1] Indice 1 Filmografia 1.1 Regista 1.2 Aiuto regia (parziale) 1.3 Produttore 1.4 Attore (parziale) 2 Note 3 Altri progetti 4 Collegamenti esterni Filmografia | Regista | The Baby , co-regia Chester M. Franklin (1915) The Rivals , co-regia Chester M. Franklin (1915) Little Dick's First Case , co-regia Chester M. Franklin (1915) Her Filmland Hero , co-...
Read more