!75 更新 nacos tomcat 版本 ， 优化 sso 退出功能

Merge pull request !75 from lengleng/dev

pig-auth/src/main/java/com/pig4cloud/pig/auth/config/WebSecurityConfigurer.java

@@ -17,6 +17,7 @@
 package com.pig4cloud.pig.auth.config;
 
 import com.pig4cloud.pig.common.security.handler.FormAuthenticationFailureHandler;
+import com.pig4cloud.pig.common.security.handler.SsoLogoutSuccessHandler;
 import lombok.SneakyThrows;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -29,6 +30,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 
 /**
  * @author lengleng
@@ -43,9 +45,10 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
 	@SneakyThrows
 	protected void configure(HttpSecurity http) {
 		http.formLogin().loginPage("/token/login").loginProcessingUrl("/token/form")
-				.failureHandler(authenticationFailureHandler()).and().authorizeRequests()
-				.antMatchers("/token/**", "/actuator/**", "/mobile/**").permitAll().anyRequest().authenticated().and()
-				.csrf().disable();
+				.failureHandler(authenticationFailureHandler()).and().logout()
+				.logoutSuccessHandler(logoutSuccessHandler()).deleteCookies("JSESSIONID").invalidateHttpSession(true)
+				.and().authorizeRequests().antMatchers("/token/**", "/actuator/**", "/mobile/**").permitAll()
+				.anyRequest().authenticated().and().csrf().disable();
 	}
 
 	@Override
@@ -65,6 +68,15 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
 		return new FormAuthenticationFailureHandler();
 	}
 
+	/**
+	 * 支持SSO 退出
+	 * @return LogoutSuccessHandler
+	 */
+	@Bean
+	public LogoutSuccessHandler logoutSuccessHandler() {
+		return new SsoLogoutSuccessHandler();
+	}
+
 	/**
 	 * https://spring.io/blog/2017/11/01/spring-security-5-0-0-rc1-released#password-storage-updated
 	 * Encoded password does not look like BCrypt

pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/handler/SsoLogoutSuccessHandler.java

@@ -0,0 +1,38 @@
+package com.pig4cloud.pig.common.security.handler;
+
+import cn.hutool.core.util.StrUtil;
+import org.springframework.http.HttpHeaders;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author lengleng
+ * @date 2020/10/6
+ * <p>
+ * sso 退出功能 ，根据客户端传入跳转
+ */
+public class SsoLogoutSuccessHandler implements LogoutSuccessHandler {
+
+	private static final String REDIRECT_URL = "redirect_url";
+
+	@Override
+	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+			throws IOException {
+
+		// 获取请求参数中是否包含 回调地址
+		String redirectUrl = request.getParameter(REDIRECT_URL);
+		if (StrUtil.isNotBlank(redirectUrl)) {
+			response.sendRedirect(redirectUrl);
+		}
+		else {
+			// 默认跳转referer 地址
+			String referer = request.getHeader(HttpHeaders.REFERER);
+			response.sendRedirect(referer);
+		}
+	}
+
+}

pig-register/pom.xml

@@ -35,7 +35,6 @@
 		<dependency>
 			<groupId>org.apache.tomcat.embed</groupId>
 			<artifactId>tomcat-embed-jasper</artifactId>
-			<version>7.0.59</version>
 		</dependency>
 		<dependency>
 			<groupId>com.pig4cloud.nacos</groupId>