How to revoke auth token in spring security?

java spring spring-security-oauth2
gstackoverflow picture gstackoverflow · Feb 24, 2014 · Viewed 19.1k times · Source

In logout controller I tryed to write a lot of combination of code. Now I have this:

final Authentication auth = SecurityContextHolder.getContext().getAuthentication();

if (auth != null) {
    new SecurityContextLogoutHandler().logout(request, response, auth);
}

SecurityContextHolder.getContext().setAuthentication(null);
auth.setAuthenticated(false);

But after provided code execution token still valid.

What do I wrong? How to revoke token eventually?

Answer

raonirenosto picture raonirenosto · May 15, 2014

The class you're looking for is DefaultServices, method revokeToken(String tokenValue).

Here an exemple of a controller that revokes token, and here the oauth2 configuration with the DefaultServices bean.

Related questions

Spring Security 5 : There is no PasswordEncoder mapped for the id "null"

I am migrating from Spring Boot 1.4.9 to Spring Boot 2.0 and also to Spring Security 5 and I am trying to do authenticate via OAuth 2. But I am getting this error: java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "…

Read More
How to get Spring Boot and OAuth2 example to use password grant credentials other than the default

I'm following the basic Spring Boot OAuth2 example from Dave Syer: https://github.com/dsyer/sparklr-boot/blob/master/src/main/java/demo/Application.java @Configuration @ComponentScan @EnableAutoConfiguration @RestController public class Application { public static void main(String[] args) { SpringApplication.run(Application.…

Read More
Spring security OAuth2 accept JSON

I am starting with Spring OAuth2. I would like to send the username and password to /oauth/token endpoint in POST body in application/json format. curl -X POST -H "Authorization: Basic YWNtZTphY21lc2VjcmV0" -H "Content-Type: application/json" -d …

Read More