当我删除当前登录的用户(本身)谁可以从Java代码触发/ oauth / logout?
从REST控制器调用此服务方法:
public ServiceResponse<?> deleteYourself(Principal principal) {
ServiceResponse<?> serviceResponse = new ServiceResponse<>(ResponseStatus.SYSTEM_UNAVAILABLE);
try {
String username = principal.getName();
User user = userPersistenceService.getByUsername(username);
if (user != null) {
userPersistenceService.delete(user.getId());
serviceResponse.setStatus(ResponseStatus.SUCCESS);
//TODO: trigger logout HERE
} else {
serviceResponse.setStatus(ResponseStatus.ACCOUNT_NOT_FOUND);
}
} catch (Exception e) {
serviceResponse.setStatus(ResponseStatus.SYSTEM_INTERNAL_ERROR);
}
return serviceResponse;
}
事情是,即使我从DB中删除了我的帐户,它仍然可以在Spring内存中使用,我可以使用相同的令牌来访问资源。