java退出清空session和subject

@RequestMapping("tologout") public String tologout(HttpServletRequest request){ Enumeration em = request.getSession().getAttributeNames(); while(em.hasMoreElements()){ request.getSession().removeAttribute(em.nextElement().toString()); } if(StringUtils.isEmpty(accessToken)||StringUtils.isEmpty(refreshToken)){ throw new BusinessException(BaseResponseCode.DATA_ERROR); } Subject subject = SecurityUtils.getSubject(); if(subject!=null){ subject.logout(); } String userId=JwtTokenUtil.getUserId(accessToken); /** * 把accessToken 加入黑名单 */ redisService.set(Constant.JWT_ACCESS_TOKEN_BLACKLIST+accessToken,userId,JwtTokenUtil.getRemainingTime(accessToken),TimeUnit.MILLISECONDS); /** * 把refreshToken 加入黑名单 */ redisService.set(Constant.JWT_REFRESH_IDENTIFICATION+refreshToken,userId,JwtTokenUtil.getRemainingTime(refreshToken),TimeUnit.MILLISECONDS); return "login"; }