Spring-security-3瀏覽器後退按鈕問題

我只是想學習Spring安全3.在運行Spring安全示例時，後退按鈕將我帶到上一頁。我想阻止這一點。我只是嘗試這樣做，用春天security.but它沒有解決，請help.Here是我的代碼Spring-security-3瀏覽器後退按鈕問題

安全文件

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:mvc="http://www.springframework.org/schema/mvc" 
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd 
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> 

    <mvc:annotation-driven /> 
    <mvc:interceptors> 
     <mvc:interceptor> 
      <mvc:mapping path="/**/*" /> 
      <bean id="webContentInterceptor" 
       class="org.springframework.web.servlet.mvc.WebContentInterceptor"> 
       <property name="cacheSeconds" value="0" /> 
       <property name="useExpiresHeader" value="true" /> 
       <property name="useCacheControlHeader" value="true" /> 
       <property name="useCacheControlNoStore" value="true" /> 
      </bean> 
     </mvc:interceptor> 
    </mvc:interceptors> 
    <security:user-service id="userServiceDAO"> 
     <security:user name="mukesh" authorities="ROLE_USER" 
      password="password" /> 
    </security:user-service> 
    <security:authentication-manager> 
     <security:authentication-provider 
      user-service-ref="userServiceDAO" /> 
    </security:authentication-manager> 
    <security:http auto-config="false"> 
     <security:form-login login-page="/login" 
      login-processing-url="/secure/sayHello" username-parameter="_username" 
      password-parameter="_password" authentication-failure-url="/error" 
      default-target-url="/secure/defaultTarget" /> 
     <security:intercept-url pattern="/login" 
      access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
     <security:intercept-url pattern="/secure/**" 
      access="ROLE_USER" /> 
     <security:logout logout-url="/logout" /> 
    </security:http> 
</beans>

FrontController-servlet.xml中

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" 
    xmlns:c="http://www.springframework.org/schema/c" xmlns:mvc="http://www.springframework.org/schema/mvc" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd 
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd"> 

    <mvc:annotation-driven /> 
    <context:component-scan base-package="sample.security" /> 
    <bean id="viewResolver" 
     class="org.springframework.web.servlet.view.InternalResourceViewResolver" 
     p:prefix="/WEB-INF/views/" p:suffix=".jsp"> 
    </bean> 
</beans>

MVC-控制器

package sample.security.controller; 


import org.springframework.stereotype.Controller; 
import org.springframework.web.bind.annotation.RequestBody; 
import org.springframework.web.bind.annotation.RequestMapping; 
import org.springframework.web.bind.annotation.RequestMethod; 

@Controller 
public class SecureLoginController { 

    @RequestMapping(value = {"/","/login"}, method = RequestMethod.GET) 
    public String secureLogin() { 
    return "login"; 
    } 
    @RequestMapping(value = "/secure/defaultTarget", method = RequestMethod.GET) 
    public String goToIndexPage(@RequestBody String body) { 
     System.out.println("Request body is :"+ body); 
     return "success"; 
    } 
    @RequestMapping(value = {"/error"}, method = RequestMethod.GET) 
    public String goToAgainLogin() { 
     return "error"; 
    } 

}

的login.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" 
    pageEncoding="ISO-8859-1"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<!DOCTYPE html> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 
<title>Login</title> 
</head> 
<body> 
    <h2>Please Login</h2> 
    <c:url value="secure/sayHello" var="loginURL" /> 
    <form action="${loginURL}" method="post"> 
     <label for="username">User Name</label>&nbsp;&nbsp;&nbsp;<input 
      type="text" size="30" name="_username" id="username"><br /></br> <label 
      for="password">Password</label>&nbsp;&nbsp;&nbsp;<input 
      type="password" size="30" name="_password" id="password"><br /></br> <input 
      type="submit" value="Submit"> 
    </form> 
</body> 
</html>

的success.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" 
    pageEncoding="ISO-8859-1"%> 
<!DOCTYPE html> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 
<title>success</title> 
</head> 
<body> 
<h2>I got success</h2> 
</body> 
</html>

error.jsp文件

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" 
    pageEncoding="ISO-8859-1"%> 
<!DOCTYPE html> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 
<title>Error page</title> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
</head> 
<body> 
    <h2>Invalid use name Or password</h2> 
    <c:url value="secure/sayHello" var="loginURL" /> 
    <form action="${loginURL}" method="post"> 
     <label for="username">User Name</label>&nbsp;&nbsp;&nbsp;<input 
      type="text" size="30" name="_username" id="username"><br /></br> 
     <label for="password">Password</label>&nbsp;&nbsp;&nbsp;<input 
      type="password" size="30" name="_password" id="password"><br /></br> 
     <input type="submit" value="Submit"> 
    </form> 
</body> 
</html>

的web.xml

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
    version="3.0"> 
    <display-name>Archetype Created Web Application</display-name> 
    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value> 
    /WEB-INF/configuration/CustomSecurity.xml 
    </param-value> 
    </context-param> 
    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 
    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 
    <servlet> 
     <servlet-name>FrontController</servlet-name> 
     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
     <init-param> 
      <param-name>contextConfigLocation</param-name> 
      <param-value>/WEB-INF/configuration/FrontController-servlet.xml</param-value> 
     </init-param> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
     <servlet-name>FrontController</servlet-name> 
     <url-pattern>/</url-pattern> 
    </servlet-mapping> 
    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 
</web-app>

請提供我一個解決方案提前

糾正這個issue.Thanks

來源

2014-05-19 Mukesh Kumar Saini

您的''標籤應該位於'FrontController-servlet.xml'文件中，旁邊應該刪除''標籤。您的登錄/錯誤頁面不需要控制器Spring Security會爲您提供幫助，因此您可以刪除它並相應地修改您的配置。 –

@Deinum這不起作用，當我試圖刪除''引發xml解析錯誤 –

@Denium由於你的答案沒有解決問題，但它給了我一個有價值的提示，以糾正這個問題並且我的問題已得到解決 –

讓Spring安全設置安全相關的頭的默認設置：

<security:http auto-config="false"> 
    <security:headers /> 
    <!-- other stuff ... --> 
</security:http>

注意，這實際上將不會停止用戶回到前一頁面，但瀏覽器會被告知不要緩存它。

來源

2014-05-19 15:38:28 holmis83

Spring-security-3瀏覽器後退按鈕問題

回答

相關問題