Spring-security-3浏览器后退按钮问题

时间:2014-05-19 06:33:52

标签: spring spring-mvc spring-security

我只是想学习Spring安全性3.在运行Spring安全性的示例时,后退按钮将我带到上一页。我想阻止这个。我只是尝试使用spring security来做到这一点。但它没有解决,请帮忙。这是我的代码

安全档案

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

    <mvc:annotation-driven />
    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**/*" />
            <bean id="webContentInterceptor"
                class="org.springframework.web.servlet.mvc.WebContentInterceptor">
                <property name="cacheSeconds" value="0" />
                <property name="useExpiresHeader" value="true" />
                <property name="useCacheControlHeader" value="true" />
                <property name="useCacheControlNoStore" value="true" />
            </bean>
        </mvc:interceptor>
    </mvc:interceptors>
    <security:user-service id="userServiceDAO">
        <security:user name="mukesh" authorities="ROLE_USER"
            password="password" />
    </security:user-service>
    <security:authentication-manager>
        <security:authentication-provider
            user-service-ref="userServiceDAO" />
    </security:authentication-manager>
    <security:http auto-config="false">
        <security:form-login login-page="/login"
            login-processing-url="/secure/sayHello" username-parameter="_username"
            password-parameter="_password" authentication-failure-url="/error"
            default-target-url="/secure/defaultTarget" />
        <security:intercept-url pattern="/login"
            access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/secure/**"
            access="ROLE_USER" />
        <security:logout logout-url="/logout" />
    </security:http>
</beans>

FrontController-servlet.xml中

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:c="http://www.springframework.org/schema/c" xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">

    <mvc:annotation-driven />
    <context:component-scan base-package="sample.security" />
    <bean id="viewResolver"
        class="org.springframework.web.servlet.view.InternalResourceViewResolver"
        p:prefix="/WEB-INF/views/" p:suffix=".jsp">
    </bean>
</beans>

MVC控制器

package sample.security.controller;


import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class SecureLoginController {

    @RequestMapping(value = {"/","/login"}, method = RequestMethod.GET)
    public String secureLogin() {
    return "login";
    }
    @RequestMapping(value = "/secure/defaultTarget", method = RequestMethod.GET)
    public String goToIndexPage(@RequestBody String body) {
        System.out.println("Request body is :"+ body);
        return "success";
    }
    @RequestMapping(value = {"/error"}, method = RequestMethod.GET)
    public String goToAgainLogin() {
        return "error";
    }

}

的login.jsp 

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Login</title>
</head>
<body>
    <h2>Please Login</h2>
    <c:url value="secure/sayHello" var="loginURL" />
    <form action="${loginURL}" method="post">
        <label for="username">User Name</label>&nbsp;&nbsp;&nbsp;<input
            type="text" size="30" name="_username" id="username"><br /></br> <label
            for="password">Password</label>&nbsp;&nbsp;&nbsp;<input
            type="password" size="30" name="_password" id="password"><br /></br> <input
            type="submit" value="Submit">
    </form>
</body>
</html>

的success.jsp 

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>success</title>
</head>
<body>
<h2>I got success</h2>
</body>
</html>

error.jsp文件

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Error page</title>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
</head>
<body>
    <h2>Invalid use name Or password</h2>
    <c:url value="secure/sayHello" var="loginURL" />
    <form action="${loginURL}" method="post">
        <label for="username">User Name</label>&nbsp;&nbsp;&nbsp;<input
            type="text" size="30" name="_username" id="username"><br /></br>
        <label for="password">Password</label>&nbsp;&nbsp;&nbsp;<input
            type="password" size="30" name="_password" id="password"><br /></br>
        <input type="submit" value="Submit">
    </form>
</body>
</html>

的web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
    <display-name>Archetype Created Web Application</display-name>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
    /WEB-INF/configuration/CustomSecurity.xml
    </param-value>
    </context-param>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <servlet>
        <servlet-name>FrontController</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/configuration/FrontController-servlet.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>FrontController</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
</web-app>

请给我一个解决方案来纠正这个问题。谢谢提前

1 个答案:

答案 0 :(得分:1)

让Spring Security设置一组默认的安全相关标头:

<security:http auto-config="false">
    <security:headers />
    <!-- other stuff ... -->
</security:http>

请注意,这实际上并不会阻止用户返回上一页,但会告知浏览器不要将其缓存。

相关问题
最新问题