如何使用spring security成功注销后解决后退按钮问题

Question

我在我的项目中使用：

• 的Maven
• 休眠
• JS​​F
• 弹簧
• Spring security

我成功注销，但是当我点击后退按钮时，它会显示我不喜欢的上一页。有什么建议可以解决这个问题吗？

我已经尝试了一些解决方案，但它们不起作用：

<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
    <property name="cacheSeconds" value="0" />
</bean>

或

<mvc:interceptors>
    <bean id="webContentInterceptor" class="org.springframework.web.servlet.mvc.WebContentInterceptor">
            <property name="cacheSeconds" value="0"/>
            <property name="useExpiresHeader" value="false"/>
            <property name="useCacheControlHeader" value="true"/>
            <property name="useCacheControlNoStore" value="true"/>
        </bean>     
    </mvc:interceptors>

我还找到了一个功能doFilter的解决方案，但我不知道我可以把它放在哪里。

这是我的身份验证码：

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans  http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security  http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<global-method-security pre-post-annotations="enabled" />
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/login.jsp" access="permitAll" />
    <intercept-url pattern="/ressources/**" access="permitAll" />
    <intercept-url pattern="/images/**" access="permitAll" />
    <intercept-url pattern="/pages/ajouterUser.xhtml" access="permitAll" />
    <intercept-url pattern="/pages/userListe.xhtml" access="permitAll" />
    <intercept-url pattern="/pages/index.xhtml" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" />

    <!-- access denied page -->
    <access-denied-handler error-page="/login" />

    <form-login 
        login-page="/login" 
        authentication-success-handler-ref="myAuthenticationSuccessHandler" 
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
    <logout logout-success-url="/login.jsp?logout"/>
    <!-- enable csrf protection -->

</http>
<beans:bean id="myAuthenticationSuccessHandler"
    class="inventory.security.MySimpleUrlAuthenticationSuccessHandler" />
<!-- Select users and user_roles from database -->

<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="userDetailsService"></beans:property>
</beans:bean>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
    <beans:property name="providers">
        <beans:list>
            <beans:ref local="daoAuthenticationProvider"/>
        </beans:list>
    </beans:property>
</beans:bean>

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="md5"></password-encoder>
    </authentication-provider>
</authentication-manager>

<beans:bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
    <beans:property name="exceptionMappings">
        <beans:props>    
        <beans:prop key="org.springframework.security.core.userdetails.UsernameNotFoundException">/login.action?error=1</beans:prop>
        </beans:props>  
    </beans:property>
</beans:bean>

Answer 1

将您的属性useExpiresHeader更改为true

unique