Spring-security-3浏览器后退按钮问题
我只是想学习春季安全3。运行SpringSecurity示例时,“后退”按钮将我带到上一页。我想阻止这一切。我只是尝试使用spring安全性来实现这一点。但它没有得到解决,请帮助。这是我的代码 安全文件Spring-security-3浏览器后退按钮问题,spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,我只是想学习春季安全3。运行SpringSecurity示例时,“后退”按钮将我带到上一页。我想阻止这一切。我只是尝试使用spring安全性来实现这一点。但它没有得到解决,请帮助。这是我的代码 安全文件 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XML
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<mvc:annotation-driven />
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**/*" />
<bean id="webContentInterceptor"
class="org.springframework.web.servlet.mvc.WebContentInterceptor">
<property name="cacheSeconds" value="0" />
<property name="useExpiresHeader" value="true" />
<property name="useCacheControlHeader" value="true" />
<property name="useCacheControlNoStore" value="true" />
</bean>
</mvc:interceptor>
</mvc:interceptors>
<security:user-service id="userServiceDAO">
<security:user name="mukesh" authorities="ROLE_USER"
password="password" />
</security:user-service>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="userServiceDAO" />
</security:authentication-manager>
<security:http auto-config="false">
<security:form-login login-page="/login"
login-processing-url="/secure/sayHello" username-parameter="_username"
password-parameter="_password" authentication-failure-url="/error"
default-target-url="/secure/defaultTarget" />
<security:intercept-url pattern="/login"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/secure/**"
access="ROLE_USER" />
<security:logout logout-url="/logout" />
</security:http>
</beans>
login.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Login</title>
</head>
<body>
<h2>Please Login</h2>
<c:url value="secure/sayHello" var="loginURL" />
<form action="${loginURL}" method="post">
<label for="username">User Name</label> <input
type="text" size="30" name="_username" id="username"><br /></br> <label
for="password">Password</label> <input
type="password" size="30" name="_password" id="password"><br /></br> <input
type="submit" value="Submit">
</form>
</body>
</html>
登录
请登录
用户名
密码
success.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>success</title>
</head>
<body>
<h2>I got success</h2>
</body>
</html>
成功
我成功了
error.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Error page</title>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
</head>
<body>
<h2>Invalid use name Or password</h2>
<c:url value="secure/sayHello" var="loginURL" />
<form action="${loginURL}" method="post">
<label for="username">User Name</label> <input
type="text" size="30" name="_username" id="username"><br /></br>
<label for="password">Password</label> <input
type="password" size="30" name="_password" id="password"><br /></br>
<input type="submit" value="Submit">
</form>
</body>
</html>
错误页
无效的用户名或密码
用户名
密码
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/configuration/CustomSecurity.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>FrontController</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/configuration/FrontController-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>FrontController</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
Web应用程序创建的原型
上下文配置位置
/WEB-INF/configuration/CustomSecurity.xml
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
前线控制员
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
/WEB-INF/configuration/FrontController-servlet.xml
1.
前线控制员
/
org.springframework.web.context.ContextLoaderListener
请为我提供纠正此问题的解决方案。请提前感谢让Spring Security设置一组默认的安全相关头:
<security:http auto-config="false">
<security:headers />
<!-- other stuff ... -->
</security:http>
请注意,这实际上不会阻止用户返回上一页,但会告诉浏览器不要缓存它。您的
标记应该位于FrontController servlet.xml
文件中,旁边是您应该删除的
标记。您的登录/错误页面不需要控制器,Spring Security会为您处理它,以便您可以删除它并相应地修改您的配置。@Deinum这不起作用,当我试图删除“”时,xml解析错误为“”thrown@Denium因为你的回答没有解决问题,但它给了我一个纠正问题的宝贵提示我的问题已经解决了。请将解决方案添加到您的问题(或作为答案)中,以供其他人使用。@Denium提示是,我需要将所有与安全相关的内容放在父上下文中。我将这些内容放在父上下文中,这些内容开始工作
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/configuration/CustomSecurity.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>FrontController</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/configuration/FrontController-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>FrontController</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
<security:http auto-config="false">
<security:headers />
<!-- other stuff ... -->
</security:http>