Spring-security-3 browser back button issue -


i trying learn spring security 3. while running example of spring security button takes me previous page . want stop this. try using spring security.but not resolved,please help.here code

security file

<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans"     xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:security="http://www.springframework.org/schema/security"     xmlns:mvc="http://www.springframework.org/schema/mvc"     xsi:schemalocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">      <mvc:annotation-driven />     <mvc:interceptors>         <mvc:interceptor>             <mvc:mapping path="/**/*" />             <bean id="webcontentinterceptor"                 class="org.springframework.web.servlet.mvc.webcontentinterceptor">                 <property name="cacheseconds" value="0" />                 <property name="useexpiresheader" value="true" />                 <property name="usecachecontrolheader" value="true" />                 <property name="usecachecontrolnostore" value="true" />             </bean>         </mvc:interceptor>     </mvc:interceptors>     <security:user-service id="userservicedao">         <security:user name="mukesh" authorities="role_user"             password="password" />     </security:user-service>     <security:authentication-manager>         <security:authentication-provider             user-service-ref="userservicedao" />     </security:authentication-manager>     <security:http auto-config="false">         <security:form-login login-page="/login"             login-processing-url="/secure/sayhello" username-parameter="_username"             password-parameter="_password" authentication-failure-url="/error"             default-target-url="/secure/defaulttarget" />         <security:intercept-url pattern="/login"             access="is_authenticated_anonymously" />         <security:intercept-url pattern="/secure/**"             access="role_user" />         <security:logout logout-url="/logout" />     </security:http> </beans>

frontcontroller-servlet.xml

<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans"     xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:p="http://www.springframework.org/schema/p"     xmlns:c="http://www.springframework.org/schema/c" xmlns:mvc="http://www.springframework.org/schema/mvc"     xmlns:context="http://www.springframework.org/schema/context"     xsi:schemalocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">      <mvc:annotation-driven />     <context:component-scan base-package="sample.security" />     <bean id="viewresolver"         class="org.springframework.web.servlet.view.internalresourceviewresolver"         p:prefix="/web-inf/views/" p:suffix=".jsp">     </bean> </beans>

mvc-controller

package sample.security.controller;   import org.springframework.stereotype.controller; import org.springframework.web.bind.annotation.requestbody; import org.springframework.web.bind.annotation.requestmapping; import org.springframework.web.bind.annotation.requestmethod;  @controller public class securelogincontroller {      @requestmapping(value = {"/","/login"}, method = requestmethod.get)     public string securelogin() {     return "login";     }     @requestmapping(value = "/secure/defaulttarget", method = requestmethod.get)     public string gotoindexpage(@requestbody string body) {         system.out.println("request body :"+ body);         return "success";     }     @requestmapping(value = {"/error"}, method = requestmethod.get)     public string gotoagainlogin() {         return "error";     }  }

login.jsp

<%@ page language="java" contenttype="text/html; charset=iso-8859-1"     pageencoding="iso-8859-1"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <!doctype html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <title>login</title> </head> <body>     <h2>please login</h2>     <c:url value="secure/sayhello" var="loginurl" />     <form action="${loginurl}" method="post">         <label for="username">user name</label>&nbsp;&nbsp;&nbsp;<input             type="text" size="30" name="_username" id="username"><br /></br> <label             for="password">password</label>&nbsp;&nbsp;&nbsp;<input             type="password" size="30" name="_password" id="password"><br /></br> <input             type="submit" value="submit">     </form> </body> </html>

success.jsp

<%@ page language="java" contenttype="text/html; charset=iso-8859-1"     pageencoding="iso-8859-1"%> <!doctype html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <title>success</title> </head> <body> <h2>i got success</h2> </body> </html>

error.jsp

<%@ page language="java" contenttype="text/html; charset=iso-8859-1"     pageencoding="iso-8859-1"%> <!doctype html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <title>error page</title> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> </head> <body>     <h2>invalid use name or password</h2>     <c:url value="secure/sayhello" var="loginurl" />     <form action="${loginurl}" method="post">         <label for="username">user name</label>&nbsp;&nbsp;&nbsp;<input             type="text" size="30" name="_username" id="username"><br /></br>         <label for="password">password</label>&nbsp;&nbsp;&nbsp;<input             type="password" size="30" name="_password" id="password"><br /></br>         <input type="submit" value="submit">     </form> </body> </html>

web.xml

<?xml version="1.0" encoding="utf-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"     xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"     version="3.0">     <display-name>archetype created web application</display-name>     <context-param>         <param-name>contextconfiglocation</param-name>         <param-value>     /web-inf/configuration/customsecurity.xml     </param-value>     </context-param>     <filter>         <filter-name>springsecurityfilterchain</filter-name>         <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class>     </filter>     <filter-mapping>         <filter-name>springsecurityfilterchain</filter-name>         <url-pattern>/*</url-pattern>     </filter-mapping>     <servlet>         <servlet-name>frontcontroller</servlet-name>         <servlet-class>org.springframework.web.servlet.dispatcherservlet</servlet-class>         <init-param>             <param-name>contextconfiglocation</param-name>             <param-value>/web-inf/configuration/frontcontroller-servlet.xml</param-value>         </init-param>         <load-on-startup>1</load-on-startup>     </servlet>     <servlet-mapping>         <servlet-name>frontcontroller</servlet-name>         <url-pattern>/</url-pattern>     </servlet-mapping>     <listener>         <listener-class>org.springframework.web.context.contextloaderlistener</listener-class>     </listener> </web-app>

please provide me solution rectify issue.thanks in advance

let spring security set default set of security-related headers:

<security:http auto-config="false">     <security:headers />     <!-- other stuff ... --> </security:http>

note not stop user go previous page, browser told not cache it.


-

Comments

Post a Comment

Popular posts from this blog

how to proxy from https to http with lighttpd -

i have internal site (192.168.2.1) accessible http on different server run public web-server using lighttpd. can make internal site accessible outside work follows $http["host"] == "internal.example.com" { ... proxy.server = ( "" => ( "internal" => ( "host" => "192.168.2.1", "port" => 8000 ) ) } this works, use https outside world. question is, how can proxy going https http ? i've tried this: $server["socket"] == ":443" { $http["host"] == "internal.example.com" { ... proxy.server = ( "" => ( "internal" => ( "host" => "http://192.168.2.1", "port" => 8000 ) ) } } but doesn't seem wor...
Read more

android - Automated my builds -

i have multiple app , android project want automated in build , release sequence. have ant script build , create apk of app. want have 1 script or ant file start build sequence app. maybe don't konw search, can't find easy documentation on ant. the point of use jenkins ant (or maven, i'm not sure of difference between them now) automated build sequence when people commit on project. any int appreciated maven dependencies (over ant) don't need pass around jars. recommend maven on ant day. syntax , overall process easier understand, @ end of both build tools. if able to, more recommend upgrading gradle. easy create different build types , create them ./gradlew assemble here project jake wharton can see power of gradle. there release , debug build, can make lot more if like. https://github.com/jakewharton/u2020 here android docs gradle http://tools.android.com/tech-docs/new-build-system/user-guide . if can't find looking here, check out main grad...
Read more

python - Flask migration error -

i've got application build on flask , wanted create new migration today. when run $python manage.py db upgrade i got message raise util.commanderror('only single head supported. ' alembic.util.commanderror: single head supported. script directory has multiple heads (due branching), must resolved manually editing revision files form linear sequence. run alembic branches see divergence(s). so run command $alembic branches no config file 'alembic.ini' found, or file has no '[alembic]' section any clue on about? the error messages coming alembic, use command form alembic <command> , integrating flask coming flask-migrate, need use form python manage.py db branches . to resolve multiple branches, make 1 of branches point down other branch upgrade graph straight line. see alembic's docs on branches: http://alembic.readthedocs.org/en/latest/branches.html
Read more