会话无效不起作用


 < ?xml version="1.0" encoding="UTF-8"?>
  <  beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:security="http://www.springframework.org/schema/security"
   xmlns:p="http://www.springframework.org/schema/p" 
   xsi:schemaLocation="http://www.springframework.org/schema/beans
                       http://www.springframework.org/schema/beans/spring-beans.xsd
                       http://www.springframework.org/schema/security
                       http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    < security:global-method-security secured-annotations="enabled" />
   <  security:http> 
       < security:intercept-url pattern="/index*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
     <  security:intercept-url pattern="/login123" access="ROLE_ADMIN" />
      <  security:intercept-url pattern="/employee1" access="ROLE_EMPLOYEE"/>
      < security:intercept-url pattern="/emppreviewshow" access="ROLE_EMPLOYEE"/>
       < security:access-denied-handler error-page="/login"/>
    <security:form-login login-page="/login" default-target-url="/index"
        authentication-failure-url="/fail2login" 
        username-parameter="username"
        password-parameter="j_password" />
        <security:session-management invalid-session-url="/logout" session-fixation-protection="newSession" >
       <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
    </security:session-management>
    <security:logout logout-success-url="/logout" delete-cookies="JSESSIONID" invalidate-session="true"/>
</security:http>
    <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" >
     <constructor-arg name="strength" value="255" />
</bean>
<security:authentication-manager>
  <security:authentication-provider>
    <security:jdbc-user-service data-source-ref="dataSource"
            users-by-username-query=
                "select username,password, enabled from USER_MASTER where username=?"
            authorities-by-username-query=
                "select username,USER_ROLE from USER_ROLE where username =?  " />
                <security:password-encoder ref="passwordEncoder" />
  </security:authentication-provider>
</security:authentication-manager>

当我单击注销并单击浏览器的后退按钮时,它仍然显示旧页面。我希望在浏览器中单击后退按钮时显示相同的登录 URL。

您可以在控制器类的所有方法中检查会话是否处于活动状态。即,请求映射类,方法。如果会话处于活动状态,则返回页面。否则重定向到登录页面。

欢迎来到客户端与服务器的世界!使会话失效是服务器上的操作。假设会话 ID 在 cookie 中传递,这意味着包含该 cookie 的下一个请求将不是上一个会话的成员,因此您将激活所有"请先登录"机制。

但在正常情况下,点击浏览器上的后退按钮不会发送新请求,而只是显示本地缓存中的最后一页。因此,它是仅限客户端的操作。

作为应用程序开发人员,您无能为力。您可以尝试使用javascript来隐藏后退按钮,捕获它或清理缓存。但如果我是你,我不敢想:你很可能会陷入浏览器兼容性问题,因为你不应该关心的事情。用户在本地读取的内容是它自己的问题。如果他/她制作了一页的打印副本,您将不会在会议结束时拿打火机烧掉它。缓存的页面是相同的:本地副本。这就是为什么在显式断开连接时,您经常会看到一条消息要求关闭浏览器窗口的原因。这是用户确保在单击后退按钮时不读取脱机副本的唯一方法。

我不能使用无效会话。 我只是添加"身份验证-成功-处理程序-引用"。 并在其中设置一个会话。登录后,会话设置为 true。注销后,Sesison 设置为 false。

这是代码:安全语境.xml

<bean id="customAuthenticationSuccessHandler" class="org.dewbyte.corebank.utility.CustomAuthenticationSuccessHandler"/>

根上下文.xml

<bean id="LogoutSuccessHandler" class="org.dewbyte.corebank.utility.LogoutSuccessHandler" />

CustomAuthenticationSuccessHandler 类

public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler{
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication authentication)
        throws IOException, ServletException {
    request.getSession().setAttribute("loginStatus", "true");
    String targetUrl = "/dashboard"; 
    redirectStrategy.sendRedirect(request, response, targetUrl);
}
public RedirectStrategy getRedirectStrategy() {
    return redirectStrategy;
}
public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
    this.redirectStrategy = redirectStrategy;
}

}

LogoutSuccessHandler 类

public class LogoutSuccessHandler implements org.springframework.security.web.authentication.logout.LogoutSuccessHandler{
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
public RedirectStrategy getRedirectStrategy() {
    return redirectStrategy;
}
public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
    this.redirectStrategy = redirectStrategy;
}
@Override
public void onLogoutSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication authentication)
        throws IOException, ServletException {
    request.getSession().setAttribute("loginStatus", "false");
    String targetUrl = "/"; 
    redirectStrategy.sendRedirect(request, response, targetUrl);
}
}

检查控制器类中的每个方法中的会话是真还是假。

控制器类

if (request.getSession().getAttribute("loginStatus").equals("true")) 
    {
return home;
}
else
return login;

最新更新