0

Hi Project consist of spring security mvc application.In my application after i logout, i can go back by clicking browser back button.How Can i get rid of this problem????

security.xml security confiuration

<security:http use-expressions="true">

        <security:form-login login-page="/home.html"

            default-target-url="/dologin.html" authentication-failure-url="/loginfailed.html" />
        <!-- <security:logout logout-success-url="/home.html" /> -->

        <security:logout logout-success-url="/home.html"
            delete-cookies="JSESSIONID" invalidate-session="true" />
        <security:remember-me />
        <security:intercept-url pattern="/signin*"
            access="permitAll" />
    </security:http>

web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/spring-context-data.xml</param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
        /WEB-INF/spring-context-web.xml,
         /WEB-INF/spring-context-data.xml,
         /WEB-INF/spring-security.xml
        </param-value>

    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
         /WEB-INF/spring-context-web.xml,
         /WEB-INF/spring-context-data.xml,
         /WEB-INF/spring-security.xml
    </param-value>
</context-param>

<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>*.html</url-pattern>
</servlet-mapping>
<!-- <servlet>
        <servlet-name>RealEstate</servlet-name>
        <servlet-class>com.Servlet1</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>RealEstate</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping> -->

<filter>

    <filter-name>methodFilter</filter-name>
    <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>methodFilter</filter-name>
    <url-pattern>*.html</url-pattern>
</filter-mapping>

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping> 
<filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

<welcome-file-list>

    <welcome-file>index.html</welcome-file>

</welcome-file-list>

html

<a href="j_spring_security_logout"  th:action="@{/j_spring_security_logout}"><span>Logout</span></a>
boycod3
  • 5,033
  • 11
  • 58
  • 87
  • You can use several methods, from disabling the back button to setting the cache to `no-cache` so that the previous page is expired. This SO link has details: http://stackoverflow.com/questions/13914844/how-to-expire-page-on-back-button-click – CodeChimp May 27 '14 at 11:02
  • write a custom filter ref this [link](http://stackoverflow.com/questions/5670848/spring-security-logout-back-button) – M4ver1k May 27 '14 at 12:14

0 Answers0