在struts 2登录Web应用程序中注销后,限制用户从浏览器后退按钮返回页面? [英] Restrict a user to go to back pages from the browser back button after log out in struts 2 login web application?
本文介绍了在struts 2登录Web应用程序中注销后,限制用户从浏览器后退按钮返回页面?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在制作一个Struts 2网络应用程序,其中注销后可以从浏览器返回页面返回页面,我不希望在我的应用程序中使用。我还在每次请求验证用户之前使用自定义拦截器。但它也没有按照欲望的方式工作。我的代码如下
I am making a Struts 2 web app in which after log out one can go to back pages from the browsers back button which i don't want in my app.I also using a custom interceptor before every request to authenticate users.but it also not working in desire way. My code is as follows
web.xml
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>loginlogout</display-name>
<filter>
<filter-name>struts</filter-name>
<filter-
class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-
class>
</filter>
<filter-mapping>
<filter-name>struts</filter-name>
<url-pattern>/action/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>15</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>login.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>bloack_jsp_access</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
</security-constraint>
</web-app>
struts.xml
<struts>
<constant name="struts.devMode" value="true"></constant>
<package name="default" extends="struts-default" namespace="/action">
<interceptors>
<interceptor name="secure" class="com.inter.Authentication"></interceptor>
<interceptor-stack name="secureStack">
<interceptor-ref name="secure"/>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
</interceptors>
<action name="loginAction" class="com.action.Login">
<result name="success" type="redirectAction">
<param name="actionName">task</param>
<param name="namespace">/action</param>
</result>
<result name="input">/login.html</result>
</action>
<action name="logoutAction" class="com.action.Login" method="logout">
<result name="success">/login.html</result>
</action>
<action name="task">
<interceptor-ref name="secureStack"></interceptor-ref>
<result>/welcome.jsp</result>
<result name="login">/login.html</result>
</action>
</package>
LoginAction.java
package com.action;
import java.util.Map;
import model.User;
import org.apache.struts2.dispatcher.SessionMap;
import org.apache.struts2.interceptor.SessionAware;
import com.opensymphony.xwork2.ActionSupport;
public class Login extends ActionSupport implements SessionAware {
private static final long serialVersionUID = 1L;
private String userName;
private String userPass;
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getUserPass() {
return userPass;
}
public void setUserPass(String userPass) {
this.userPass = userPass;
}
private SessionMap<String, Object> session;
public SessionMap<String, Object> getSession() {
return session;
}
@Override
public void setSession(Map<String, Object> session) {
this.session=(SessionMap<String, Object>) session;
}
private boolean validateUser(User user){
if(userName.equals("sandip") && userPass.equals("12345")){
return true;
}else
return false;
}
@Override
public String execute(){
clearFieldErrors();
User user=(User)session.get("user");
if(user!=null){
return SUCCESS;
}else{
User u=new User(userName,userPass);
if(validateUser(u)){
session.put("user", u);
return SUCCESS;
}else{
addFieldError("invalid", "invalid login credentials");
}
return INPUT;
}
}
public String logout(){
session.remove("user");
session.invalidate();
return SUCCESS;
}
}
Authentication.java(拦截器)
@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
Map<String, Object> session=actionInvocation.getInvocationContext().getSession();
User user=(User) session.get("user");
if(user==null){
return ActionSupport.LOGIN;
}
else{
return actionInvocation.invoke();
}
}
login.html
<form action="action/loginAction" method="post">
User Name:<input type="text" name="userName"/>
Password :<input type="password" name="userPass"/>
<input type="submit" value="login"/>
</form>
welcome.jsp
hello <s:property value="#session['user'].userName"/><br/>
<a href="action/logoutAction">logout</a>
推荐答案
我需要设置相应的HTTP标头属性以防止JSP页面输出的动态内容由浏览器缓存。
i need to set the appropriate HTTP header attributes to prevent the dynamic content output by the JSP page from being cached by the browser.
就像这样
<%
response.setHeader("Cache-Control","no-store"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>
这篇关于在struts 2登录Web应用程序中注销后,限制用户从浏览器后退按钮返回页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文