I have a Java / Spring 3.x web app that uses EXJGs and I use the Architecture of Sincha To create a front-end, resulting in an automatically generated app.html file loaded in JS and CSS resources that look like this:
& lt ;! DOCTYPE html & gt; & Lt ;! - Auto built with Cena architect - & gt; & Lt ;! - Modifications of this file will be overwritten. - & gt; & Lt; Html & gt; & Lt; Top & gt; & Lt; Meta http-equiv = "content-type" content = "text / html; charset = UTF-8" /> & Lt; Title & gt; Ui & lt; / Title & gt; & Lt; Script src = "ext / ext-all.js" & gt; & Lt; / Script & gt; & Lt; Script src = "ext / ext-theme-neptune.js" & gt; & Lt; / Script & gt; & Lt; Link rel = "stylesheet" href = "ext / resources / ext-theme-neptune / ext-theme-neptune-all.css" & gt; & Lt; Link rel = "stylesheet" href = "css / custom.css" & gt; & Lt; Script type = "text / javascript" src = "app.js" & gt; & Lt; / Script & gt; & Lt; / Head & gt; & Lt; Body & gt; & Lt; / Body & gt; & Lt; / Html & gt; I want to preserve this HTML file with Spring Security and it works, except that it is often cached in the browser, so that even if the user is not logged in it Reloads. Here's my Spring XML that configures security for my webpad:
& lt; Beans: beans xmlns = "http://www.springframework.org/schema/security" xmlns: beans = "http: //www.springframework.org/schema/beans" xmlns: xsi = "http: // www. W3.org/2001/XMLSchema-instance "xsi: Schema Location =" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd Http://www.springframework.org/schema/security http://www.springframework.org/schema/security/ spring-protection-3.2.xsd "& gt; & Lt; Http auto-config = "true" usage-value = "true" & gt; & Lt; Intercept-url pattern = "/ ui / app.html" access = "harol ('ROLE_USER')" /> & Lt; Intercept-url pattern = "/ ui / **" access = "permitAll" /> & Lt; Form-login login-page = "/ login" default-target-url = "/ ui / app.html" authentication-failure- url = "/ login? Error" user name-parameter = "username" password-parameter = "Password" /> & Lt; Logout logout-success-url = "/ login? Logout" /> & Lt; CSRF / & gt; & Lt ;! - Enabled csrf protection - & gt; & Lt; / Http & gt; & Lt; Authentication Manager & gt; & Lt; Authentication Provider & gt; & Lt; User Service & gt; & Lt; Username = "test" password = "test" authorization = "ROLE_USER" /> & Lt; / User service & gt; & Lt; / Authentication Provider & gt; & Lt; / Authentication-manager & gt; & Lt; / Bean: beans & gt; As you can see, I have configured this to protect ui / app.html resources and after logging in, redirect to that page Have done The browser caches the page and causes confusion when the user logs out and tries to reach the same URL.
I was wondering if the spring MVC can be used to load the page through the controller, the header to end the page, but as it is a page that is usually But the servlet is distributed directly by the container, and not MVC, I do not know how I will configure it.
I would also like to be able to leave my app.html file in-situ because it uses resources that are relative to it, and working with Senka Architect It is also easier to leave it while doing it.
This browser will prevent caching:
& lt; Http & gt; & Lt ;! - ... - & gt; & Lt; Header & gt; & Lt; Cash-control / & gt; & Lt; / Headers & gt; & Lt; / Http & gt; This adds cache-control , Pragma and expiration headers for each response More information References The documentation can be found in the section.
Update: This reply was written for spring security version 3.2 . According to version 4, these headers are included by default.
No comments:
Post a Comment