Can Spring help to prevent caching of html pages on the browser? -

-

i have java/spring 3.x webapp uses extjs , use sencha architect create front end results in automatically generated app.html file loads in js , css resources looks this:

<!doctype html>  <!-- auto generated sencha architect --> <!-- modifications file overwritten. --> <html> <head>     <meta http-equiv="content-type" content="text/html; charset=utf-8" />     <title>ui</title>     <script src="ext/ext-all.js"></script>     <script src="ext/ext-theme-neptune.js"></script>     <link rel="stylesheet" href="ext/resources/ext-theme-neptune/ext-theme-neptune-all.css">     <link rel="stylesheet" href="css/custom.css">     <script type="text/javascript" src="app.js"></script> </head> <body></body> </html>

i want protect html file spring security , seems work except cached in browser appears reload when user not logged in. here spring xml configures security webapp:

<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">  <http auto-config="true" use-expressions="true">     <intercept-url pattern="/ui/app.html" access="hasrole('role_user')" />     <intercept-url pattern="/ui/**" access="permitall" />      <form-login         login-page="/login"         default-target-url="/ui/app.html"         authentication-failure-url="/login?error"         username-parameter="username"         password-parameter="password" />     <logout logout-success-url="/login?logout" />     <csrf/>  <!-- enable csrf protection --> </http>  <authentication-manager>     <authentication-provider >         <user-service>             <user name="test" password="test" authorities="role_user" />         </user-service>     </authentication-provider> </authentication-manager>  </beans:beans>

as can see have configured protect ui/app.html resource redirect page after log in. works fine until browser caches page , causes confusion when user logged out , tries access same url.

i wondering if spring mvc used load page via controller, perhaps modifying http headers force page expire, page delivered directly servlet container , not mvc i'm not sure how configure that.

i'd able leave app.html file in-situ uses resources relative it, , it's easier leave there when working sencha architect.

this prevent browser caching:

<http>     <!-- ... -->     <headers>         <cache-control />     </headers> </http>

it adds cache-control, pragma , expires headers every response. more information can found in reference documentation, section security http response headers.

update: answer written version 3.2 of spring security. of version 4, these headers included default.


Comments

Post a Comment

Popular posts from this blog

node.js - Mongoose: Cast to ObjectId failed for value on newly created object after setting the value -

-
this question has answer here: what's mongoose error cast objectid failed value xxx @ path “_id”? 7 answers even though has been asked many times because entity has no valid objectid field. i came across situation objectid set value can casted objectid still error. the schema: var serviceschema = parammongoose.schema({ servicename:{ type: parammongoose.schema.types.objectid , ref: 'servicenames',required:true } }); pseudo code: servicefromdb=new service({servicename:'some name'}); servicefromdb.servicename='000000000000000000000001'; servicefromdb.save(function(paramerror,paramdata){ if(paramerror){ console.log('but but...',servicefromdb,paramerror) } }); the output of code is: but but... { servicename: 000000000000000000000001, _id: 55079a90286f49280364f78b } { [casterror: cast objectid faile...
Read more

[C++][SFML 2.2] Strange Performance Issues - Moving Mouse Lowers CPU Usage -

-
i've been working on making 2d map editor past 2 weeks or so, , i've run strange problem. trying optimize code, example, making functions should've been functions begin with, did made cpu usage go through roof. i've tried commenting out different sections of code thought culprits (scrolling, rendering, other calculations) no avail. think issue might trying call things within different functions, sake of making modular possible, i'd functionality. the other major change i've made since file i'm comparing i've ported variables external cpp file, since having variables global makes lot easier use within different functions. simple issue, can't life of me understand why happens. with original code, around 2-3% cpu usage. new code, around 20-35%, but, if move mouse around, it'll drop around 6-8%. tl;dr: after trying optimize code using functions, i've somehow killed performance, , found strange quirk moving mouse reduces cpu usage.. /...
Read more

ios - Possible to get UIButton sizeThatFits to work? -

-
i have been using method of resizing uibuttons depreciated, , not robust. , other reasons, want sizethatfits work uibuttons. i've read online, i'm not sure if should work (seems working some, not others, difference maybe between style, i'm using custom). here simple test code recreate issue (i put in viewdidload test, shouldn't matter, , real code part of large project): uibutton *btn = [uibutton buttonwithtype:uibuttontypecustom]; [btn settitle:@"this test long title need word wrap more single line when displayed on tiny ipod in portrait view." forstate:uicontrolstatenormal]; btn.titlelabel.linebreakmode = uilinebreakmodewordwrap; // depreciated - nothing replace it? cgrect r = btn.frame; r.origin.x = 0; r.origin.y = 0; r.size.width = 320; r.size.height = [btn.titlelabel.text sizewithfont:btn.titlelabel.font constrainedtosize:cgsizemake(r.size.width,100000) linebreakmode:btn.titlelabel.linebreakmode].height; // returns approx 86 , changes correctly ...
Read more