Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-29 15:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-3068: Update Tutorial to use POST /logout

Browse Source
This commit is contained in:
Rob Winch 2015-08-10 09:52:27 -05:00
parent 8cc9108601
commit b0701ea770
4 changed files with 56 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
samples/tutorial-xml/src/main/webapp/WEB-INF/applicationContext-security.xml
View File

@ -19,8 +19,8 @@
<http pattern="/loggedout.jsp" security="none"/> <http pattern="/loggedout.jsp" security="none"/>
<http> <http>
<intercept-url pattern="/secure/extreme/**" access="hasRole('supervisor')"/> <intercept-url pattern="/secure/extreme/**" access="hasAuthority('supervisor')"/>
<intercept-url pattern="/secure/**" access="isAuthenticated()" /> <intercept-url pattern="/secure/**" access="authenticated" />
<!-- <!--
Allow all other requests. In a real application you should Allow all other requests. In a real application you should
adopt a whitelisting approach where access is not allowed by default adopt a whitelisting approach where access is not allowed by default

7
samples/tutorial-xml/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
View File

@ -1,4 +1,5 @@
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@ -47,7 +48,11 @@ Anyone can view this page, but posting to an Account requires login and must be
</c:forEach> </c:forEach>
</table> </table>
<p><a href="logout">Logout</a></p> <p>
<form action="logout" method="post">
<sec:csrfInput />
<input type="submit" value="Logout"/>
</form>
</div> </div>
</body> </body>
</html> </html>

14
samples/tutorial-xml/src/main/webapp/secure/extreme/index.jsp
View File

@ -1,4 +1,4 @@
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %> <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@ -14,12 +14,16 @@
<h1>VERY Secure Page</h1> <h1>VERY Secure Page</h1>
This is a protected page. You can only see me if you are a supervisor. This is a protected page. You can only see me if you are a supervisor.
<authz:authorize access="hasRole('supervisor')"> <sec:authorize access="hasAuthority('supervisor')">
You have authority "supervisor" (this text is surrounded by &lt;authz:authorize&gt; tags). You have authority "supervisor" (this text is surrounded by &lt;sec:authorize&gt; tags).
</authz:authorize> </sec:authorize>
<p><a href="../../">Home</a></p> <p><a href="../../">Home</a></p>
<p><a href="../../logout">Logout</a></p>
<form action="../../logout" method="post">
<sec:csrfInput />
<input type="submit" value="Logout"/>
</form>
</div> </div>
</body> </body>
</html> </html>

6
samples/tutorial-xml/src/main/webapp/secure/index.jsp
View File

@ -43,7 +43,11 @@ or if you've authenticated this session.
<p><a href="../">Home</a></p> <p><a href="../">Home</a></p>
<p><a href="../logout">Logout</a></p>
<form action="../logout" method="post">
<sec:csrfInput />
<input type="submit" value="Logout"/>
</form>
</div> </div>
</body> </body>
</html> </html>