Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-26 22:02:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-3068: Update Tutorial to use POST /logout

Browse Source
This commit is contained in:
Rob Winch 2015-08-10 09:52:27 -05:00
parent 8cc9108601
commit b0701ea770
4 changed files with 56 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
samples/tutorial-xml/src/main/webapp/WEB-INF/applicationContext-security.xml
View File

@ -19,8 +19,8 @@
<http pattern="/loggedout.jsp" security="none"/>
<http>
<intercept-url pattern="/secure/extreme/**" access="hasRole('supervisor')"/>
<intercept-url pattern="/secure/**" access="isAuthenticated()" />
<intercept-url pattern="/secure/extreme/**" access="hasAuthority('supervisor')"/>
<intercept-url pattern="/secure/**" access="authenticated" />
<!--
Allow all other requests. In a real application you should
adopt a whitelisting approach where access is not allowed by default

7
samples/tutorial-xml/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
View File

@ -1,4 +1,5 @@
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@ -47,7 +48,11 @@ Anyone can view this page, but posting to an Account requires login and must be
</c:forEach>
</table>
<p><a href="logout">Logout</a></p>
<p>
<form action="logout" method="post">
<sec:csrfInput />
<input type="submit" value="Logout"/>
</form>
</div>
</body>
</html>

14
samples/tutorial-xml/src/main/webapp/secure/extreme/index.jsp
View File

@ -1,4 +1,4 @@
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@ -14,12 +14,16 @@
<h1>VERY Secure Page</h1>
This is a protected page. You can only see me if you are a supervisor.
<authz:authorize access="hasRole('supervisor')">
You have authority "supervisor" (this text is surrounded by &lt;authz:authorize&gt; tags).
</authz:authorize>
<sec:authorize access="hasAuthority('supervisor')">
You have authority "supervisor" (this text is surrounded by &lt;sec:authorize&gt; tags).
</sec:authorize>
<p><a href="../../">Home</a></p>
<p><a href="../../logout">Logout</a></p>
<form action="../../logout" method="post">
<sec:csrfInput />
<input type="submit" value="Logout"/>
</form>
</div>
</body>
</html>

6
samples/tutorial-xml/src/main/webapp/secure/index.jsp
View File

@ -43,7 +43,11 @@ or if you've authenticated this session.
<p><a href="../">Home</a></p>
<p><a href="../logout">Logout</a></p>
<form action="../logout" method="post">
<sec:csrfInput />
<input type="submit" value="Logout"/>
</form>
</div>
</body>
</html>