From 357cfe19c05f5c41d6bd29c089271866b91f3a1c Mon Sep 17 00:00:00 2001 From: Ravi Kumar Singh <58913878+singhjava592@users.noreply.github.com> Date: Tue, 25 Jun 2024 08:48:37 +0530 Subject: [PATCH] restrict browser back button Restrict the login page for the logged in users via browser back button --- .../com/luv2code/jobportal/config/WebSecurityConfig.java | 9 +++++++++ .../luv2code/jobportal/controller/UsersController.java | 9 +++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/section-04-login-logout/05-job-portal-login-logout-request-mappings/src/main/java/com/luv2code/jobportal/config/WebSecurityConfig.java b/section-04-login-logout/05-job-portal-login-logout-request-mappings/src/main/java/com/luv2code/jobportal/config/WebSecurityConfig.java index 5350ca3..21e1263 100644 --- a/section-04-login-logout/05-job-portal-login-logout-request-mappings/src/main/java/com/luv2code/jobportal/config/WebSecurityConfig.java +++ b/section-04-login-logout/05-job-portal-login-logout-request-mappings/src/main/java/com/luv2code/jobportal/config/WebSecurityConfig.java @@ -11,6 +11,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.header.writers.StaticHeadersWriter; import javax.swing.*; @@ -58,6 +59,14 @@ protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exce }).cors(Customizer.withDefaults()) .csrf(csrf->csrf.disable()); + // Add headers to prevent caching + http.headers(headers -> { + headers.cacheControl(cache -> cache.disable()); + headers.addHeaderWriter(new StaticHeadersWriter("Cache-Control", "no-cache, no-store, must-revalidate")); + headers.addHeaderWriter(new StaticHeadersWriter("Pragma", "no-cache")); + headers.addHeaderWriter(new StaticHeadersWriter("Expires", "0")); + }); + return http.build(); } diff --git a/section-04-login-logout/05-job-portal-login-logout-request-mappings/src/main/java/com/luv2code/jobportal/controller/UsersController.java b/section-04-login-logout/05-job-portal-login-logout-request-mappings/src/main/java/com/luv2code/jobportal/controller/UsersController.java index 2de1c4d..7821a83 100644 --- a/section-04-login-logout/05-job-portal-login-logout-request-mappings/src/main/java/com/luv2code/jobportal/controller/UsersController.java +++ b/section-04-login-logout/05-job-portal-login-logout-request-mappings/src/main/java/com/luv2code/jobportal/controller/UsersController.java @@ -31,6 +31,7 @@ public UsersController(UsersTypeService usersTypeService, UsersService usersServ this.usersService = usersService; } + @GetMapping("/register") public String register(Model model) { List usersTypes = usersTypeService.getAll(); @@ -43,12 +44,16 @@ public String register(Model model) { public String userRegistration(@Valid Users users) { // System.out.println("User:: " + users); usersService.addNew(users); - return "dashboard"; + return "redirect:/dashboard/"; } @GetMapping("/login") public String login() { - return "login"; + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + if (auth != null && auth.isAuthenticated() && !(auth instanceof AnonymousAuthenticationToken)) { + return "redirect:/dashboard/"; // Redirect to dashboard if already authenticated + } + return "login"; // Show login page if not authenticated } @GetMapping("/logout")