Announcement Announcement Module
Collapse
No announcement yet.
Session Invalidate Not working after logout, I have added "HttpSessionEventPublisher" Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Session Invalidate Not working after logout, I have added "HttpSessionEventPublisher"

    Hello,

    Please help me, I have integrated Struts2, Spring 3, Spring Security 3, Sitemesh, webservices(CXF using spring) and JPA and all are working fine. I set maximum session to 2 in "application-security.xml" and when i login and logout 2 times from 2 different browsers logout works perfectly. but when i again login in another third browser it will throw an error like "Your login attempt was not successful, try again.", its my custom error for invalid username/password. I also added this listener in "web.xml".

    Versions: Struts 2.2.1.1, Spring 3.0.5, Spring Security 3.0.5, Sitemesh 2.4.2, JPA 2.

    entry in web.xml to clear session.
    HTML Code:
    <listener>
    	<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    </listener>
    and my web.xml is
    HTML Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    		xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    		xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    		id="WebApp_ID" version="3.0">
    	<display-name>XYZ</display-name>
    	<welcome-file-list>
    		<welcome-file>login.jsp</welcome-file>
    	</welcome-file-list>
    	
    	<!--  Filters -->
    	<filter>
    		<filter-name>sitemesh</filter-name>
    		<filter-class>org.apache.struts2.sitemesh.FreemarkerPageFilter</filter-class>
    	</filter>
    	<filter>
    		<filter-name>action2-cleanup</filter-name>
    		<filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
    	</filter>
    	<filter>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
    	<filter>
    		<filter-name>struts2</filter-name>
    		<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
    	</filter>
    	<servlet>
    		<servlet-name>CXFServlet</servlet-name>
    		<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
    		<load-on-startup>1</load-on-startup>
    	</servlet>
    	
    	<!-- Filter Mapping -->
    	<filter-mapping>
    		<filter-name>action2-cleanup</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    	<filter-mapping>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    	<filter-mapping>
    		<filter-name>sitemesh</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    	<filter-mapping>
    		<filter-name>struts2</filter-name>
    		<url-pattern>*.action</url-pattern>
    	</filter-mapping>
    	<servlet-mapping>
    		<servlet-name>CXFServlet</servlet-name>
    		<url-pattern>/rest/*</url-pattern>
    	</servlet-mapping>
    	<session-config>
    		<session-timeout>18000</session-timeout>
    	</session-config>
    	
    	<!-- Listeners -->
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    	<listener>
    		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    	</listener>
    	
    	<!-- Start Pagination -->
    	<jsp-config>
    		<taglib>
    			<taglib-uri>http://displaytag.sourceforge.net/</taglib-uri>
    			<taglib-location>/WEB-INF/displaytag-11.tld</taglib-location>
    		</taglib>
    	</jsp-config>
    	<filter>
    		<filter-name>ResponseOverrideFilter</filter-name>
    		<filter-class>org.displaytag.filter.ResponseOverrideFilter</filter-class>
    	</filter>
    	<!-- End Pagination -->
    	
    	<!-- DWR Serlvet Start -->
    	<servlet>
    		<servlet-name>dwr</servlet-name>
    		<servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class>
    		<init-param>
    			<param-name>debug</param-name>
    			<param-value>true</param-value>
    		</init-param>
    	</servlet>
    	<servlet>
    		<servlet-name>jspSupportServlet</servlet-name>
    		<servlet-class>org.apache.struts2.views.JspSupportServlet</servlet-class>
    		<load-on-startup>5</load-on-startup>
    	</servlet>
    	<servlet-mapping>
    		<servlet-name>dwr</servlet-name>
    		<url-pattern>/dwr/*</url-pattern>
    	</servlet-mapping>
    	<!-- DWR Serlvet End -->
    </web-app>
    and my applicationContext-security.xml is
    HTML Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans	xmlns="http://www.springframework.org/schema/security"
        			xmlns:beans="http://www.springframework.org/schema/beans"
        			xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        			xsi:schemaLocation="http://www.springframework.org/schema/beans 
        								http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                            			http://www.springframework.org/schema/security 
                            			http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    
    	<!-- HTTP security configurations -->
    	<http auto-config="true" use-expressions="true">
    		<form-login login-processing-url="/j_spring_security_check" default-target-url="/Login.action" login-page="/login.jsp" 
    			authentication-failure-url="/login.jsp?login_error=1" always-use-default-target="false" />
    		<logout logout-url="/Logout" logout-success-url="/login.jsp" invalidate-session="true" />
    		<session-management invalid-session-url="/sessionExpired.jsp">
    			<concurrency-control max-sessions="1"  error-if-maximum-exceeded="true" expired-url="/maxSessionsReached.jsp" />
    		</session-management>
    		
    		<access-denied-handler error-page="/sessionExpired.jsp" />
    		     
    		<!-- Configure these elements to secure URIs in your application -->
    		<intercept-url pattern="/css/**" access="permitAll"/>
    		<intercept-url pattern="/images/**" access="permitAll"/>
    		<intercept-url pattern="/img/**" access="permitAll"/>
    		<intercept-url pattern="/js/**" access="isAuthenticated()"/>
    		<intercept-url pattern="/views/**" access="isAuthenticated()"/>
    		<intercept-url pattern="/WEB-INF/**" access="permitAll" />
    		<intercept-url pattern="/login**" access="permitAll" />
    		<intercept-url pattern="/**" access="permitAll" />
    	 </http>
    
    	<!-- Configure Authentication mechanism -->
    	<authentication-manager alias="authenticationManager">
    	 	<authentication-provider>
    		<!-- SHA-256 values can be produced using 'echo -n your_desired_password | sha256sum' (using normal *nix environments) -->
    			<jdbc-user-service 	data-source-ref="dataSource"
    								authorities-by-username-query="SELECT l.username AS login, pr.role_id AS authority FROM login l, person_role pr WHERE l.username=? AND l.person_id=pr.person_id"
    								users-by-username-query="SELECT l.username AS login, l.password, p.person_status_id=1 AS enabled FROM login l, person p WHERE l.username=? AND l.person_id = p.person_id "/>	    					   
    			<password-encoder hash="sha-256">
    				<salt-source system-wide="#{T(xyz.abc.Constant).PASSWORD_SALT}" />
    			</password-encoder>
    		</authentication-provider>
    	</authentication-manager>
    	
    	<global-method-security pre-post-annotations="enabled" />
    	
    </beans:beans>
    applicationContext.xml is
    HTML Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:p="http://www.springframework.org/schema/p"
           xmlns:context="http://www.springframework.org/schema/context"
           xmlns:tx="http://www.springframework.org/schema/tx"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:aop="http://www.springframework.org/schema/aop"
           xmlns:jdbc="http://www.springframework.org/schema/jdbc"
           xsi:schemaLocation="
                http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans.xsd
                http://www.springframework.org/schema/aop
                http://www.springframework.org/schema/aop/spring-aop.xsd
                http://www.springframework.org/schema/tx
                http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                http://www.springframework.org/schema/jdbc
                http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
                http://www.springframework.org/schema/context
                http://www.springframework.org/schema/context/spring-context-3.0.xsd">
       	
        <!--<import resource="applicationContext-ehcache.xml" /> -->
        <import resource="applicationContext-quartz.xml" />         
        <import resource="applicationContext-cxf.xml" />
        <import resource="applicationContext-email.xml" />
        <import resource="applicationContext-security.xml" />
    
         ---------------- code continues------
    	
    </beans>
    Thanks in advance.

    Regards,
    A.R.Upadhya.
    Last edited by arun.ru; Mar 27th, 2012, 09:10 AM.
Working...
X