Announcement Announcement Module
Collapse
No announcement yet.
Spring Security Filter Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security Filter

    Hello. I have next config:

    Code:
    <http auto-config='true' access-denied-page="/accessDenied.brh" disable-url-rewriting="true">
            <remember-me services-ref="rememberMeService" key="baraholka" /> 
         	<intercept-url pattern="/addAdvert.brh" access="ROLE_CLIENT, ROLE_SUPER_ADMIN"/>
         	<intercept-url pattern="/userEditProfileForm.brh" access="ROLE_CLIENT, ROLE_SUPER_ADMIN"/>
            <form-login login-page="/accessDenied.brh" authentication-failure-url="/login.brh?error=true" default-target-url="/successAuthentication.brh"/>
            <logout invalidate-session="true" logout-success-url="/" logout-url="/j_spring_security_logout"/>
            <session-management invalid-session-url="/">
            	<concurrency-control max-sessions="1" expired-url="/"/>
            </session-management>  
               </http>
    WEB.XML
    Code:
    <filter>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    The problem is that if a try to go directly to http://127.0.0.1:8080/baraholka/viewAdvert.brh?id=24 the system redirect me to http://127.0.0.1:8080/baraholka/ at first and if i try to go by the same address the second time, it allow it to me.

    Looks like at first it creates the session and after check on the security filter and after apply decision!

    how to eliminate this ?

  • #2
    the problem resolved!

    the problem resolved!

    Comment

    Working...
    X