Announcement Announcement Module
Collapse
No announcement yet.
Not able to redirect to login page after session time out Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Not able to redirect to login page after session time out

    I am trying to implement spring security in the my project let me know what i am missing.

    not able to redirect after session timeout on the sessiontimeout page

    below is my spring security xml.Please help and let me know what i am missing.

    spring security xml.
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schem...-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

    <http auto-config="true">
    <intercept-url pattern="*.do" access="ROLE_USER" />
    <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" />
    <logout logout-success-url="/logout" invalidate-session="true" logout-url="/logout"/>

    <session-management>
    <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /></session-management>

    <session-management invalid-session-url="/logout.do" />


    </http>


    </beans:beans>


    web.xml
    <listener>
    <listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
    </listener>

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    /WEB-INF/dispatcher-servlet.xml
    /WEB-INF/dispatcher-security.xml
    </param-value>
    </context-param>

    <listener>
    <listener-class>org.springframework.security.web.session.Htt pSessionEventPublisher</listener-class>
    </listener>



    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
    </filter>

    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <session-config>
    <session-timeout>5</session-timeout>
    </session-config>

  • #2
    Please use [ code][/code ] tags when posting code that way it remains readable. Also your problem description isn't clear I have no clue what the problem is. What I guess is that you get in a loop on invalid session you redirect to /logout.do which is protected however you again/still have an invalid session and get redirected again, again again... So either redirect to the login page or another page which is not protected by Spring Security.

    Comment


    • #3
      I have tried to redirect to the login page but i am not able to redirect to the login page. i think filter is not working .
      could you please let me know if i am missing any settings in web.xml or security.xml.

      Comment


      • #4
        though I am late in replying here. But you can implement a javascript based mechanism to <a href="http://www.javaexperience.com/force-page-to-login-after-struts2-session-timeout/">force login page after session timeout</a>

        Comment

        Working...
        X