Announcement Announcement Module
Collapse
No announcement yet.
Spring Security max-sessions="1" url configuration Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security max-sessions="1" url configuration

    I have set my applicationContext-security.xml like below,

    <security:http auto-config="false" use-expressions="true">

    <security:form-login login-page="/jsp/index.jsp"
    default-target-url="/jsp/home.jsp"
    authentication-failure-url="/jsp/index.jsp?login_error=1" />

    <security:intercept-url pattern="/jsp/home.jsp"
    access="isAuthenticated()" />

    <security:intercept-url pattern="/jsp/*.jsp"
    access="permitAll" />


    <security:logout logout-url="/j_spring_security_logout"
    invalidate-session="true" />


    <security:session-management>
    <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
    </security:session-management>

    </security:http>


    Here I want only one session for the user should be present that is why i have wrote max-sessions="1".

    It is working as needed, but the problem is when the user goes beyond 1 session, it redirects to
    authentication-failure-url="/jsp/index.jsp?login_error=1"

    also, when user enters invalid credentials at that time also it enters in same url ie.
    authentication-failure-url="/jsp/index.jsp?login_error=1"

    So, how should I display a message to user that Cannot login because of what reason as both failure points to same url.

    I tried setting,
    <security:session-management invalid-session-url="/abc.html" session-authentication-error-url="/def.html">
    <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/xyz.html"/>
    </security:session-management>


    but none of them is working on max-session reached and it redirects to
    authentication-failure-url="/jsp/index.jsp?login_error=1".


    how to separate url for two different problems.

    Please tell me if I my question is wrong or I am making any mistake.

    Thanks.
    Last edited by pokarjm; Oct 3rd, 2012, 11:55 PM.

  • #2
    Originally posted by pokarjm View Post
    I have set my applicationContext-security.xml like below,

    <security:http auto-config="false" use-expressions="true">

    <security:form-login login-page="/jsp/index.jsp"
    default-target-url="/jsp/home.jsp"
    authentication-failure-url="/jsp/index.jsp?login_error=1" />

    <security:intercept-url pattern="/jsp/home.jsp"
    access="isAuthenticated()" />

    <security:intercept-url pattern="/jsp/*.jsp"
    access="permitAll" />


    <security:logout logout-url="/j_spring_security_logout"
    invalidate-session="true" />


    <security:session-management>
    <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
    </security:session-management>

    </security:http>


    Here I want only one session for the user should be present that is why i have wrote max-sessions="1".

    It is working as needed, but the problem is when the user goes beyond 1 session, it redirects to
    authentication-failure-url="/jsp/index.jsp?login_error=1"

    also, when user enters invalid credentials at that time also it enters in same url ie.
    authentication-failure-url="/jsp/index.jsp?login_error=1"

    So, how should I display a message to user that Cannot login because of what reason as both failure points to same url.

    I tried setting,
    <security:session-management invalid-session-url="/abc.html" session-authentication-error-url="/def.html">
    <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/xyz.html"/>
    </security:session-management>


    but none of them is working on max-session reached and it redirects to
    authentication-failure-url="/jsp/index.jsp?login_error=1".


    how to separate url for two different problems.

    Please tell me if I my question is wrong or I am making any mistake.

    Thanks.

    Same issues

    Comment

    Working...
    X