Announcement Announcement Module
No announcement yet.
Using RequestCache when using session-management has invalid-session-url Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using RequestCache when using session-management has invalid-session-url

    After upgrading from Acegi to Spring Security, I am trying to recreate the old behavior that would allow showing a "Session Expired" message on the login page while still redirecting to the original request's URL.

    This is the same issue described here:

    The main issue is that the original request is cached when ExceptionTranslationFilter calls the following method:

    requestCache.saveRequest(request, response);

    However, when I add the following to my <http> tag, the ExceptionTranslationFilter is never called:
    <session-management invalid-session-url="/login.html?timeout=true" />

    The possible solutions I can think of are to use a custom SessionManagementFilter or a custom InvalidSessionStrategy that calls requestCache.saveRequest(request, response) before redirecting to the invalid-session-url. However I cannot find a simple way to provide a custom SessionManagementFilter or to inject a custom InvalidSessionStrategy into the default SessionManagementFilter.

    The other alternative is to use a custom ExceptionTranslationFilter that checks request.isRequestedSessionIdValid()...but that could be trickier since it relies on AuthenticationEntryPoint for the login page.

    How can I call saveRequest before redirecting to an invalid-sesion-url?
    Last edited by MrStanaland; Nov 27th, 2012, 07:58 PM.

  • #2
    (Apologies for bad wording in title...can't seem to edit that)