Announcement Announcement Module
Collapse
No announcement yet.
Timeout URL vs Expired URL? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Timeout URL vs Expired URL?

    Hello experts

    I have a fairly simple spring-security context as seen below. My requirement is to have different urls for a user when they:

    1) log out
    2) time out
    3) concurrent log in exception

    Log out is fine but I cannot get the time out url (sessiontimeout.htm) to work with the max concurrency expired url (duplicatesession.htm). It seems that the invalid-session-url attribute overrides the concurrency expired-url attribute at all times.

    Can anyone spot what is going wrong or provide a suggestion please?

    Thanks

    ==================================================

    <http use-expressions="true" auto-config="false">

    <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
    <session-management session-authentication-strategy-ref="sas" invalid-session-url="/sessiontimeout.htm" />
    <logout invalidate-session="true" delete-cookies="JSESSIONID" />

    <intercept-url pattern="/logon.htm" access="permitAll" />
    <intercept-url pattern="/logoff.htm" access="permitAll" />
    <intercept-url pattern="/sessiontimeout.htm" access="permitAll" />
    <intercept-url pattern="/duplicatesession.htm" access="permitAll" />
    <intercept-url pattern="/css/**" access="permitAll" />
    <intercept-url pattern="/js/**" access="permitAll" />
    <intercept-url pattern="/images/**" access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

    <form-login login-page="/logon.htm"
    login-processing-url="/processlogon.htm"
    authentication-details-source-ref="loginPostProcessor"
    always-use-default-target="true"
    default-target-url="/files/summary.htm"
    authentication-failure-url="/logon.htm?error=true" />
    </http>

    <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.Co ncurrentSessionFilter">
    <beansroperty name="sessionRegistry" ref="sessionRegistry" />
    <beansroperty name="expiredUrl" value="/duplicatesession.htm" />
    </beans:bean>

    <beans:bean id="sas" class="org.springframework.security.web.authentica tion.session.ConcurrentSessionControlStrategy">
    <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
    <beansroperty name="maximumSessions" value="1" />
    </beans:bean>

    <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.S essionRegistryImpl" />

    ==================================================
Working...
X