Announcement Announcement Module
No announcement yet.
Spring Security 3.1.x -- Having multiple 'invalidate-session-url' possible? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 3.1.x -- Having multiple 'invalidate-session-url' possible?

    Problem: Whenever I go to my application's landing page (index.jsp for instance), Spring automatically gives the user an authority named ROLE_ANONYMOUS. With this, session timeout is applicable -- which apparently, our client does not want since on invalid session detection, we display a 'Session is expired' message.

    Is there anyway possible to have multiple invalidate-session-urls? I've tried using InvalidSessionStrategy but from there, all the authorities I've been retrieving were ROLE_ANONYMOUS.

    I want it to be something like this:
    If the user has ROLE_ANONYMOUS -- go to anonymous-session-invalidate
    If the user has ROLE_** -- go to authenticated-session-invalidate

    Any thoughts?