Announcement Announcement Module
Collapse
No announcement yet.
problem with concurrent sesison filter Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • problem with concurrent sesison filter

    Hi
    Iam trying to redirect to a particular JSP on sessionexpired using concurrentsessionfilter but it is not effecting the application at all.
    It is using the Login.jsp throwing a AuthenticationCredentialsNotFoundException.
    Can you tell me why?

  • #2
    Can anybody answer my question y am I unable to go to the ExpiredURL.jsp page given at the ExpiredURL property in org.acegisecurity.concurrent.ConcurrentSessionFilt er.
    Please somebody reply my question.

    Comment


    • #3
      Please i need help regarding this issue .
      Ben can you help me

      Comment


      • #4
        Can you give us your security config file? I'm really new to this but was able to get the concurrent session stuff working OK.

        Comment


        • #5
          <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
          <property name="filterInvocationDefinitionSource">
          <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT
          /**=concurrentSessionFilter, httpSessionIntegrationFilter,authenticationProcess ingFilter,exceptionTranslationFilter, expiredPassWordFilter, filterInvocationInterceptor
          </value>
          </property>
          </bean>

          <bean id="httpSessionIntegrationFilter" class="org.acegisecurity.context.HttpSessionContex tIntegrationFilter">
          <property name="context">
          <value>org.acegisecurity.context.SecurityContextIm pl</value>
          </property>
          </bean>

          <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
          <property name="authenticationManager">
          <ref bean="authenticationManager"/>
          </property>
          <property name="authenticationFailureUrl">
          <value>/LoginPage.do</value>
          </property>
          <property name="defaultTargetUrl">
          <value>/secure/Welcome.do</value>
          </property>
          <property name="alwaysUseDefaultTargetUrl">
          <value>false</value>
          </property>
          <property name="filterProcessesUrl">
          <value>/secure/j_acegi_security_check</value>
          </property>
          <property name="exceptionMappings">
          <props>
          <prop key="org.acegisecurity.BadCredentialsException">/BadCredentialsPage.do</prop>
          <prop key="org.acegisecurity.userdetails.UsernameNotFoun dException">/UserNameNotFoundPage.do</prop>
          <prop key="org.acegisecurity.AuthenticationCredentialsNo tFoundException">/SessionExpired.do</prop>
          </props>
          </property>

          </bean>

          <bean id="concurrentSessionFilter" class="org.acegisecurity.concurrent.ConcurrentSess ionFilter">
          <property name="sessionRegistry">
          <ref local="sessionRegistry" />
          </property>
          <property name="expiredUrl">
          <value>/LoginPage.do</value>
          </property>
          </bean>
          <bean id="sessionRegistry" class="org.acegisecurity.concurrent.SessionRegistr yImpl" />

          <bean id="expiredPassWordFilter" class="com.starwood.svo.ice.security.filter.PassWo rdFilter" abstract="false" singleton="true" lazy-init="default" autowire="default" dependency-check="default">
          <property name="securityService">
          <ref local="mySecurityService" />
          </property>
          <property name="passwordChangeUrl">
          <value>/secure/security/PasswordExpired.do</value>
          </property>
          </bean>

          <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager ">
          <property name="providers">
          <list>
          <ref bean="daoAuthenticationProvider"/>
          </list>
          </property>
          </bean>

          <bean id ="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenti cationProvider">
          <property name="userDetailsService">
          <ref local="mySecurityService"/>
          </property>
          </bean>


          <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFi lter">

          <property name="authenticationEntryPoint">
          <ref bean="authenticationEntryPoint"/>
          </property>
          </bean>

          <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecur ityInterceptor">
          <property name="authenticationManager">
          <ref bean="authenticationManager"/>
          </property>
          <property name="accessDecisionManager">
          <ref bean="accessDecisionManager"/>
          </property>
          <property name="objectDefinitionSource">
          <ref bean = "myICEFilterDefinitionSource"/>
          </property>
          </bean>

          <bean id ="myICEFilterDefinitionSource" class ="com.starwood.svo.ice.security.ICEFilterInvocatio nDefinitionSourceImpl">
          <property name="securityService">
          <ref local="mySecurityService"/>
          </property>
          </bean>

          <bean id="loginListener"
          class="com.starwood.svo.ice.util.LoginListener">
          <property name="securityService">
          <ref local="mySecurityService"/>
          </property>
          </bean>

          <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>

          <bean id="accessDecisionManager" class="org.acegisecurity.vote.ConsensusBased">
          <property name="allowIfAllAbstainDecisions">
          <value>true</value>
          </property>
          <property name="decisionVoters">
          <list>
          <ref local="roleVoter"/>
          </list>
          </property>
          </bean>

          <bean id="authenticationEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
          <property name="loginFormUrl">
          <value>/Login.jsp</value></property>
          <property name="forceHttps"><value>false</value></property>
          </bean>
          <!-- ========================= OTHER ================================================== -->

          <bean id="messageSource" class="org.springframework.context.support.Resourc eBundleMessageSource">
          <property name="basename"><value>messages</value></property>
          </bean>

          </beans>


          this is my security config file. let mek now if there are any errors. It would be of a great help to me

          Comment


          • #6
            The esceptionTranslation filter is redirecting it to Login.jsp page rather than taking it to the ConcurrentSessionFilter

            Comment


            • #7
              It looks like you have a couple of things missing, at least when I compare to my config. Relevant portions of mine are below. I highlighted the things I have but you don't.


              Code:
                 <!-- concurrent session control -->
                 
              	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
              		<property name="filterInvocationDefinitionSource">
              			<value>
              				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
              				PATTERN_TYPE_APACHE_ANT
              				/**=channelProcessingFilter,concurrentSessionFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,switchUserProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
              			</value>
              		</property>
              	</bean>
              
                 <bean id="concurrentSessionController" class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
              	  <property name="maximumSessions"><value>1</value></property>
              	  <property name="sessionRegistry"><ref local="sessionRegistry"/></property>
                 </bean>
              
              	<bean id="concurrentSessionFilter" class="org.acegisecurity.concurrent.ConcurrentSessionFilter">
              	  <property name="sessionRegistry"><ref local="sessionRegistry"/></property>
              	  <property name="expiredUrl"><value>/expiredSession.jsp</value></property>
              	</bean>
              
                <bean id="sessionRegistry" class="org.acegisecurity.concurrent.SessionRegistryImpl"/>
              You also need to have the session event publisher setup in your web.xml.

              Code:
              	<listener>
              		<description>
              		Used by Acegi ConcurrentSessionFilter</description>
              		<display-name>
              		HttpSessionEventPublisher</display-name>
              		<listener-class>org.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>
              	</listener>

              Comment


              • #8
                Did this help?

                Comment


                • #9
                  Yeah it did help me.
                  I am sorry for not replying and also Thanks for the same.

                  Comment

                  Working...
                  X