Announcement Announcement Module
Collapse
No announcement yet.
Concurrent Sessions Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Concurrent Sessions

    Hi,

    I have been getting 500 Server Errors when I try to access my application more than once in a browser session. I am not sure if this is a concurrent session problem or what. I went ahead and tried to implement the concurrent session stuff but now I can't even get to my application. I get this error:

    PHP Code:
    DEBUG [org.acegisecurity.context.HttpSessionContextIntegrationFilterHttpSession is nullbut SecurityContextHolder has not changed from default: ' org.acegisecurity.context.SecurityContextImpl@ffffffff: Null authentication'not creating HttpSession or storing SecurityContextHolder contents
    2007
    -03-05 12:02:54,705 DEBUG [org.acegisecurity.context.HttpSessionContextIntegrationFilterSecurityContextHolder set to new context, as request processing completed
    2007
    -03-05 12:02:54,709 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/chimera].[jsp]] Servlet.service() for servlet jsp threw exception
    java
    .lang.IllegalArgumentExceptionSessionIdentifierAware did not return a Session ID (org.acegisecurity.ui.WebAuthenticationDetails@957eRemoteIpAddress127.0.0.1SessionIdnull)
            
    at org.springframework.util.Assert.hasText(Assert.java:169)
            
    at org.acegisecurity.concurrent.SessionRegistryUtils.obtainSessionIdFromAuthentication(SessionRegistryUtils.java:51)
            
    at org.acegisecurity.concurrent.ConcurrentSessionControllerImpl.checkAuthenticationAllowed(ConcurrentSessionControllerImpl.java:90)
            
    at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:184)
            
    at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
            
    at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:253)
            
    at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:104)
            
    at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72)
            
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
            
    at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:110)
            
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
            
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
            
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
            
    at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:81
    Just in case here is my acegi-security-config.xml file:

    PHP Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

    <beans>
        <!-- ======================== FILTER CHAIN ======================= -->
        <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
            <property name="filterInvocationDefinitionSource">
                <value>
                    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                    PATTERN_TYPE_APACHE_ANT
                    /**=concurrentSessionFilter,httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
                </value>
            </property>
        </bean>

        <!-- ======================== AUTHENTICATION ======================= -->

        <bean id="initialDirContextFactory"
              class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
            <constructor-arg value="ldap:/asdfasdf"/>
        </bean>

        <bean id="ldapAuthProvider"
              class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
            <constructor-arg>
                <bean class="org.acegisecurity.providers.ldap.authenticator.PasswordComparisonAuthenticator">
                    <constructor-arg>
                        <ref local="initialDirContextFactory"/>
                    </constructor-arg>
                    <property name="userDnPatterns">
                        <list>
                            <value>{0},ou=asdf</value>
                        </list>
                    </property>
                    <property name="passwordEncoder">
                        <bean class="com.charityusa.chimera.ldap.ChimeraPasswordEncoder"/>
                    </property>
                </bean>
            </constructor-arg>
            <constructor-arg>
                <bean class="com.charityusa.chimera.ldap.ChimeraLdapAuthoritiesPopulator"/>
            </constructor-arg>
        </bean>


        <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
            <property name="providers">
                <list>
                    <ref local="anonymousAuthenticationProvider"/>
                    <ref local="ldapAuthProvider"/>
                </list>
            </property>
            <property name="sessionController">
                <ref bean="concurrentSessionController"/>
            </property>
        </bean>

        <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>

        <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
            <property name="key">
                <value>foobar</value>
            </property>
            <property name="userAttribute">
                <value>anonymousUser,ROLE_ANONYMOUS</value>
            </property>
        </bean>

        <bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
            <property name="key">
                <value>foobar</value>
            </property>
        </bean>

        <bean id="concurrentSessionFilter" class="org.acegisecurity.concurrent.ConcurrentSessionFilter">
            <property name="sessionRegistry">
                <ref local="sessionRegistry"/>
            </property>
            <property name="expiredUrl">
                <value>login.do</value>
            </property>
        </bean>

        <bean id="concurrentSessionController" class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
          <property name="maximumSessions"><value>1</value></property>
          <property name="sessionRegistry"><ref local="sessionRegistry"/></property>
        </bean>

        <bean id="sessionRegistry" class="org.acegisecurity.concurrent.SessionRegistryImpl"/>

        <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>

        <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
            <constructor-arg value="/login.do"/>
            <constructor-arg>
                <list>
                    <bean class="com.charityusa.chimera.ldap.ChimeraSecurityContextLogoutHandler"/>
                </list>
            </constructor-arg>
            <property name="filterProcessesUrl">
                <value>/deauth.do</value>
            </property>
        </bean>

        <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>


        <!-- ===================== HTTP REQUEST SECURITY ==================== -->

        <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
            <property name="authenticationEntryPoint">
                <ref local="authenticationProcessingFilterEntryPoint"/>
            </property>
            <property name="accessDeniedHandler">
                <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
                    <property name="errorPage" value="/login.do"/>
                </bean>
            </property>
        </bean>

        <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
            <property name="authenticationManager">
                <ref bean="authenticationManager"/>
            </property>
            <property name="authenticationFailureUrl">
                <value>/login.do</value>
            </property>
            <property name="defaultTargetUrl">
                <value>/index.do</value>
            </property>
            <property name="filterProcessesUrl">
                <value>/auth.do</value>
            </property>
        </bean>

        <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
            <property name="loginFormUrl">
                <value>/login.do</value>
            </property>
            <property name="forceHttps">
                <value>false</value>
            </property>
        </bean>


        <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
            <property name="authenticationManager" ref="authenticationManager"/>
            <property name="alwaysReauthenticate" value="true"/>
            <property name="accessDecisionManager">
                <bean class="org.acegisecurity.vote.AffirmativeBased">
                    <property name="allowIfAllAbstainDecisions" value="false"/>
                    <property name="decisionVoters">
                        <list>
                            <bean class="org.acegisecurity.vote.RoleVoter"/>
                        </list>
                    </property>
                </bean>
            </property>
            <property name="objectDefinitionSource">
                <value>
                    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                    PATTERN_TYPE_APACHE_ANT
                    /login.*=ROLE_ANONYMOUS,ROLE_CONFIRMED
                    /**=ROLE_CONFIRMED
                </value>
            </property>
        </bean>

    </beans>

    Any help you can provide would be greatly appreciated. Thanks!

  • #2
    Figured it out! I just had to set forceEagerSessionCreation to true:

    PHP Code:
    <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
            <
    property name="forceEagerSessionCreation">
                <
    value>1</value>
            </
    property>
        </
    bean

    See explaination here:
    http://opensource.atlassian.com/proj...browse/SEC-183

    Comment

    Working...
    X