Announcement Announcement Module
Collapse
No announcement yet.
Session Timeout..does not redirects to login page. Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Session Timeout..does not redirects to login page.

    Hi..
    I new to Acegi Security. The problem i am facing is when I have successfully logged in to my system with "Remember Me" check box on.. & after navigating to some pages if I wait for some time i.e., till session time out & click on any links to navigate somewhere I get exception due to session values are null.. it is expected that it should navigate to login page...
    where might i be going wrong...Please help me out
    Following are the contents of my applicationContext-acegi.xml please check if i am missing some thing...

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
    <beans>
        
        <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
            <property name="filterInvocationDefinitionSource">
                <value>
                    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                    PATTERN_TYPE_APACHE_ANT
                    /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
                </value>
            </property>
        </bean>
        
        <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
        
        <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
            <constructor-arg value="/jsp/dashboard.jsf"/> <!-- URL redirected to after logout -->
            <constructor-arg>
                <list>
                    <ref bean="rememberMeServices"/>
                    <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
                </list>
            </constructor-arg>
        </bean>
        
        <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
            <property name="authenticationManager" ref="authenticationManager"/>
            <property name="authenticationFailureUrl" value="/accessDenied.jsf"/>
            <property name="defaultTargetUrl" value="/"/>
            <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
            <property name="rememberMeServices" ref="rememberMeServices"/>
        </bean>
        
        <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
        
        <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
            <property name="authenticationManager" ref="authenticationManager"/>
            <property name="rememberMeServices" ref="rememberMeServices"/>
        </bean>
        
        <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
            <property name="key" value="changeThis"/>
            <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
        </bean>
        
        <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
            <property name="authenticationEntryPoint">
                <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                    <property name="loginFormUrl" value="/login.jsf"/>
                    <property name="forceHttps" value="false"/>
                </bean>
            </property>
            <property name="accessDeniedHandler">
                <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
                    <property name="errorPage" value="/accessDenied.jsp"/>
                </bean>
            </property>
            <property name="createSessionAllowed" value="true"></property>
        </bean>
        
        <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
            <property name="authenticationManager" ref="authenticationManager"/>
            <property name="accessDecisionManager">
                <bean class="org.acegisecurity.vote.AffirmativeBased">
                    <property name="allowIfAllAbstainDecisions" value="false"/>
                    <property name="decisionVoters">
                        <list>
                            <bean class="org.acegisecurity.vote.RoleVoter"/>
                            <bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
                        </list>
                    </property>
                </bean>
            </property>
            <property name="objectDefinitionSource">
                <value>
                    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                    PATTERN_TYPE_APACHE_ANT
                    /admin/**=ROLE_ADMIN
                    /jsp/**=IS_AUTHENTICATED_REMEMBERED
                    /**=IS_AUTHENTICATED_ANONYMOUSLY
                </value>
            </property>
        </bean>
        
        <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
            <property name="userDetailsService" ref="jdbcDaoImpl"/>
            <property name="key" value="changeThis"/>
        </bean>
        
        <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
            <property name="providers">
                <list>
                    <ref local="daoAuthenticationProvider"/>
                    <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
                        <property name="key" value="changeThis"/>
                    </bean>
                    <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
                        <property name="key" value="changeThis"/>
                    </bean>
                </list>
            </property>
        </bean>
        
        <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
            <property name="userDetailsService" ref="jdbcDaoImpl"/>
            <property name="userCache">
                <bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
                    <property name="cache">
                        <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
                            <property name="cacheManager">
                                <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
                            </property>
                            <property name="cacheName" value="userCache"/>
                        </bean>
                    </property>
                </bean>
            </property>
        </bean>
        <!-- Commented by Amol Somani.  
        UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users 
        <bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
            <property name="userProperties">
                <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
                    <property name="location" value="/WEB-INF/user.properties"/>
                </bean>
            </property>
        </bean> -->
        
        <!--  JDBC Authentication (Added by Amol Somani) -->
        <bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
      		<property name="dataSource" ref="dataSource"/>
    		<property name="usersByUsernameQuery">
    			<value>SELECT loginname as username,password,enabled FROM users WHERE loginname = ?</value>
    		</property>
    		<property name="authoritiesByUsernameQuery">
    			<value>SELECT loginname as username, rolename FROM users u, userrole r WHERE u.loginname = ? and u.roleid=r.roleid</value>
    		</property>
    		<!--  <property name="passwordEncoder" ref="passwordEncoder"/> -->
    	</bean>
        <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
      		<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
    		<property name="url"><value>jdbc:mysql://192.168.100.123:3306/uc</value></property>
      		<property name="username"><value>root</value></property>
     	 	<property name="password"><value>root</value></property>
    	</bean>
        <!-- End -->
        
        <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
        <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
        
    </beans>

    Thanks,
    Amol.

  • #2
    Please help me out....

    Thanks,
    Amol.

    Comment

    Working...
    X