Announcement Announcement Module
Collapse
No announcement yet.
ConcurrentLoginException so weird Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ConcurrentLoginException so weird

    Hi, we've a production's application working weird sometimes. I didn't build the application and I don't know how Spring is working, but I have to make it work.

    The application was built on Java 1.5.0, Tomcat 5.5.20 under Solaris 10, two Apaches in round robin running on Windows to attend requests towards Tomcat, and LDAP as the security background platform. There are almost 300 users, and it was configured with the concurrent-session-control max-sessions="1" attribute. The session's expiration time is 10.

    Normally the application is working ok, but "randomly" some users (no more than 10 in 6 months) began to report ConcurrentLoginException. They have always tried to login on different times (not simultaneously). They try to log in and get the reported error, they wait for 30 minutes, reset the computer, log in in other computer, use another browser, but the trouble still happens. They can only log in after rebooting Tomcat.

    Here is the applicationContext-security.xml:

    PHP Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:security="http://www.springframework.org/schema/security"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
        

        <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
            <property name="location" value="/WEB-INF/classes/file.properties"/>
        </bean> 

        <security:http auto-config="false" >
            <security:logout invalidate-session="true" logout-success-url="/index.jsp"/>
            <security:intercept-url pattern="/jsp/indexA.jsp" access="ROLE_G_USER_APLL" />
            <security:intercept-url pattern="/Apll/*" access="ROLE_G_USER_APLL"/>
            <security:form-login default-target-url="/jsp/indexA.jsp" login-page="/index.jsp" authentication-failure-url="/index.jsp?error=1"/>
            <security:anonymous />

           <security:concurrent-session-control
                max-sessions="1"
                expired-url="/index.jsp?error=2"
                exception-if-maximum-exceeded="true"/>
        </security:http>
        

        <security:ldap-server 
            manager-dn="${ldap.manager-dn}"
            manager-password="${ldap.manager-password}"
            id="ldap_server" 
            url="${ldap.url}"/>
        
        <security:ldap-authentication-provider
                server-ref="ldap_server"
                group-search-filter="${ldap.group-search-filter}"
                group-role-attribute="${ldap.group-role-attribute}"
                group-search-base="${ldap.group-search-base}"
                user-search-filter="${ldap.user-search-filter}"
                user-search-base="${ldap.user-search-base}">
                  
            <security:password-compare hash="plaintext"/>
        </security:ldap-authentication-provider>
        
        
        <bean id="contextSourceExtra" class="org.springframework.ldap.core.support.LdapContextSource">
            <property name="url" value="${ldap.url}"/>
            <property name="base" value="${ldap.user-search-base}" />
            <property name="userDn" value="${ldap.manager-dn}" />
            <property name="password" value="${ldap.manager-password}" />
        </bean> 
        
        <bean id="ldapTemplateExtra" class="org.springframework.ldap.core.LdapTemplate">
            <constructor-arg ref="contextSourceExtra"/>
        </bean> 
        
        <bean id="useratributeExtra" class="java.security.UserAtribute">
            <property name="ldapTemplate" ref="ldapTemplateExtra"/>
            <property name="url" value="${ldap.url}"/>
            <property name="userDn" value="${ldap.manager-dn}"/>
            <property name="password" value="${ldap.manager-password}"/>
        </bean> 
        <bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
    </beans>

    Do you need any more info? Do you have any ideas about what can be wrong?

    Please provide all the help you may have on your hands.
    Last edited by bot538; Jun 12th, 2009, 02:48 PM. Reason: adding more details...
Working...
X