Announcement Announcement Module
Collapse
No announcement yet.
"random" ConcurrentLoginException Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • "random" ConcurrentLoginException

    Hi, we've a production's application working weird sometimes. I didn't build the application and I don't know how Spring is working, but I have to make it work.

    The application was built on Java 1.5.0, Tomcat 5.5.20 under Solaris 10, two Apaches in round robin running on Windows to attend requests towards Tomcat, and LDAP as the security background platform. There are almost 300 users, and it was configured with the concurrent-session-control max-sessions="1" attribute. The session's expiration time is 10.

    Normally the application is working ok, but "randomly" some users (no more than 10 in 6 months) began to report ConcurrentLoginException. They have always tried to login on different times (not simultaneously). They try to log in and get the reported error, they wait for 30 minutes, reset the computer, log in in other computer, use another browser, but the trouble still happens. They can only log in after rebooting Tomcat or changing the password in LDAP.

    Here is the applicationContext-security.xml:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:security="http://www.springframework.org/schema/security"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
        
    
        <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
            <property name="location" value="/WEB-INF/classes/file.properties"/>
        </bean>
    
        <security:http auto-config="false" >
            <security:logout invalidate-session="true" logout-success-url="/index.jsp"/>
            <security:intercept-url pattern="/jsp/indexA.jsp" access="ROLE_G_USER_APLL" />
            <security:intercept-url pattern="/Apll/*" access="ROLE_G_USER_APLL"/>
            <security:form-login default-target-url="/jsp/indexA.jsp" login-page="/index.jsp" authentication-failure-url="/index.jsp?error=1"/>
            <security:anonymous />
    
           <security:concurrent-session-control
                max-sessions="1"
                expired-url="/index.jsp?error=2"
                exception-if-maximum-exceeded="true"/>
        </security:http>
        
    
        <security:ldap-server
            manager-dn="${ldap.manager-dn}"
            manager-password="${ldap.manager-password}"
            id="ldap_server"
            url="${ldap.url}"/>
        
        <security:ldap-authentication-provider
                server-ref="ldap_server"
                group-search-filter="${ldap.group-search-filter}"
                group-role-attribute="${ldap.group-role-attribute}"
                group-search-base="${ldap.group-search-base}"
                user-search-filter="${ldap.user-search-filter}"
                user-search-base="${ldap.user-search-base}">
                  
            <security:password-compare hash="plaintext"/>
        </security:ldap-authentication-provider>
        
        
        <bean id="contextSourceExtra" class="org.springframework.ldap.core.support.LdapContextSource">
            <property name="url" value="${ldap.url}"/>
            <property name="base" value="${ldap.user-search-base}" />
            <property name="userDn" value="${ldap.manager-dn}" />
            <property name="password" value="${ldap.manager-password}" />
        </bean>
        
        <bean id="ldapTemplateExtra" class="org.springframework.ldap.core.LdapTemplate">
            <constructor-arg ref="contextSourceExtra"/>
        </bean>
        
        <bean id="useratributeExtra" class="java.security.UserAtribute">
            <property name="ldapTemplate" ref="ldapTemplateExtra"/>
            <property name="url" value="${ldap.url}"/>
            <property name="userDn" value="${ldap.manager-dn}"/>
            <property name="password" value="${ldap.manager-password}"/>
        </bean>
        <bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
    </beans>
    Do you need any more info? Do you have any ideas about what can be wrong?

    Please provide all the help you may have on your hands.
Working...
X