Greenhorn
- Spring security session timeout redirect. Control the Session with Spring Security, This control ranges from a session timeout to enabling concurrent sessions and other advanced security configs. Further reading: Retrieve User In order to set timeout for spring security you can put this in your web.xml: session-config session-timeout 1440
- In order to set timeout for spring security you can put this in your web.xml: session-config session-timeout 1440
Spring Security Redirect After Session Timeout
JSF 2, Spring Security 3.x and Richfaces 4 redirect to login page on session time out for ajax requests. Since you use Spring Security 3.0.x, you can use custom sessionManagementFilter as described here. Anwar tamil movie. The class com.icesoft.spring.security.JsfRedirectStrategy is available here. Mario maker cemu download. If you are using Spring Security 3.1.x make these changes.
posted 9 years agoSpring Security Session Time Out Redirect Tool
I am pretty new to spring, have set session timeout of 1 minute in the web.xml.
I need to display the login page once session is timed out and user clicks any link in the application.
there is my configuration:
web.xml
<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/j_spring_security_logout</url-pattern> <url-pattern>/*</url-pattern> </filter-mapping>
applicationContext-security.xml
<security:authentication-manager alias='authenticationManager' /> <security:authentication-provider user-service-ref='userDetailsService'> <security:password-encoder ref='passwordEncoder' /> </security:authentication-provider> <security:http entry-point-ref='entryPoint' auto-config='false' access-denied-page='/jsp/general/authentification.jsp'> <security:anonymous granted-authority='ROLE_GUEST'/> <security:intercept-url pattern='/jsp/general/authentification.jsp*' filters='none' /> <security:intercept-url pattern='/**' access='ROLE_ADMIN,ROLE_CHEF_DE_PROEJT,ROLE_RECETTEUR,ROLE_CORRECTEUR,ROLE_CONSULTANT,ROLE_GUEST' /> <security:concurrent-session-control max-sessions='1' exception-if-maximum-exceeded='false' expired-url='/jsp/general/authentification.jsp' /> <security:logout logout-url='/j_spring_security_logout' invalidate-session='true' logout-success-url='/jsp/general/authentification.jsp?loggedout=true' /> </security:http> <beans:bean> <security:custom-filter position='AUTHENTICATION_PROCESSING_FILTER' /> <beans:property name='defaultTargetUrl' value='/jsp/general/connexion.jsp'/> <beans:property name='authenticationFailureUrl' value='/jsp/general/authentification.jsp'/> <beans:property name='authenticationManager' ref='authenticationManager'/> <beans:property name='alwaysUseDefaultTargetUrl' value='true'/> <beans:property name='filterProcessesUrl' value='/j_spring_security_check' /> <beans:property name='userDetailsServiceImpl' ref='userDetailsService'/> </beans:bean> <beans:bean> <beans:property name='loginFormUrl' value='/jsp/general/authentification.jsp'/> </beans:bean>
My filter :
package com.advaltis.act.action; import java.io.File; import java.io.FileInputStream; import java.io.InputStream; import java.io.IOException; import java.util.HashMap; import java.util.Map; import java.util.Properties; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.springframework.security.AccountExpiredException; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.BadCredentialsException; import org.springframework.security.DisabledException; import org.springframework.security.ui.webapp.AuthenticationProcessingFilter; import com.advaltis.act.services.UserDetailsServiceImpl; import com.advaltis.act.utils.Constantes; /** * Cette classe gere les message d'erreur d'authentification dans le cas d'authentification correcte et erronée * @author user * */ public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter implements Constantes{ Properties props = new Properties(); Logger logger = Logger.getLogger(this.getClass()); private UserDetailsServiceImpl userDetailsServiceImpl; public void setUserDetailsServiceImpl(UserDetailsServiceImpl userDetailsServiceImpl) { this.userDetailsServiceImpl = userDetailsServiceImpl; } public UserDetailsServiceImpl getUserDetailsServiceImpl() { return userDetailsServiceImpl; } /** * Methode pour les messages d'erreur en cas d'authentification erronée */ @Override protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException { init(request); String username=request.getParameter('j_username'); if(failed instanceof BadCredentialsException){ int compteur; Map<String, Integer> map=(Map<String, Integer>) request.getSession().getAttribute('mapUsers'); if(map null){ request.getSession().setAttribute('mapUsers', new HashMap<String,Integer>()); request.getSession().setAttribute('erreur',props.getProperty(BADCREDENTIAL)); request.getSession().setAttribute('expire', '); request.getSession().setAttribute('desactive', '); }else{ Integer cpt = map.get(username); if(cpt null){ map.put(username, 1); request.getSession().setAttribute('erreur', props.getProperty(BADCREDENTIAL)); request.getSession().setAttribute('expire', '); request.getSession().setAttribute('desactive', '); }else{ if(cpt 1){ userDetailsServiceImpl.DesactiverCompte(username); request.getSession().setAttribute('desactive', 'desactive'); request.getSession().setAttribute('erreur', '); request.getSession().setAttribute('expire', '); } } } }else if(failed instanceof AccountExpiredException){ request.getSession().setAttribute('expire', props.getProperty(EXPIRE)); request.getSession().setAttribute('erreur', '); request.getSession().setAttribute('desactive', '); }else if (failed instanceof DisabledException){ request.getSession().setAttribute('desactive', props.getProperty(DESACTIVE)); request.getSession().setAttribute('erreur', '); request.getSession().setAttribute('expire', '); } super.onUnsuccessfulAuthentication(request, response, failed); } /** * Methode pour les messages d'erreur en cas d'authentification correcte */ protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException { init(request); boolean alertPassword = userDetailsServiceImpl.isModiferPassword(); String password=request.getParameter('j_password'); if (alertPassword){ request.getSession().setAttribute('pwdexpire', '1'); }else{ request.getSession().setAttribute('pwdexpire', '0'); } } /** * charge le fichier I18N pour affichage des messages d'erreur. * @param request * @throws Exception */ private synchronized void init(HttpServletRequest request) { try{ logger.debug(request.getLocale().getLanguage()); String realPath = request.getServletContext().getRealPath('/WEB-INF/classes/properties/act_' + request.getLocale().getLanguage() + '.properties'); props.load(new FileInputStream(realPath)); }catch(Exception e){ logger.fatal('file act_'+request.getLocale().getLanguage()+'.properties not found'); logger.fatal(e.getMessage()); } } }
Is there any framework or configuration in spring that allows for this funtionality?
Regards,
I need to display the login page once session is timed out and user clicks any link in the application.
there is my configuration:
web.xml
<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/j_spring_security_logout</url-pattern> <url-pattern>/*</url-pattern> </filter-mapping>
applicationContext-security.xml
<security:authentication-manager alias='authenticationManager' /> <security:authentication-provider user-service-ref='userDetailsService'> <security:password-encoder ref='passwordEncoder' /> </security:authentication-provider> <security:http entry-point-ref='entryPoint' auto-config='false' access-denied-page='/jsp/general/authentification.jsp'> <security:anonymous granted-authority='ROLE_GUEST'/> <security:intercept-url pattern='/jsp/general/authentification.jsp*' filters='none' /> <security:intercept-url pattern='/**' access='ROLE_ADMIN,ROLE_CHEF_DE_PROEJT,ROLE_RECETTEUR,ROLE_CORRECTEUR,ROLE_CONSULTANT,ROLE_GUEST' /> <security:concurrent-session-control max-sessions='1' exception-if-maximum-exceeded='false' expired-url='/jsp/general/authentification.jsp' /> <security:logout logout-url='/j_spring_security_logout' invalidate-session='true' logout-success-url='/jsp/general/authentification.jsp?loggedout=true' /> </security:http> <beans:bean> <security:custom-filter position='AUTHENTICATION_PROCESSING_FILTER' /> <beans:property name='defaultTargetUrl' value='/jsp/general/connexion.jsp'/> <beans:property name='authenticationFailureUrl' value='/jsp/general/authentification.jsp'/> <beans:property name='authenticationManager' ref='authenticationManager'/> <beans:property name='alwaysUseDefaultTargetUrl' value='true'/> <beans:property name='filterProcessesUrl' value='/j_spring_security_check' /> <beans:property name='userDetailsServiceImpl' ref='userDetailsService'/> </beans:bean> <beans:bean> <beans:property name='loginFormUrl' value='/jsp/general/authentification.jsp'/> </beans:bean>
My filter :
package com.advaltis.act.action; import java.io.File; import java.io.FileInputStream; import java.io.InputStream; import java.io.IOException; import java.util.HashMap; import java.util.Map; import java.util.Properties; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.springframework.security.AccountExpiredException; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.BadCredentialsException; import org.springframework.security.DisabledException; import org.springframework.security.ui.webapp.AuthenticationProcessingFilter; import com.advaltis.act.services.UserDetailsServiceImpl; import com.advaltis.act.utils.Constantes; /** * Cette classe gere les message d'erreur d'authentification dans le cas d'authentification correcte et erronée * @author user * */ public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter implements Constantes{ Properties props = new Properties(); Logger logger = Logger.getLogger(this.getClass()); private UserDetailsServiceImpl userDetailsServiceImpl; public void setUserDetailsServiceImpl(UserDetailsServiceImpl userDetailsServiceImpl) { this.userDetailsServiceImpl = userDetailsServiceImpl; } public UserDetailsServiceImpl getUserDetailsServiceImpl() { return userDetailsServiceImpl; } /** * Methode pour les messages d'erreur en cas d'authentification erronée */ @Override protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException { init(request); String username=request.getParameter('j_username'); if(failed instanceof BadCredentialsException){ int compteur; Map<String, Integer> map=(Map<String, Integer>) request.getSession().getAttribute('mapUsers'); if(map null){ request.getSession().setAttribute('mapUsers', new HashMap<String,Integer>()); request.getSession().setAttribute('erreur',props.getProperty(BADCREDENTIAL)); request.getSession().setAttribute('expire', '); request.getSession().setAttribute('desactive', '); }else{ Integer cpt = map.get(username); if(cpt null){ map.put(username, 1); request.getSession().setAttribute('erreur', props.getProperty(BADCREDENTIAL)); request.getSession().setAttribute('expire', '); request.getSession().setAttribute('desactive', '); }else{ if(cpt 1){ userDetailsServiceImpl.DesactiverCompte(username); request.getSession().setAttribute('desactive', 'desactive'); request.getSession().setAttribute('erreur', '); request.getSession().setAttribute('expire', '); } } } }else if(failed instanceof AccountExpiredException){ request.getSession().setAttribute('expire', props.getProperty(EXPIRE)); request.getSession().setAttribute('erreur', '); request.getSession().setAttribute('desactive', '); }else if (failed instanceof DisabledException){ request.getSession().setAttribute('desactive', props.getProperty(DESACTIVE)); request.getSession().setAttribute('erreur', '); request.getSession().setAttribute('expire', '); } super.onUnsuccessfulAuthentication(request, response, failed); } /** * Methode pour les messages d'erreur en cas d'authentification correcte */ protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException { init(request); boolean alertPassword = userDetailsServiceImpl.isModiferPassword(); String password=request.getParameter('j_password'); if (alertPassword){ request.getSession().setAttribute('pwdexpire', '1'); }else{ request.getSession().setAttribute('pwdexpire', '0'); } } /** * charge le fichier I18N pour affichage des messages d'erreur. * @param request * @throws Exception */ private synchronized void init(HttpServletRequest request) { try{ logger.debug(request.getLocale().getLanguage()); String realPath = request.getServletContext().getRealPath('/WEB-INF/classes/properties/act_' + request.getLocale().getLanguage() + '.properties'); props.load(new FileInputStream(realPath)); }catch(Exception e){ logger.fatal('file act_'+request.getLocale().getLanguage()+'.properties not found'); logger.fatal(e.getMessage()); } } }
Is there any framework or configuration in spring that allows for this funtionality?
Regards,
