my dog learned polymorphism*
The moose likes Spring and the fly likes Concurrent Authentication problem with intercept-url Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Concurrent Authentication problem with intercept-url" Watch "Concurrent Authentication problem with intercept-url" New topic
Author

Concurrent Authentication problem with intercept-url

Michael Houlo
Ranch Hand

Joined: Jun 07, 2010
Posts: 58
Dear,

I'm using the Intercept-url tag from Spring Security to control the access of my Admin page.
It works like a charm but I have a problem in one situation.
If I log in as an ADMIN, my admin page link is visible. When I click on it, I access the admin page.
If I log in as an USER, my admin page link is not visible. If I try to access it trought the URL /admin.html, i'm redirected to the "access denied page".

However, if I'm logged in as an ADMIN and then disconnect trought the disconnect button (And I do NOT close the browser), when I log in as an USER the admin page link is still not visible but when i try to access it trought the url /admin.html, it works and i'm authentified as an admin.. If I click on another link, I'm again logged in as an user..

Pretty weird, I don't understand.
Here are my files :

applicationContext-security.xml


UserDetailsServiceImpl :


If you need anything else, tell me
Thanks a lot for your help guys
Mudassar Hakim
Greenhorn

Joined: Jul 04, 2010
Posts: 25
Hi, what you have mentioned is definitely weird. So let me ask you from the basic, have you repeated the mentioned problem scenario for 3-4 times& received the same behavior again & again also are you pretty sure this is happening when you access using the admin credentials (just a little bit doubtful, you know the saying to err is human) . , Do let me know more about your observation on the same.
Regards


Mudassar Hakim, hakim_mudassar@rediffmail.com
SCJP, SCWCD
Michael Houlo
Ranch Hand

Joined: Jun 07, 2010
Posts: 58
Mudassar Hakim wrote:Hi, what you have mentioned is definitely weird. So let me ask you from the basic, have you repeated the mentioned problem scenario for 3-4 times& received the same behavior again & again also are you pretty sure this is happening when you access using the admin credentials (just a little bit doubtful, you know the saying to err is human) . , Do let me know more about your observation on the same.
Regards


Dear,
I repeated it x times, always the same issue. However, as my AdminController, I was using an AbstractController and now I'm using a SimpleFormController.
Don't ask me why, but now, the USER can't access the admin page anymore.. But I have the opposite scenario, When the User disconnects, If I log in as an ADMIN and then access the Admin page trought the URL, I have access denied.. If i used the admin link, I'm granted to access the page.
So the problem is in the cache i guess...
 
 
subject: Concurrent Authentication problem with intercept-url
 
Similar Threads
Spring Security: Authorization with out Authentication
Spring Security 3 - cant't access secured page
Spring Security Logout not working
Spring Security 3: Salting password issue
No Hibernate Session bound to thread, and configuration does not allow creation of non-transactional