Concurrent Authentication problem with intercept-url

Dear,

I'm using the Intercept-url tag from Spring Security to control the access of my Admin page.
It works like a charm but I have a problem in one situation.
If I log in as an ADMIN, my admin page link is visible. When I click on it, I access the admin page.
If I log in as an USER, my admin page link is not visible. If I try to access it trought the URL /admin.html, i'm redirected to the "access denied page".

However, if I'm logged in as an ADMIN and then disconnect trought the disconnect button (And I do NOT close the browser), when I log in as an USER the admin page link is still not visible but when i try to access it trought the url /admin.html, it works and i'm authentified as an admin.. If I click on another link, I'm again logged in as an user..

Pretty weird, I don't understand.
Here are my files :

applicationContext-security.xml

UserDetailsServiceImpl :

@Transactional (readOnly=true, propagation=Propagation.REQUIRED)
public class UserDetailsServiceImpl extends GenericManagerImpl<Identification,String> implements UserDetailsService{
	
	@Autowired
	@Qualifier("genericManager")
	private GenericManager<Identification,String> userManager;
	
	@Override
	public UserDetails loadUserByUsername(String login)
			throws UsernameNotFoundException, DataAccessException {
		login = login.toUpperCase();
		Identification user = null;
		try{
			userManager.loadClass(Identification.class);
			user = userManager.getObjById(login);
			
			if(user==null)
				throw new UsernameNotFoundException(
						"User '" + login + "' could not be found."
				);
		}catch(ObjectRetrievalFailureException orfe){
			throw new UsernameNotFoundException(
					"User '" + login + "' could not be found."
			);
		}
		Set<Role> roles = user.getRoles();
		GrantedAuthority[] arrayAuths = new GrantedAuthority[roles.size()];
		int index = 0;
		for(Role role : roles)
			arrayAuths[index++] = new GrantedAuthorityImpl(role.getRoleName());
		return new User(login, user.getIdentPassword(), (user.getUtilisateur().getUActif()==1)?true:false, true, true, true, arrayAuths);
	}

public void setGenericManager(GenericManager<Identification,String> manag)
	{
		this.userManager=manag;
	}
}

If you need anything else, tell me

Thanks a lot for your help guys

Hi, what you have mentioned is definitely weird. So let me ask you from the basic, have you repeated the mentioned problem scenario for 3-4 times& received the same behavior again & again also are you pretty sure this is happening when you access using the admin credentials (just a little bit doubtful, you know the saying to err is human) .

, Do let me know more about your observation on the same.
Regards

Mudassar Hakim wrote:Hi, what you have mentioned is definitely weird. So let me ask you from the basic, have you repeated the mentioned problem scenario for 3-4 times& received the same behavior again & again also are you pretty sure this is happening when you access using the admin credentials (just a little bit doubtful, you know the saying to err is human) . , Do let me know more about your observation on the same.
Regards

Dear,
I repeated it x times, always the same issue. However, as my AdminController, I was using an AbstractController and now I'm using a SimpleFormController.
Don't ask me why, but now, the USER can't access the admin page anymore.. But I have the opposite scenario, When the User disconnects, If I log in as an ADMIN and then access the Admin page trought the URL, I have access denied.. If i used the admin link, I'm granted to access the page.
So the problem is in the cache i guess...