Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Knute Snortum
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Piet Souris
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

Spring : how to redirect to login page on session timeout

 
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am pretty new to spring, have set session timeout of 1 minute in the web.xml.

I need to display the login page once session is timed out and user clicks any link in the application.

Is there any framework or configuration in spring that allows for this funtionality?

Regards,
Joshua
 
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You have to add the HttpSessionContextIntegrationFilter (or another implementation) to the filterChainProxy in your spring security configuration.

In your authenticationEntryPoint you define the form (URL) where it should be redirected in case of an exception.

I think the new spring security is very easy to configure I'm still using the 1.5 spring and it worth looking into the new one I think.
 
ranger
Posts: 17344
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes in the latest Spring version, you don't have to define all those Filters. You just use auto-config="true"

So you will just need to define a login-page in your config file.

Here is an example



notice the <form-login> tag to define the login page. The <intercept-url> tags are to set patterns to secure. So in the first line, it really is just saying don't add the filters to the login page, as we don't want that secured. the second line says, only ROLE_USER members will see all the other pages of the web app.

Mark
 
Joshua Antony
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I tried using


But after the session expires and I click on any link within the application, the same page gets displayed.
What could be the reason, am I missing something very silly?

Regards,
Joshua
 
Joshua Antony
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I found out the issue, actually I was using old acegi jar.

Thanks Tomas and Mark for sharing your knowledge

Regards,
Joshua
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!