Session management is not working in spring security -

-

my spring-security.xml:

<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans"     xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"      xmlns:security="http://www.springframework.org/schema/security"     xmlns:p="http://www.springframework.org/schema/p"      xsi:schemalocation="http://www.springframework.org/schema/beans              http://www.springframework.org/schema/beans/spring-beans-3.0.xsd             http://www.springframework.org/schema/security               http://www.springframework.org/schema/security/spring-security-3.0.xsd">      <!-- configure spring-security  -->      <security:global-method-security pre-post-annotations="enabled" />     <!-- <security:global-method-security secured-annotations="enabled" /> -->      <security:http auto-config="false" use-expressions="true" access-denied-page="/access-deniad"              entry-point-ref="authenticationentrypoint">         <security:intercept-url pattern="/retailenterprisesuite/login.do" access="permitall"  requires-channel="https" />         <security:intercept-url pattern="/admin" access="hasrole('role_admin')" requires-channel="https"/>         <!-- <security:intercept-url pattern="/common" access="hasrole('role_user')"/> -->         <security:intercept-url pattern="/users" access="hasrole('role_user')"/>         <security:intercept-url pattern="/*" access="permitall" requires-channel="any"/>          <security:logout                  invalidate-session="true"                  logout-success-url="/login.html"                  logout-url=""/>          <!--              querying sessionregistry authenticated users , sessions             http://static.springsource.org/spring-security/site/docs/3.1.x/reference/session-mgmt.html#list-authenticated-principals          -->         <security:custom-filter ref="authenticationfilter" position="form_login_filter"/>         <security:custom-filter ref="concurrencyfilter" position="concurrent_session_filter"/>         <security:custom-filter ref="singleentryfilter" after="form_login_filter"/>         <security:session-management session-authentication-strategy-ref="sas"/>     </security:http>        <bean id="singleentryfilter" class="com.stc.res.filter.singleentryfilter"              p:redirecturi="/login.html">             <property name="guarduri">                 <list>                     <!-- <value>/index.html</value> -->                     <value>/index.html</value>                     <!-- <value>/index.html</value>                     <value>/index.html</value>                     <value>/index.html</value>                     <value>/index.html</value> -->                 </list>             </property>     </bean>     <bean id="authenticationfilter" class="org.springframework.security.web.authentication.usernamepasswordauthenticationfilter"         p:sessionauthenticationstrategy-ref="sas"         p:authenticationmanager-ref="authenticationmanager"          p:authenticationfailurehandler-ref="customauthenticationfailurehandler"         p:authenticationsuccesshandler-ref="customauthenticationsuccesshandler"/>      <!-- need set default failure url here -->     <bean id="customauthenticationfailurehandler" class="org.springframework.security.web.authentication.simpleurlauthenticationfailurehandler"         p:defaultfailureurl="/loginfailed" />       <!-- need set default target url here -->       <bean id= "customauthenticationsuccesshandler"  class="org.springframework.security.web.authentication.simpleurlauthenticationsuccesshandler">         <property name="redirectstrategy" ref="customsuccessredirstrategy" />      </bean>     <!-- <bean id="customauthenticationsuccesshandler" class="org.springframework.security.web.authentication.simpleurlauthenticationsuccesshandler"          p:redirectstrategy-ref="customsuccessredirstrategy" /> -->      <bean id= "customsuccessredirstrategy"  class=" com.stc.res.customeredirection.customsuccessredirection"> </bean>           <!-- authenticationentrypoint responsible redirecting user particular page, login page,             whenever server sends response requiring authentication -->     <!-- see spring-security reference 5.4.1 more info -->     <bean id="authenticationentrypoint"  class="org.springframework.security.web.authentication.loginurlauthenticationentrypoint"         p:loginformurl="/login.html"/>      <!-- declare authentication-manager use custom userdetailsservice -->     <!-- it's important set alias here because it's used authenticationfilter -->     <security:authentication-manager alias="authenticationmanager">        <security:authentication-provider user-service-ref="userservice">         <security:password-encoder ref="passwordencoder">                   <security:salt-source ref="saltsource"/>         </security:password-encoder>         </security:authentication-provider>          <security:authentication-provider user-service-ref="jdbcuserservice"/>      </security:authentication-manager>      <bean id="userservice"  class="com.stc.res.service.userloginservice" >         <property name="usrlogindao" ref="userlogindao"/>     </bean>       <bean id="userlogindao" class = "com.stc.res.dao.userlogindao" />      <bean id="jdbcuserservice" class="com.stc.res.service.jdbcuserservice">         <property name="customjdbcdao" ref="custjdbcdao"/>     </bean>      <bean id="custjdbcdao"  class= "com.stc.res.dao.customjdbcdaoimpl">         <property name="datasource" ref="datasource"/>     </bean>       <bean id="jdbcadminuserservice" class="com.stc.res.controller.jdbcadminuserservice">         <property name="datasource" ref="datasource"/>         <property name="authenticationmanager" ref="authenticationmanager"/>     </bean>       <!-- use sha  encoder since user's passwords stored md5 in database -->     <bean class="org.springframework.security.authentication.encoding.shapasswordencoder" id="passwordencoder"/>     <bean class="org.springframework.security.authentication.dao.reflectionsaltsource" id="saltsource">             <property name="userpropertytouse" value="username"/>     </bean>      <!-- <security:bean id="remembermeservices" class="org.springframework.security.ui.rememberme.persistenttokenbasedremembermeservices">          <property name="tokenrepository" ref="jdbctokenrepository" />          <property name="userdetailsservice" ref="userservice" />          <property name="key" value="springrocks" />          <property name="alwaysremember" value="false" />     </security:bean>     uses database table maintain set of persistent login data      <security:bean id="jdbctokenrepository" class="org.springframework.security.ui.rememberme.jdbctokenrepositoryimpl">          <property name="createtableonstartup" value="false" />          <property name="datasource" ref="datasource" />      </security:bean>     -->        <!-- in-memory list of users. no need access external database layer.             see spring security 3.1 reference 5.2.1 in-memory authentication -->      <!-- john's password admin, while jane;s password user  -->        <!-- filter required concurrent session handling package              concurrentsessionfilter requires 2 properties, sessionregistry, points              instance of sessionregistryimpl, , expiredurl, points page display when session has expired.             see: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/session-mgmt.html#list-authenticated-principals -->     <bean id="concurrencyfilter" class="org.springframework.security.web.session.concurrentsessionfilter"             p:sessionregistry-ref="sessionregistry"              p:expiredurl="/login.html" />      <!--  defines concrete concurrent control strategy               checks whether user in question should allowed proceed, comparing number of               sessions have active configured maximumsessions value. sessionregistry               used source of data on authenticated users , session data.              see: http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/authentication/session/concurrentsessioncontrolstrategy.html-->     <bean id="sas" class="org.springframework.security.web.authentication.session.concurrentsessioncontrolstrategy"             p:maximumsessions="1"  error-if-maximum-exceeded="true" >             <constructor-arg name="sessionregistry" ref="sessionregistry" />     </bean>      <!-- maintains registry of sessioninformation instances            see: http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/session/sessionregistry.html -->     <bean id="sessionregistry" class="org.springframework.security.core.session.sessionregistryimpl" />   </beans>

and configured in web.xml:

<filter>     <filter-name>springsecurityfilterchain</filter-name>     <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class>   </filter>   <filter-mapping>     <filter-name>springsecurityfilterchain</filter-name>     <url-pattern>/*</url-pattern>     <dispatcher>request</dispatcher>     <dispatcher>error</dispatcher>   </filter-mapping>   <listener>     <listener-class>org.springframework.web.context.contextloaderlistener</listener-class>   </listener>   <filter>     <display-name>mycustomfilter</display-name>     <filter-name>mycustomfilter</filter-name>     <filter-class>com.stc.res.filter.mycustomfilter</filter-class>   </filter>   <filter-mapping>     <filter-name>mycustomfilter</filter-name>     <url-pattern>/mycustomfilter</url-pattern>   </filter-mapping>   listener>     <listener-class>     org.springframework.security.web.session.httpsessioneventpublisher     </listener-class>   </listener>

please let me know fault in code, , please guide me. new spring-security. user can login different browser, without logging out.

have tried snippet official documentation (preventing multiple logins):

<security:http ... >      ....      <security:session-management>         <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />     </security:session-management>         </security:http>

Comments

Post a Comment

Popular posts from this blog

sql - VB.NET Operand type clash: date is incompatible with int error -

-
i trying display records table named staffpresentee database using clause... i using visual studio 2010... the table design follows- .......fieldname..................datatype........allownull 1......staff_id (fk).............numeric(18,0)......yes 2.......date........................date.............no 3......present.....................char(1)..........yes note type of 2nd field date , not datetime... i want display records table have today's date int 'date' field... current query is- cmd = new sqlclient.sqlcommand("select * staffpresentee date=" & date.now.date, cn) dr = cmd.executereader for dr = cmd.executereader error "operand type clash: date incompatible int" i tried select * staffpresentee query without clause runs correctly. try putting date value in sigle quotes maybe. cmd = new sqlclient.sqlcommand("select * staffpresentee date='" & _
Read more

SVG stroke-linecap doesn't work for circles in Firefox? -

-
i've got problem svg stroke-linecap attribute. i've got circular progress bar in angularjs , set outer circle (blue one) have rounded "ends". @ fiddle . <svg ... height="130" width="130"> <!-- ngif: background --> <circle ... ng-if="background" fill="#fff" class="ng-scope" stroke-width="13" stroke="#cc3399" r="57.5" cy="65" cx="65" stroke-linecap="round" /> <!-- end ngif: background --> <circle ... fill="none" stroke-dashoffset="36.12831551628261" stroke-dasharray="361.28315516282623" stroke-width="13" stroke="#432db3" stroke-linecap="round" r="57.5" cy="65" cx="65" transform="rotate(-89.9, 65, 65)" /> </svg> how can that?
Read more

python - TypeError: Scalar value for argument 'color' is not numeric in openCV -

-
here code im = cv2.imread('luffy.jpg') gray = cv2.cvtcolor(im,cv2.color_bgr2gray) ret,thresh = cv2.threshold(gray,127,255,0) contours,h = cv2.findcontours(thresh,cv2.retr_tree,cv2.chain_approx_simple) cnt in contours: moment = cv2.moments(cnt) c_y = moment['m10']/(moment['m00']+0.01) c_x = moment['m01']/(moment['m00']+0.01) centroid_color = im[c_x,c_y] centroid_color = np.array((centroid_color[0],centroid_color[1],centroid_color[2])) print type(centroid_color) cv2.fillpoly(im,cnt,centroid_color) i getting error on last line try , pass centroid_color color argument. <type 'numpy.ndarray'> , have been able pass data type cv2.fillpoly color in other instances, not sure why having problem here. fillpoly() expects iterable, i.e. put cnt in brackets. believe duplicate of https://stackoverflow.com/a/17582850/5818240 . moreover, centroid color variable contains strings. need convert them i
Read more