HTTPSession « Security « Spring Q&A





1. JSESSION/HTTPSession vs. application-crafted session ID    stackoverflow.com

In a web application based on propraietery MVC and authorization model, we have recently migrated to Spring MVC. As part of that move, we are also looking at moving away from a ...

2. Spring Security Auto Login not Persisted in HttpSession    stackoverflow.com

The below code creates a Spring Authentication object that has the role_user associated as when I looked at the SecurityContext context = SecurityContextHolder.getContext(); at the very end it does have the ...

3. LogoutHandlers in Spring Security    stackoverflow.com

When are registered LogoutHandlers in Spring Security triggered? Only upon manual logout (obvious!) or also when the http session expires?

4. Spring security concurrent-session and HttpSessionListener problem    stackoverflow.com

I have implemented HttpSessionListener and it works fine except for the case when a logged in user concurrently logs in a second time. Spring terminates the first session correctly, but the ...

5. Is there a way to get a reference to the current HttpSession object statically from a spring security filter object?    stackoverflow.com

I have a JSF2 web application that uses Spring 3.0. I need a reference to the current HttpSession object from a class that is used in a Spring Security filter. I ...

6. Best way to retrieve Authentication given an HttpSession instance    forum.springsource.org

Best way to retrieve Authentication given an HttpSession instance I'm trying to implement an HttpSessionListener to do maintenance on my security context - specifically to save some logout information for reporting ...

7. Logging on HttpSession timeout, the time a user has been signed in    forum.springsource.org

Hello! We want to logg the signintime and signout time of our users. Also in case of a HttpSession timeout. Could someone give me some pointers on how I could implement ...

8. Authentication Object/HttpSession lost in CAS proxy mode    forum.springsource.org

Authentication Object/HttpSession lost in CAS proxy mode Hello, I have an issue with a web app (let's call it A) protected by acegi (1.0.0-RC2) ans CAS authentication manager. This web app ...

9. After Authentication Infinite Redirect to HttpSession URL    forum.springsource.org

Hi All, I am building a webapp based on ADF-Spring-Toplink stack. I have been able to successfully secure the application by setting up a DaoAuthentication Provider but the only problem I ...





10. Dynamically inject a user's httpsession via AOP (for audit columns)    forum.springsource.org

Dynamically inject a user's httpsession via AOP (for audit columns) I have a situation with about 50 model objects and each one has 4 audit columns/properties, 2 of which have data ...

11. j_acegi_logout and HttpSession Invalidation    forum.springsource.org

j_acegi_logout and HttpSession Invalidation Hi, when a user logs out, I have them click on a link to ../j_acegi_logout, no redirect, forwarding, or form submission, just a straight anchor tag. It ...

12. SSL with load balancer has 'HttpSession is null' loop    forum.springsource.org

Apr 17th, 2007, 04:39 PM #1 iksrazal View Profile View Forum Posts Private Message Member Join Date May 2005 Location Fortaleza, brazil Posts 67 SSL with load balancer has 'HttpSession is ...

13. problem:HttpSession returned null object for ACEGI_SECURITY_CONTEXT    forum.springsource.org

problem:HttpSession returned null object for ACEGI_SECURITY_CONTEXT Hi, I have been spent more than one week for trying using Acegi as client for CAS. The problem is always that the Acegi client ...

14. Customer MessageSource access to HttpSession?    forum.springsource.org

Hello group, I'm unable to figure out how to access the HttpSession from my custom MessageSource. Any suggestions? My custom MessageSource will get different messages (for the same code) based on ...

15. Acegi without HttpSession    forum.springsource.org

As described in the Javadoc, HttpSessionContextIntegrationFilter can be configured concerning session creation. Have a look at the "allowSessionCreation" property. As far as I am aware of, this should not influence authentication/ ...

16. how we set the attribute of HttpSession in acegi security    forum.springsource.org

how we set the attribute of HttpSession in acegi security hello, i successfully implement the acegi security in our project but i want to know how we maintain session variable through ...





17. How to make User object available in HttpSession    forum.springsource.org

Hi All, I need some help in making the User object in http session. I want to maintain the User object through out the http session till user logs out from ...

18. Access HTTPSession from spring-ws framework    forum.springsource.org

Hi, exuse me for my English. It is not my mother tongue. We use SoapActionEndpointMapping to manage soap requests from client. All our endpoints extends AbstractDom4jPayloadEndpoint class. To generate response we ...

19. HttpSession Management using Spring Security 2.0.2    forum.springsource.org

HttpSession Management using Spring Security 2.0.2 With the introduction of Spring Security 2.0.2 we are revisiting the way we coded Session Management i.e. We retrieve the user credentials from the database ...

20. HttpSession and Spring Security    forum.springsource.org

HttpSession and Spring Security The thing that discourages me is that when the server (Tomcat) is restarted or simple session timeout occurs - the SecurityContextHolder isn't "killed" and the principal is ...

21. HttpSession returned null object for SPRING_SECURITY_CONTEXT    forum.springsource.org

HttpSession returned null object for SPRING_SECURITY_CONTEXT I'm trying to port an Acegi config to the Spring Security Namespace configuration but I'm missing something in my configuration. All I want to do ...

22. Trying to access HttpSession attributes in DaoAuthenticationProvider    forum.springsource.org

hi , In our application we need a customized authentication mechanism . For that i have written a class CustomDaoAuthenticationProvider which extends org.springframework.security.providers.dao.DaoAuth enticationProvider and overrides protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken ...

23. Spring security HttpSession    forum.springsource.org

Spring security HttpSession Hi, I have a web-application with custom authentication / authorization. I want to use spring-security. I have following queries. Currently all user requests are intercepted by a ServletFilter ...

24. HttpSession Access in FilterChain    forum.springsource.org

HttpSession Access in FilterChain Hi I have my own filter at the end in the filter chain, in that I am trying to get HttpSession Object but it is returning 'null' ...

25. How to access HttpSession & HttpServletRequest from annotated controller?    forum.springsource.org

What is the best way to manage sessions for user authentication, ideally in a clustered environment, using Spring MVC? I thought of creating a login bean that creates a jsession for ...

26. HttpSession not to be used with Spring Security for storing values??    forum.springsource.org

HttpSession not to be used with Spring Security for storing values?? Hi everybody, I got a very simple question. I have scoured the internet but have not come up with anything ...