session 1 « Security « Spring Q&A





1. How do I get the Session Object in Spring?    stackoverflow.com

I am relatively new to Spring and Spring security. I was attempting to write a program where I needed to authenticate a user at the server end using Spring security, I ...

2. How to manage a custom user object in session when Spring Security autheticates user?    stackoverflow.com

When Spring Security authenticates user, it creates a UserDetail object and it is available for finding current UserId in web-app. But let's say I want to keep a custom ...

3. spring limit max sessions ; limit max users    stackoverflow.com

may i know possible to use spring security to limit max number of users able to login to website at the same time? definately, not concurrent-session-control parameter. what i want ...

4. Spring Security session-management setting and IllegalStateException    stackoverflow.com

I'm trying to add <session-management> in my Spring Security namespace configuration so that I can provide a different message than the login page when the session times out. As soon ...

5. Spring MVC Session Attribute Access    stackoverflow.com

Is there any way under spring 3.0 to access the HttpSession without including it in the method signature? What I really want to do is be able to pass in values ...

6. Retrieving Session ID with Spring Security    stackoverflow.com

For logging purposes, I'd like to create a logger that automatically adds the current session's ID to logged lines.
For logged in users this isn't a problem:

((WebAuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails())
    ...

7. Spring Session User Info retrieval in Dao layer    stackoverflow.com

I have a web-application in java, spring framework, hibernate on tomcat, that has basically almost no security except the login and logout functionality (no spring security) I can access the user ...

8. Spring MVC security based on Session Attribute    stackoverflow.com

I am using a Security scheme that is based on session attributes. I know that Spring has Acegi Security but I dont have much time to study that module. I ...

9. Unable to make Spring 3 Session Concurency Control work    stackoverflow.com

Using Spring Security 3.1.0, I cannot seem to get the concurrent session control feature to work. When I log into my system at the same time using IE and FireFox (using ...





10. how to configure session time out in spring acegi framework?    stackoverflow.com

We are using acegi security for my spring application. Can you please help how to make user to session time out by 5 mins and go back to login screen? I tried to ...

11. Apache LoadBalancing, sticky session, and Spring security framework    stackoverflow.com

I have a public facing Apache 2.2 webserver that I've configured to proxy and balance requests to back-end web applications deployed on Tomcat 6.0. I am using Spring FW + Spring ...

12. How can I use Spring Security with a cluster with session replication to fail-over an authenticated user?    stackoverflow.com

If I am using Spring Security and application server clustering and have the http session being replicated, is it possible to have an authenticated user automatically fail-over to another node in ...

13. Invalidate spring security session    stackoverflow.com

i need to invalidate ( or kick ) user session. the application only limit user login only one user per container. i try to call removeSessionInformation from session registry, its done ...

14. User Session Management with Spring    stackoverflow.com

I am developing a flex java - spring web app and have set up the business logic using hibernate. I want to maintain sessions so that when the user logs in , ...

15. Spring security session expiration    stackoverflow.com

  1. What is the maximum time of user inactivity (session expiration time) when using spring security?
  2. When is session expiration date updated? Does it update when we call SecurityContextHolder.getContext().getAuthentication() ? I.e. what is ...

16. Setting session timeout period with Spring Security 3.0    stackoverflow.com

I am using Spring Security 3.0 to authenticate with an LDAP server and I cannot figure out to set my own session timeout period. I believe that the default is 30 ...





17. Is it possible to maintain different sessions (users) in different window tabs using Spring 2.5?    stackoverflow.com

We have a requirement where support for different users in different tabs of a browser window. How can we achieve this in Spring 2.5? The application is based on Users, where ...

18. Set an object in session automatically    stackoverflow.com

i'm developing a web application using spring mvc, spring security and hibernate. Is there any way to set an object in session with the user credentials automatically?? I mean, I have the ...

19. Session timeout on multiple tabs    stackoverflow.com

I am using Spring acegi security for single sign on on multiple applications. I need to extend session timeout at client side if user writing something on browser too. If user ...

20. Does acegi use a different session from Spring?    stackoverflow.com

I have been writing a web application that will only create one session per user. This has worked well so far. However, I am running into a problem where ...

21. Spring Security Issues    stackoverflow.com

Possible Duplicate:
Spring Security - Once logged in , browser do not asking for login details again
When i am logged in from one browser.i remain ...

22. Spring Security and BladeDS - session fixation protection    stackoverflow.com

I want do add session fixation protection to my web application based on Spring Security and BlazeDS. We use global-method-security. When a user logs in successfully i recreate the session and ...

23. Problem while implementing HttpSessionLister with Spring-Security    stackoverflow.com

I am using Spring/Hibernate and Spring-Security for my web-based application. Now I have a requirement where I need to perform some database query at sessionDestroy method of HtppSessionLister. Inside web.xml :

<listener>
  ...

24. Spring Security: Pass session across domains    stackoverflow.com

I'm working on a web application that has to use different domains for access over http and https. Now I'm facing the following problem: While the user is accessing the http-domain, ...

25. Spring security session management is not working    stackoverflow.com

I user spring security session management for my application. My application has no login page. It will automatically log in the user by validating the incoming URL using a secret key. ...

26. spring session management not working    stackoverflow.com

In my spring application i add spring security. below i mentioned my security xml file.

<security:http auto-config="true">
        <security:form-login login-page="/login" default-target-url="/businessCategory"
     ...

27. Spring Security Session    stackoverflow.com

I am confused about it. I've set up Spring Security successfully(role based access etc.), but what I don't understand is how to say add something to the session created by Spring? ...

28. Set User Object in session using Spring    stackoverflow.com

I would like to set the User Object which contains the details of the user into session in my Spring Application. I would like to use this session object when I would ...

29. How to support user session to Vaadin project    stackoverflow.com

I am new to Vaadin, and now I wanna add user session support to my application, but I don't know how to do it? Since reload the page will restart the ...

30. how to expire a users session?    forum.springsource.org

how to expire a users session? greeting all. i want to expire a users session and guess that i can do this by two way. 1 - mannually : must be ...

31. Authentication and session-fixation-protection    forum.springsource.org

Authentication and session-fixation-protection Hi, I am a little confused about the workings of the session-fixation-protection attribute (in Spring Security 2 and 3). Our application uses Siteminder for authentication and so uses ...

32. how to save user information in session after registration?    forum.springsource.org

Feb 22nd, 2011, 10:33 AM #1 tango View Profile View Forum Posts Private Message Member Join Date Nov 2010 Posts 45 how to save user information in session after registration? greeting ...

33. spring security concurrent-session-control    forum.springsource.org

Using spring security concurrent-session-control we can stop a single user loggin in twice. My requirement is i should not allow two persons access the same page at the same time. For ...

34. Solution for handling Spring security session Id in different wed apps    forum.springsource.org

Thanks for this solution. I thought about to use oauth. But as I saw in Tonr 2 we need to add Spring Security configuration to OAuth consumer. It is not easy ...

35. Where / How to access Session    forum.springsource.org

Where / How to access Session Hi, I'm trying to build custom controllers inside a Spring Roo GWT project in which I'm using JPA and Hibernate. How does the generated controllers ...

36. Need Urgent help - Multiple User Details object (sessions) in different tabs    forum.springsource.org

Hi Spring Gurus, We are in a situation where we need to allow different sessions for different tabs of a browser window. The entire application works on spring's User Details object. ...

37. User information shared acorss session    forum.springsource.org

User information shared acorss session Hi All, We have a project that is using Spring Security for authorization and authentication. Over last few months we are experiencing a problem of User ...

38. How to handle session time out when using Spring security    forum.springsource.org

Hi, I am using spring security in a JSF application and having a problem with session time out. Attached are my security configuration files and the error that i get when ...

39. Spring security concurrent-session and HttpSessionListener problem    forum.springsource.org

Spring security concurrent-session and HttpSessionListener problem I have implemented HttpSessionListener and it works fine except for the case when a logged in user concurrently logs in a second time. Spring terminates ...

40. Maximum number of concurrent sessions for a user    forum.springsource.org

Maximum number of concurrent sessions for a user Hi All, Currently, we are using Spring Security(3.0) to authenticate our users from LDAP and everything is working fine. We have configured, that ...

41. Spring Security and Session Timeout    forum.springsource.org

Hi, What happens to Spring Security Context and Authentication when Session Timeout. Do they get invalidated? So basically do users have to login again or is their a way where user ...

42. customising a session authentication strategy    forum.springsource.org

Jul 1st, 2011, 07:08 AM #1 bbeloff View Profile View Forum Posts Private Message Junior Member Join Date Jun 2011 Posts 5 customising a session authentication strategy Hi I'm trying to ...

43. Invalidate the User Session    forum.springsource.org

Aug 31st, 2011, 11:30 AM #1 tqnguyen1973 View Profile View Forum Posts Private Message Junior Member Join Date Aug 2011 Posts 5 Invalidate the User Session Hi, I trying to enforce ...

44. Require a valid session for anonymous users    forum.springsource.org

Require a valid session for anonymous users Hi There, I have implemented a REST webservice and as part of that I have two enrollment requests that are required before users formally ...

45. Security Session Issue in IE 8    forum.springsource.org

Security Session Issue in IE 8 Hi, We are using jboss 7, spring security 3.0.5. The security code works fine in firefox browser. But when I try to access the application ...

46. how to get user info from session?    forum.springsource.org

i select WebWork as my web framework, i want to know if i can get user detail info from session. I woder where can i process in this situation.thanks

47. Problem: all users sharing one session    forum.springsource.org

I'm new to spring and just ran into a problem - all users of my app seem to share the same session.. Oops.. I'm using JSPs with page session set to ...

48. Adding objects to the session after authentication    forum.springsource.org

Adding objects to the session after authentication I have just started adding acegi to our already existing spring application. Our securityless application depends heavily on a "UserSession" object that is placed ...

49. Authentication only once per session    forum.springsource.org

Authentication only once per session Hi all, I'm currently using a JAAS LoginModule to authenticate users and in the process of integrating it, I uncovered a little bit more of my ...

50. Authentication /Session maintenance.    forum.springsource.org

Authentication /Session maintenance. I have a confusion regarding Acegi handling of authentication and session maintenance. Let me describe it. AuthenticationManager does the authentication. There is a process ( a filter) that ...

51. which one to extend if want extra Role info in session ?    forum.springsource.org

I suspect you'll want to develop an AuthenticationDao which generated the GrantedAuthority[] array to include your customised GrantedAuthority. You could probably simply extend GrantedAuthorityImpl, but it's easy enough to start from ...

52. Putting Objects in the Session when Authentication Successfu    forum.springsource.org

Putting Objects in the Session when Authentication Successfu Hi, I have replaced my custom security in my web app with Acegi, and the authentication and security work a treat. However... When ...

53. User session issues with acegi    forum.springsource.org

User session issues with acegi Hi all , we recently incorporated the acegi security system into our app ( was a replacement for weblogic's authentication/authorization system). A few details about our ...

54. Is user information stored in Session?    forum.springsource.org

It is stored in the HttpSession if you're using HttpSessionContextIntegrationFilter (which you probably are). Look at the code for this class and see how it's stored. Generally it is recommended NOT ...

55. Clear user session again    forum.springsource.org

Dear Folk My problem is quite similar to this thread ,http://forum.springframework.org/showthread.php?t=22287, due to i'm doing an auction system if my client accidently close browser, I have to let them to re-login ...

56. invalidating ALL sessions (for 1 user) from a single application    forum.springsource.org

invalidating ALL sessions (for 1 user) from a single application We have a web-based workflow application that uses frames to provide access to many other applications. We've implemented single sign on ...

57. question about concurrent sessions and authentication    forum.springsource.org

question about concurrent sessions and authentication Hi I have application (Spring 1.2.8 and Acegi 1.0.1) that allows only 1 concurrent session per user. This is my filterChainProxy bean definition : Code: ...

58. Multiple users and sessions problem    forum.springsource.org

Multiple users and sessions problem If I submit two times the same form really close one to the other (the first is still computing and I launch the second), the first ...

59. how to pre-init or pool custom data access sessions?    forum.springsource.org

how to pre-init or pool custom data access sessions? Hi, I'd like to ask for help on implementing a sessionFactory or a pooled DataSource(?) to solve my problem. I have a ...

60. Acegi: Accessing Session to set an attribute?    forum.springsource.org

So, I have a provider (AbstractUserDetailsAuthenticationProvider) that checks with some libraries to authenticate a user. The catch is that I need to set an object into the session that the rest ...

61. Acegi and Session persistence    forum.springsource.org

Acegi and Session persistence Hi I am using Acegi in my web application for authentication and authorization. My web application runs in a clustered environment with the iplanet 6.1 sp5. We ...

62. Number of concurrent user sessions    forum.springsource.org

Hello everybody, I'm using acegi for user management in my application and I wondered if acegi could tell me how many users are currently logged on the website. I searched for ...

63. How to access session scoped instance variable in Business objects    forum.springsource.org

I am able to create a AOP-proxied session bean. The blog outlines to access the bean with ApplicationContext. How can I get the application Context object when I use DispatcherServlet . ...

64. Saving Session Information in Acegi    forum.springsource.org

Saving Session Information in Acegi Hi, I have a project that needs to enable a legacy JAAS authentication via a custom login module. The login module generates a challenge question from ...

65. Does SecurityContextLogoutHandler really invalidates session ? ( Acegi 1.0.3+)    forum.springsource.org

Feb 20th, 2007, 05:47 AM #1 akram View Profile View Forum Posts Private Message Junior Member Join Date Jan 2006 Posts 28 Does SecurityContextLogoutHandler really invalidates session ? ( Acegi 1.0.3+) ...

66. Problem between XT-Ajax and acegi when the session timeout    forum.springsource.org

Problem between XT-Ajax and acegi when the session timeout Hi! I have a little problem here. I'm using acegi for the security part of my project, and XT-Ajax to call some ...

67. How to handle Ajax session timeouts in Acegi    forum.springsource.org

How to handle Ajax session timeouts in Acegi Just wondering what would be the right approach to handle session timeouts during AJAX when the web application is protected by Acegi? The ...

68. Using listeners store user info in Session    forum.springsource.org

Using listeners store user info in Session Hi Friends, Prior to Acegi we used a controller say LoginController to authenticate a user and store the info in the session. User info, ...

69. session variables,how to access the HttpServletRequest to obtain current session    forum.springsource.org

session variables,how to access the HttpServletRequest to obtain current session Hi everyone . Could someone tell me how can i access the current HttpServletRequest to update a session variable ? what ...

70. Acegi and session object containers    forum.springsource.org

Acegi and session object containers Hi there, I'm rebuilding and old web application using Spring-mvc and acegi. So far we have all the business logic implemented and bound together using core ...

71. Session Time Out For UNLOGGED USER During Search -pls help    forum.springsource.org

Nov 23rd, 2007, 05:39 AM #1 rajeev.sengupta View Profile View Forum Posts Private Message Junior Member Join Date Nov 2007 Posts 5 Session Time Out For UNLOGGED USER During Search -pls ...

72. Access to the current Session?    forum.springsource.org

Hi all, Could anyone tell me how I would go about getting access to the current Session? I need to get values from it etc but it is not passed into ...

73. Get current user from session    forum.springsource.org

How do you get the currently logged in from the session object after you have logged in using the Acegi filters. Normally I would do like this: Code: HttpSession session = ...

74. Session is expiring for every 6 to 10 minutes in acegi    forum.springsource.org

HI, I have developed a web application in that we have used Acegi security framework for Authentication&Authorization. Everything is fine but when I log in to the application after 6 to ...

75. Acegi apparently intermittently failing to find Authenticated User in Session?    forum.springsource.org

Acegi apparently intermittently failing to find Authenticated User in Session? Hi all, having a little problem I hope somebody can shed some light on. Environment is Acegi 1.0.6, CAS server 3.2 ...

76. session.expireNow() and info to user    forum.springsource.org

Hi, is it possible to show user info about the couse why his session expired? I'm using ACEGI. When user login and at this time another user is loged in with ...

77. Session handling with Spring Security    forum.springsource.org

Session handling with Spring Security I wonder if Spring Security combined with Spring Fremawork is capable to handle session related operations automatically? I mean at user login creating a session and ...

78. How to access session variables    forum.springsource.org

Hi, I have a bean in the applicationContext.xml as In a class Rules Class I need to access this userBean. How do I do that? Thanks Vinaya ...

79. acegi + ajax problem after session timeout    forum.springsource.org

Hi, I am working on a struts 2 webapp secured with Spring Security. On one page I have a combo box. changing the content of this combo triggers the refreshing of ...

80. Update user info on session timeout - confused by SessionFixationProtectionFilter    forum.springsource.org

Update user info on session timeout - confused by SessionFixationProtectionFilter I'm using Spring Security 2.0 with Spring 2.5 and am confused about how to work around the SessionFixationProtectionFilter... I want to ...

81. Session Problem: exceeded simultaneous SESSIONS_PER_USER limit    forum.springsource.org

Session Problem: exceeded simultaneous SESSIONS_PER_USER limit Hello, I'm using hibernate + spring MVC. I've got a following error: ORA-02391: exceeded simultaneous SESSIONS_PER_USER limit I don't understand why sessions are not getting ...

82. Spring Security Concurrent Session Control Problem    forum.springsource.org

Hi guys, i am trying to setup the concurrent session control feature provided by Spring Security Framework. Whilst Spring Security context goes up without any error, i think that the concurrent ...

83. Authentication Requiring Direct Session Interaction For Registration    forum.springsource.org

Authentication Requiring Direct Session Interaction For Registration I'm working on the same thing many have been trying to do. Once a user registers, I want to automatically log them in. I've ...

84. How keep additional user data in session?    forum.springsource.org

How keep additional user data in session? Hi all, I'm using spring security 2.0.3 to control access to web application written in spring mvc. When user log-in currently only predefined set ...

85. Setting session attributes right after the user is authenticated    forum.springsource.org

Setting session attributes right after the user is authenticated Hi, Everyone -- I really need help with this issue that I have and have tried for weeks to figure out how ...

86. DAO and user session    forum.springsource.org

Hello, I want to build a multiuser web application. A user should select a database from a dropdown menu and work with it. Now my question: does every user get its ...

87. switch session to new concurrnt user    forum.springsource.org

Hi all I have implimented spring security in my project. But I have one problem, If once user loged in and without logout he closed the window He can't login till ...

88. Acegi Authentication - store user information in session    forum.springsource.org

Hi, I am using Acegi for authentication using LDAP. During authentication I want to capture the user information and store it in a user bean in session. How can I do ...

89. What is the user session variable name?    forum.springsource.org

What is the user session variable name that is used to store the UserDetails object? I find myself wanting to access it for my own purposes (since it's also a domain ...

90. Invalidate session when user leaves site    forum.springsource.org

Hi! When the user leaves the website (e. g. closes the browser window) the session on the server will not expire for a while. Are there any concrete ideas how to ...

91. one session for each user    forum.springsource.org

hello, I had integrated Acegi on my web application, and look for give for each user the permission to have one session in time. now the user can open more than ...

92. session ID's and spring security    forum.springsource.org

session ID's and spring security Hi, I'm pretty new to Spring and especially Spring security, so please forgive me if I'm asking stupid questions. I'm working on a client/server setup, where ...

93. Share Authentication between sessions    forum.springsource.org

Share Authentication between sessions Hi, I'm trying to authenticate users of a desktop application with OpenID. To get that I use OAuth protocol to authorize the desktop application in the server ...

94. Lost Session for ACEGI    forum.springsource.org

Lost Session and HttpSessionContextIntegrationFilter I have a web application configured with spring and acegi intergration. As the user logs on the welcome page is displayed. However after that as user clicks ...

95. Access session in Porlet    forum.springsource.org

Access session in Porlet Hello I am usiing Spring MVC to develop portlets How do I access the Portlet session from the Controller ? Let me share my Controller Code: @Controller ...

96. session timeout with spring mvc and acegi    forum.springsource.org

session timeout with spring mvc and acegi Hi, I am using spring 2.5.6 and acegi 1.0.7 I want to know the best way to handle session timeout with acegi/spring mvc. I ...

97. Spring Security Concurrent Session Handling    forum.springsource.org

Dec 22nd, 2009, 07:39 AM #1 suriin View Profile View Forum Posts Private Message Junior Member Join Date Dec 2009 Posts 16 Spring Security Concurrent Session Handling Hi, I have configured ...

98. Spring Security 3 issuses with concurrent session control and Session Management Filt    forum.springsource.org

Jan 19th, 2010, 11:32 AM #1 nedev View Profile View Forum Posts Private Message Junior Member Join Date May 2008 Posts 5 Spring Security 3 issuses with concurrent session control and ...

99. How to Inform User That session has timed out ?    forum.springsource.org

Feb 16th, 2010, 04:56 AM #1 raja_s_patil View Profile View Forum Posts Private Message Member Join Date Jan 2009 Posts 56 How to Inform User That session has timed out ? ...

100. what happened to org.springframework.security.ui.session.HttpSessio nEventPublisher    forum.springsource.org

I upgraded to spring-security-core-3.0.1RELEASE, and the class org.springframework.security.ui.session.HttpSessio nEventPublisher which was declared in web.xml can no longer be found. I checked the jar, and indeed the whole package is gone. is ...