• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Concurrent Authentication problem with intercept-url

 
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear,

I'm using the Intercept-url tag from Spring Security to control the access of my Admin page.
It works like a charm but I have a problem in one situation.
If I log in as an ADMIN, my admin page link is visible. When I click on it, I access the admin page.
If I log in as an USER, my admin page link is not visible. If I try to access it trought the URL /admin.html, i'm redirected to the "access denied page".

However, if I'm logged in as an ADMIN and then disconnect trought the disconnect button (And I do NOT close the browser), when I log in as an USER the admin page link is still not visible but when i try to access it trought the url /admin.html, it works and i'm authentified as an admin.. If I click on another link, I'm again logged in as an user..

Pretty weird, I don't understand.
Here are my files :

applicationContext-security.xml


UserDetailsServiceImpl :


If you need anything else, tell me
Thanks a lot for your help guys
 
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, what you have mentioned is definitely weird. So let me ask you from the basic, have you repeated the mentioned problem scenario for 3-4 times& received the same behavior again & again also are you pretty sure this is happening when you access using the admin credentials (just a little bit doubtful, you know the saying to err is human) . , Do let me know more about your observation on the same.
Regards
 
Michael Houlo
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Mudassar Hakim wrote:Hi, what you have mentioned is definitely weird. So let me ask you from the basic, have you repeated the mentioned problem scenario for 3-4 times& received the same behavior again & again also are you pretty sure this is happening when you access using the admin credentials (just a little bit doubtful, you know the saying to err is human) . , Do let me know more about your observation on the same.
Regards



Dear,
I repeated it x times, always the same issue. However, as my AdminController, I was using an AbstractController and now I'm using a SimpleFormController.
Don't ask me why, but now, the USER can't access the admin page anymore.. But I have the opposite scenario, When the User disconnects, If I log in as an ADMIN and then access the Admin page trought the URL, I have access denied.. If i used the admin link, I'm granted to access the page.
So the problem is in the cache i guess...
 
reply
    Bookmark Topic Watch Topic
  • New Topic