Spring security and session management without using spring MVC module

Hi,

M currently working on spring 2.5 for security puposes. My question is how to maintain or monitor a session through spring-config.xml or spring-security.xml. I want step by step procedure. Following are the objectives I want to achieve:

1. Traditional session time out after specified amount of time.
2. Invalide session and redirect to specifed url.
3. Not more that 1 user can login with same user name i.e concurrency control.

Note: I am not using Spring MVC module and we are using Struts 2.0 so, just for request dispatching we are using session oject of servlet. To transfer the data but to control the overall sesison I want to use springconfig.xml.


Thanks !

Nagbhushan Menasigi wrote:Hi,

M currently working on spring 2.5 for security puposes. My question is how to maintain or monitor a session through spring-config.xml or spring-security.xml. I want step by step procedure. Following are the objectives I want to achieve:

1. Traditional session time out after specified amount of time.
2. Invalide session and redirect to specifed url.
3. Not more that 1 user can login with same user name i.e concurrency control.

Note: I am not using Spring MVC module and we are using Struts 2.0 so, just for request dispatching we are using session oject of servlet. To transfer the data but to control the overall sesison I want to use springconfig.xml.


Thanks !

You would do the exact same thing. Are you using the Spring integration with Struts 2?

You make a security configuration using the security namespace and then secure your url with <security:url-intercept> There are tags and attributes within that namespaces to set things about your session. I am not sure about #3 though.

You can look at the Spring Security documentation on securing web pages.

Mark