Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Concurrent Authentication problem with intercept-url

 
Michael Houlo
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear,

I'm using the Intercept-url tag from Spring Security to control the access of my Admin page.
It works like a charm but I have a problem in one situation.
If I log in as an ADMIN, my admin page link is visible. When I click on it, I access the admin page.
If I log in as an USER, my admin page link is not visible. If I try to access it trought the URL /admin.html, i'm redirected to the "access denied page".

However, if I'm logged in as an ADMIN and then disconnect trought the disconnect button (And I do NOT close the browser), when I log in as an USER the admin page link is still not visible but when i try to access it trought the url /admin.html, it works and i'm authentified as an admin.. If I click on another link, I'm again logged in as an user..

Pretty weird, I don't understand.
Here are my files :

applicationContext-security.xml


UserDetailsServiceImpl :


If you need anything else, tell me
Thanks a lot for your help guys
 
Mudassar Hakim
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, what you have mentioned is definitely weird. So let me ask you from the basic, have you repeated the mentioned problem scenario for 3-4 times& received the same behavior again & again also are you pretty sure this is happening when you access using the admin credentials (just a little bit doubtful, you know the saying to err is human) . , Do let me know more about your observation on the same.
Regards
 
Michael Houlo
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mudassar Hakim wrote:Hi, what you have mentioned is definitely weird. So let me ask you from the basic, have you repeated the mentioned problem scenario for 3-4 times& received the same behavior again & again also are you pretty sure this is happening when you access using the admin credentials (just a little bit doubtful, you know the saying to err is human) . , Do let me know more about your observation on the same.
Regards


Dear,
I repeated it x times, always the same issue. However, as my AdminController, I was using an AbstractController and now I'm using a SimpleFormController.
Don't ask me why, but now, the USER can't access the admin page anymore.. But I have the opposite scenario, When the User disconnects, If I log in as an ADMIN and then access the Admin page trought the URL, I have access denied.. If i used the admin link, I'm granted to access the page.
So the problem is in the cache i guess...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic