Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Spring Security - After logout able to access application through url

 
Muhammad Abdul Arif
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

In our application we are using Spring Security 3.0. The issue is after logging out from the application if i access the application by changing the url getting null pointer exception. This is happening only to those url's which iam not authenticating in Spring Security. Why am i allowed to access the Url after session expired? Spring should first check if session is valid then forward me to the request. Below are the filters i configured

 
Muhammad Abdul Arif
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Its resolved...thanks....issue was with url mismatch
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are using Spring Security 3.0 Why do you have all those Spring Security beans defined. That is about 300 lines of xml that you don't need. That you get with just <security:http> tag in the security namespace. Much shorter than 300 lines of xml.

Mark
 
Mckenzie John
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have a problem with my Logout functionality in my application which using CAS integrated with Spring security. My spring configuration is as below:

<bean id="logoutFilter" class="org.springframework.security.web.authentica tion.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg value="https://casURL/cas-server-webapp-3.5.1/logout?service=applnURL"/>

<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentica tion.logout.SecurityContextLogoutHandler"/>
<bean class="com.blah.blah.sso.logout.CustomLogoutHandle r"/>
</list>
</constructor-arg>
</bean>

On clicking of the Logout link in my application URL with URl /j_spring_security_logout which invalidates session in SecurityContextLogoutHandler and redirects to the service as in the constructor. Our expected behaviour is that the CAS must log itself out ,invalidate session both in CAS and application and redirect to the service configured as above.

What actually happens is that i am getting the service URL getting called but CAS is not creating the ST for the valid user i give at THIS point of time in the CAS login page.

Any help please.

Thanks,
Mckenzie
 
Bill Gorder
Bartender
Posts: 1682
7
Android IntelliJ IDE Linux Mac OS X Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This thread has already been marked as resolved. Please start new threads for new questions.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic