• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
Sheriffs:
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
Bartenders:
  • Mike London

Spring Security - After logout able to access application through url

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

In our application we are using Spring Security 3.0. The issue is after logging out from the application if i access the application by changing the url getting null pointer exception. This is happening only to those url's which iam not authenticating in Spring Security. Why am i allowed to access the Url after session expired? Spring should first check if session is valid then forward me to the request. Below are the filters i configured

 
Muhammad Abdul Arif
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Its resolved...thanks....issue was with url mismatch
 
ranger
Posts: 17347
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you are using Spring Security 3.0 Why do you have all those Spring Security beans defined. That is about 300 lines of xml that you don't need. That you get with just <security:http> tag in the security namespace. Much shorter than 300 lines of xml.

Mark
 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have a problem with my Logout functionality in my application which using CAS integrated with Spring security. My spring configuration is as below:

<bean id="logoutFilter" class="org.springframework.security.web.authentica tion.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg value="https://casURL/cas-server-webapp-3.5.1/logout?service=applnURL"/>

<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentica tion.logout.SecurityContextLogoutHandler"/>
<bean class="com.blah.blah.sso.logout.CustomLogoutHandle r"/>
</list>
</constructor-arg>
</bean>

On clicking of the Logout link in my application URL with URl /j_spring_security_logout which invalidates session in SecurityContextLogoutHandler and redirects to the service as in the constructor. Our expected behaviour is that the CAS must log itself out ,invalidate session both in CAS and application and redirect to the service configured as above.

What actually happens is that i am getting the service URL getting called but CAS is not creating the ST for the valid user i give at THIS point of time in the CAS login page.

Any help please.

Thanks,
Mckenzie
 
Bartender
Posts: 1682
7
Android Mac OS X IntelliJ IDE Spring Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This thread has already been marked as resolved. Please start new threads for new questions.
reply
    Bookmark Topic Watch Topic
  • New Topic