I have an application with spring security 3.1 and Ldap integration. Below are the key points in the requirement and implementation so far:
The application will have multiple roles for single user but these roles does not exist in ldap, so the application authenticates only the username(or userid) from ldap.The roles are stored separately in the databaseUpon successful authentication from ldap, the userdetails and the roles are set into principal object custom userdetails object by implementing UserDetailsService
Problem:
User A logs in the applicationUser B logs in the application, User A session is getting destroyed(which should not have happened because User A has not logged out yet!) User B logs out User A gets page not found, since its session is already destroyed when User B logged
The applicationContext-security.xml looks like this:
The CustomAuthenticationProcessingFilter class looks like this:
The UserTracker class looks like this:
Can anyone help me to find out, why the User A's session is getting destroyed ?