Pushpa Kushwaha

Greenhorn
+ Follow
since Jan 14, 2013
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Pushpa Kushwaha

Finally found the solution to the above problem. There were multiple causes:


  • While testing the above problem I was making a mistake, that I was trying to achieve concurrency control when users opens the application in a tabbed browser.



  • Spring internally stores the ip address of the machine to prevent multiple users to login from same machine. Thus had to make code changes so that user's having multiple roles are not allowed to login from the same machine.


  • 11 years ago
    As suggested, I have rewritten the security context with basic configuration and now facing the concurency control problem.
    My application-security looks like this:

    11 years ago
    I had written CustomAuthenticationProcessingFilter class because spring-security's concurrency control was not working.
    Also, I had to check whether the username and their role had access to login to the application.

    But, forgetting the above problems, I have even tried removing CustomAuthenticationProcessingFilter class
    completely(replacing by class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" in context file)
    and having only custom implementation of UserDetailsService(for DB Access) & UserDetailsContextMapper(for Ldap Access), still the problem persists.
    The User's A session is getting destroyed as soon as User B is logging in the application.
    11 years ago
    I have an application with spring security 3.1 and Ldap integration. Below are the key points in the requirement and implementation so far:
  • The application will have multiple roles for single user but these roles does not exist in ldap, so the application authenticates only the username(or userid) from ldap.
  • The roles are stored separately in the database
  • Upon successful authentication from ldap, the userdetails and the roles are set into principal object custom userdetails object by implementing UserDetailsService


  • Problem:
  • User A logs in the application
  • User B logs in the application, User A session is getting destroyed(which should not have happened because User A has not logged out yet!)
  • User B logs out User A gets page not found, since its session is already destroyed when User B logged


  • The applicationContext-security.xml looks like this:



    The CustomAuthenticationProcessingFilter class looks like this:


    The UserTracker class looks like this:



    Can anyone help me to find out, why the User A's session is getting destroyed ?
    11 years ago