java - Spring Security 4.x , Dynamic InvalidSessionUrl -


my project has 2 user roles: [admin, court] , unauthenticated (anonymous?) users. admin has super-admin access, i.e. global access. court has access specific pages. both admin , court authenticated.

the problem session timeouts need handled differently these 3 populations: admin , court users need re-direct respective login pages, , unauthenticated sessions need directed contextual home page (/xyz/home) based on previous context.

i've googled topic, , can't seem find mention of concept , solution. far can see research, session management invalid session url controls behaviour, need dynamic value here, can control landing point.

my code:

@configuration @enablewebmvcsecurity @enableglobalmethodsecurity(prepostenabled = true) public class securityconfiguration extends websecurityconfigureradapter {  @autowired private mongouserservice mongouserservice;  @autowired private loginauthenticationentrypoint loginentrypoint;  @autowired private authenticationfailurehandler loginfailurehandler;  @autowired private logoutsuccesshandler logoutsuccesshandler;  @override public void configure(websecurity web) throws exception {     web         .ignoring()             .antmatchers("/assets/**"); }  @override protected void configure(httpsecurity http) throws exception {     http         .exceptionhandling()             .authenticationentrypoint(loginentrypoint)             .accessdeniedpage("/403")         .and()             .authorizerequests()                 .antmatchers("/admin/login**").permitall()                 .antmatchers("/court/login**").permitall()                 .antmatchers("/admin/**").hasrole("admin")                 .antmatchers("/**/court/**").hasanyrole("admin","court")             .anyrequest()                 .permitall()         .and()             .formlogin()                 .loginprocessingurl("/dologin")                 .failurehandler(loginfailurehandler)                 .usernameparameter("username")                 .passwordparameter("password")         .and()             .logout()                 .logouturl("/dologout")                 .logoutsuccesshandler(logoutsuccesshandler)                 .deletecookies("jsessionid")                 .invalidatehttpsession(false)         .and()             .sessionmanagement()                 .invalidsessionurl("/")                 .maximumsessions(1)         ; }  @override @autowired public void configure(authenticationmanagerbuilder auth) throws exception {     auth.userdetailsservice(mongouserservice).passwordencoder(passwordencoder()); }  @bean public passwordencoder passwordencoder() {     return new bcryptpasswordencoder(); }  @component public class loginauthenticationentrypoint extends loginurlauthenticationentrypoint {      @autowired     public loginauthenticationentrypoint() {         // loginurlauthenticationentrypoint requires default         super("/");     }      /**      * @param request   request      * @param response  response      * @param exception exception      * @return url (cannot null or empty; defaults {@link #getloginformurl()})      */     @override     protected string determineurltouseforthisrequest(httpservletrequest request, httpservletresponse response,                                                  authenticationexception exception) {         string requesturl = request.getrequesturi();         system.out.println("in loginauthenticationentrypoint, requesturl = " + requesturl);         if (requesturl.indexof("/admin") != -1) {             return "/admin/login";         }         else if (requesturl.indexof("/court") != -1) {             return "/court/login";         }         else {             return "/admin/login";         }     } }  @component public class authenticationfailurehandler extends simpleurlauthenticationfailurehandler {      @autowired     public authenticationfailurehandler() {         super();     }      @override     public void onauthenticationfailure(httpservletrequest request, httpservletresponse response,                                     authenticationexception exception) throws ioexception, servletexception {         setdefaultfailureurl(getfailureurl(request));         super.onauthenticationfailure(request, response, exception);     }      private string getfailureurl(httpservletrequest request) {         string refererurl = request.getheader("referer");         system.out.println("in authenticationfailurehandler, referrerurl: " + refererurl);         if (refererurl.indexof("/admin") != -1) {             return "/admin/login?err=1";         }         else if (refererurl.indexof("/court") != -1) {             return "/court/login?err=1";         }         else {             return "/admin/login?err=1";         }     } }  @component public class logoutsuccesshandler extends simpleurllogoutsuccesshandler {      @autowired     public logoutsuccesshandler() {         super();     }      @override     public void onlogoutsuccess(httpservletrequest request, httpservletresponse response,                                  authentication authentication) throws ioexception, servletexception {         setdefaulttargeturl(request.getheader("referer"));         handle(request, response, authentication);     } } }

update:

when attempted miplement custom concurrentsessionfilter, received exception. code, resulting stack trace below:

@bean public concurrentsessionfilter customconcurrentsessionfilter() {     return new customconcurrentsessionfilter(); }  public class customconcurrentsessionfilter extends concurrentsessionfilter {      protected string determineexpiredurl(httpservletrequest request, sessioninformation info) {         return "something here";     } }

severe: exception sending context initialized event listener instance of class org.springframework.web.context.contextloaderlistener org.springframework.beans.factory.beancreationexception: error creating bean name 'customconcurrentsessionfilter' defined in class path resource [com/cii/config/securityconfiguration.class]: invocation of init method failed; nested exception java.lang.illegalargumentexception: sessionregistry required @ org.springframework.beans.factory.support.abstractautowirecapablebeanfactory.initializebean(abstractautowirecapablebeanfactory.java:1554) @ org.springframework.beans.factory.support.abstractautowirecapablebeanfactory.docreatebean(abstractautowirecapablebeanfactory.java:539) @ org.springframework.beans.factory.support.abstractautowirecapablebeanfactory.createbean(abstractautowirecapablebeanfactory.java:475) @ org.springframework.beans.factory.support.abstractbeanfactory$1.getobject(abstractbeanfactory.java:302) @ org.springframework.beans.factory.support.defaultsingletonbeanregistry.getsingleton(defaultsingletonbeanregistry.java:228) @ org.springframework.beans.factory.support.abstractbeanfactory.dogetbean(abstractbeanfactory.java:298) @ org.springframework.beans.factory.support.abstractbeanfactory.getbean(abstractbeanfactory.java:193) @ org.springframework.beans.factory.support.defaultlistablebeanfactory.preinstantiatesingletons(defaultlistablebeanfactory.java:706) @ org.springframework.context.support.abstractapplicationcontext.finishbeanfactoryinitialization(abstractapplicationcontext.java:762) @ org.springframework.context.support.abstractapplicationcontext.refresh(abstractapplicationcontext.java:482) @ org.springframework.web.context.contextloader.configureandrefreshwebapplicationcontext(contextloader.java:403) @ org.springframework.web.context.contextloader.initwebapplicationcontext(contextloader.java:306) @ org.springframework.web.context.contextloaderlistener.contextinitialized(contextloaderlistener.java:106) @ org.apache.catalina.core.standardcontext.listenerstart(standardcontext.java:4770) @ org.apache.catalina.core.standardcontext.startinternal(standardcontext.java:5196) @ org.apache.catalina.util.lifecyclebase.start(lifecyclebase.java:150) @ org.apache.catalina.core.containerbase$startchild.call(containerbase.java:1409) @ org.apache.catalina.core.containerbase$startchild.call(containerbase.java:1399) @ java.util.concurrent.futuretask.run(futuretask.java:266) @ java.util.concurrent.threadpoolexecutor.runworker(threadpoolexecutor.java:1142) @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java:617) @ java.lang.thread.run(thread.java:745) caused by: java.lang.illegalargumentexception: sessionregistry required @ org.springframework.util.assert.notnull(assert.java:112) @ org.springframework.security.web.session.concurrentsessionfilter.afterpropertiesset(concurrentsessionfilter.java:85) @ org.springframework.beans.factory.support.abstractautowirecapablebeanfactory.invokeinitmethods(abstractautowirecapablebeanfactory.java:1613) @ org.springframework.beans.factory.support.abstractautowirecapablebeanfactory.initializebean(abstractautowirecapablebeanfactory.java:1550) ... 21 more


Comments

Post a Comment

Popular posts from this blog

android - MPAndroidChart - How to add Annotations or images to the chart -

i working latest mpandroidchart library , looking way add annotations or images clickable. example: once data reaches value event occurs want able display user - there multiple events can occur annotations (not sure if right word) or image added @ point in chart. any pointers welcome. check documentation of yaxis . focus on setspacetop(...) , setaxismaxvalue(...) methods. for background: bar-shadow , disable calling: barchart.setdrawbarshadow(false) or change color: bardataset.setbarshadowcolor(int color)
Read more

javascript - Add class to another page attribute using URL id - Jquery -

i have attached id url. ex: when click link 1 , has #tab-2 id , takes me landing page. in landing page have find element has #tab-2 id have add class .active . i tried no luck. please 1 correct code. thanks js fiddle link html <div class="menu"> <ul> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-2">link 1</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-44">link 2</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-74">link 3</a></li> </ul> </div> landing page <div class="tab"> <ul> <li><a id="tab-2" class="active" >link 1 content</a></li> <li><a id="tab-44" >link 2 content</a></li> <li><a id="tab-74" >link 3 content</a></l...
Read more

firefox - Where is 'webgl.osmesalib' parameter? -

i'm trying webgl running on firefox (v37.0.2) via software acceleration mesa. tried following steps have been stated in article: http://www.binarytides.com/enable-webgl-firefox-ubuntu/ however, unable find parameter named ' webgl.osmesalib ' in about:config section? has been removed (or renamed)? if yes, how should instruct firefox use mesa's software acceleration webgl? looks support osmesa removed in favour llvmpipe.
Read more