Spring Security Session Timeout Redirect Login Page

Either it may be servlet or spring security or servlet it can only invalidate session and it can redirect to login page only after arriving next request. My requirement is if user is idle for time equal to maximumInactiveInterval set, without user intervention page should redirect to login page. Notice the login tag to define the login page. The tags are to set patterns to secure. So in the first line, it really is just saying don't add the filters to the login page, as we don't want that secured. The second line says, only ROLEUSER members will see all the other pages of the web app. Following example shows how page is forwarded to login page on session expiration. We are going to use form based programmatic security by using HttpServletRequest.login and HttpServletRequest.logout methods. We are reusing our programmatic security example. In fact we don't have to do anything special when session expires.

Ranch Hand
Spring Security Session Timeout Redirect Login PageRedirectposted 12 years agoLogin
I am pretty new to spring, have set session timeout of 1 minute in the web.xml.
I need to display the login page once session is timed out and user clicks any link in the application.
Is there any framework or configuration in spring that allows for this funtionality?
Regards,
Joshua

Spring Security Session Time Out Redirect Login Page Yahoo

Ranch Hand

Spring Security Session Time Out Redirect Login Page Clickbank

posted 12 years ago
You have to add the HttpSessionContextIntegrationFilter (or another implementation) to the filterChainProxy in your spring security configuration.
In your authenticationEntryPoint you define the form (URL) where it should be redirected in case of an exception.
I think the new spring security is very easy to configure I'm still using the 1.5 spring and it worth looking into the new one I think.
ranger
posted 12 years ago
Yes in the latest Spring version, you don't have to define all those Filters. You just use auto-config='true'
So you will just need to define a login-page in your config file.
Here is an example

notice the <form-login> tag to define the login page. The <intercept-url> tags are to set patterns to secure. So in the first line, it really is just saying don't add the filters to the login page, as we don't want that secured. the second line says, only ROLE_USER members will see all the other pages of the web app.
Mark

Perfect World Programming, LLC - iOS Apps
How to Ask Questions the Smart Way FAQ

Spring Security Session Time Out Redirect Login Page Login

Ranch Hand
posted 12 years ago
I tried using

But after the session expires and I click on any link within the application, the same page gets displayed.
What could be the reason, am I missing something very silly?
Regards,
Joshua
Ranch Hand

Spring Security Session Timeout Redirect Login Page Example

posted 12 years ago

Spring Security Session Time Out Redirect Login Page Aspx

I found out the issue, actually I was using old acegi jar.
Thanks Tomas and Mark for sharing your knowledge
Regards,
Joshua