Search:

With out any other options, wrote a custom filter which would clear out the security context if the request if for login. This seems to work :):).

I would still expect spring security had...

Well, I have started off on that will see how it goes.

I do see that AbstractSecurityInterceptor holds a property alwaysReauthenticate that is defaulted to false. If I get it to set to true for...

Re-authing for particular URL (/login) will help my situation. Becoz, for rest of the URLs I have checks more than jession id. So stealing the jsession id will not help the hacker. But login there...

For your better understanding...
are you writing a service? -> I am developing an API.
Are users going to view it in a web browser? -> NO.
Do you only expect the user to have to re-authenticate...

What I am looking for is really simple, a particular URL should be authenticated always (/login). For this URL spring should not consider security context from session. I want spring security to use...

Yes I am stealing JSESSIONID after login and then hitting the login url again. My expectation for login url sping sec needs to re-auth

What I am expecting is for every access to the '/login' url I want the spring security to make use of userservice and reauth the user. Right now, it makes uses of security context in the session as...

Well, session fixation does not help either. If I hijack the new jsession id (that's generated after auth is successful) and perform login it allows access to resource with incorrect password.

We...

Is there a name space configuration in spring security to mention that security context needs to be removed for every login ??? :confused:

I have the following interceptor config for the login url...

I had the same issue, even my TC did not start becoz of this error. Then found a post which suggested to that this could be because of Maven. SO I added the following dependency and it fixed it. Not...

Yes please. How to move it to web forum though? sorry i am new. :(

After analysis I figured out that the cookie was present but Spring's RestClient is not identifying. I used a RestLet client and found that it identifies the cookies.


ANY BODY HAS ANY THOUGHTS...

Replying to my own post, so that it can help others. A HandlerInterceptor would provide this requirement. I have implemented it and moving ahead I am stuck on how to get the response status. I need...

Hello -
I am missing cookie in my responses of RESTful API requests. Not sure if my client is incorrect or if I am missing a spring configuration. Here is how I test:

- From client I access the...

I am developing a RESTful api and need to write a custom filter that gets invoked after the request processing is complete by the controller. Its like, I need to perform a post processing after every...

Have you got a valid api key to access flickr?

The above exception is not because of the client or ur code. You need to install the cert for the server that ur trying to connect over SSL. Below link has a java file that would help u...
...

I have default setting for session management, i.e I have made auto config. I see the same warning and response does not seem to have a cookie in it for jsession id. Any help would be great.

i dont have 2 tags. I got only one <http> tag in app-security.xml.

Hello,
I am trying to import the beans from an another XML in my app-config.xml with the xml entry

<!-- Importing beans from app-security.xml file -->
<import resource="app-security.xml"/>
...