Search:

Flow state is stored in the user's session. When the session times out the session data is lost.
You could implement your own ConversationManager to store flow state some where other then a user's...

You could try catching the exception in your flow, and then examine the state of the flow. I'm not sure what information can be determined once you catch the exception but at least if you do it...

If you are using a Servlet 3.0 container (like Tomcat 7) you can try setting <tracking-mode>URL</tracking-mode>.
This will force the jsessionid into the url. When you open a new tab, it will not...

We are using Spring Security 3.0.5 with a preauth filter (to integrate with our SSO product). We are trying to get 'invalid-session-url' to work in this scenario. If the Tomcat session expires before...

Is your development machine setup to use the same preauth filter?
We've seen similar behavior where the preauth filter creates a valid Authentication context for the user prior to...

The URL patterns are relative to your application context.
So if your CMS app is deployed under /second then security config would just be /** to secure the app.
It sounds like you are configuring...

For other web apps on your server that you don't want access to, undeploying the app is probably the most effective way of not accessing it.
As for managing only valid urls for your "Main"...

Hi,

I have defined several intercept-url patterns that use filters='none' since I want to
remove any filters from being applied (example '/test/**'). One of these URL's sub files should be...