Search:

You will need to ensure Tomcat and Apache are setup properly for clustering. Specifically you will want to setup sticky sessions and session replication. See the tomcat docs for more details.

I responded on SO

We're pleased to announce the release of Spring Security 3.1.4. For further details, please refer to the announcement.

The JIRA is resolved, but not closed. This means it has been fixed, but the code has not yet been released with the fix. The patch submitted should resolve the problem for the remoting bundle as...

Browsers reuse the same session when using a tab. You can inspect the HTTP request and see that the same JSESSIONID is being submitted on each request.

Each <http> blocks are used only if their pattern is matched. If there is no pattern the default pattern of match everything is used. The impact is that each AuthenticationEntryPoint (i.e. what to do...

For security reasons, the TGC should only be available to the CAS service..so the answer is no

This behavior is intentional since the annotation is on the subclass and the method is defined on the superclass. To change this, you would need to write your own MethodSecurityMetadataSource. See...

Your best bet would be to expose a service that can update the expiration of the TGT. The service would require a PT to authenticate and use the PT to determine which TGT to update the expiration on.

Keep in mind encryption does not prevent tampering with the data. For this situation, I'd checkout HDIV http://hdiv.org/

Most likely you should make an interface for UserInformation and ensure that the implementation of it is thread safe. Then you can mock the interface in your tests.

If you must keep the...

The first question is why are you wanting to encrypt the query parameters?

Spring Security does not provide mechanisms for encryption. If you want to do this, I would look into something like...

Does the issue always happen for a given json response? If you remove the springSecurityFilterChain <filter-mapping> from the web.xml does it resolve the issue? What does the remaining stack look...

I noticed that you have changed the login-processing-url so instead of submitting to /j_spring_security_check you must post to /vues/liste-fiches.html

Yes please post your request/responses using a plugin like Tamper Data.

I'm interested in the logs when you attempt to log in. Please post those in the forum with the code tags...the # button...

Thank you green_trutle....I think you are correct. I mitakenly thought that RequestMatcherEditor would convert the request. Sorry for the poor memory and not double checking on this.

I created https://jira.springsource.org/browse/SEC-2151 for this

When did you get this error? Can you post the logs just prior to the error? Can you please post the entire stacktrace?

For those searching the forums this was reported and resolved in https://jira.springsource.org/browse/SEC-2136

This appears to be a duplicate of http://forum.springsource.org/showthread.php?135648-No-redirection-After-login

It sounds like your user does not have the proper roles. What roles does this user have? What roles are required for this URL? Also ensure that the roles the user has starts with ROLE_

It is supported if you can access the password attribute of your users. However, since this is almost never allowed (and should not be allowed) for security reasons, it does not usually work. You...

I'm not sure how you are using PHP in your application to destroy the session, but you can use the <logout> element to provide a URL that a user can navigate to in order to logout. For example the...

It is typically not a good idea to include private information within your logging. The documentation for Tomcat access logs describes how you could configure the access logs to include a header...

How are you creating your Spring Controller? You should have Spring Test create the controller and inject it into your test. If that doesn't help can you post your test code?

PS: It helps to...