Spring+Acegi able to visit login screen, but old session is retained.
I have Spring + Acegi and everything is working fine, except when I don't log out and I re-visit the login page. I can type in new credentials (user/pass), but when I log in, I'm actually associated with the old credentials, which is confusing for a user since they think they just logged in. It seems like either I need to somehow reset the rememberme cookie when the user directly visits the login page, or that they need to be redirected away from the page when they have been remembered.
Some configuration settings for reference:
Any ideas/tips are appreciated!Code:objectDefinitionSource: /login.jsp*=IS_AUTHENTICATED_ANONYMOUSLY ... filterInvocationDefinitionSource: /j_acegi_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter ... <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> <property name="userDetailsService" ref="accessMgr"/> <property name="key" value="changeThis"/> </bean> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider"/> <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> <property name="key" value="changeThis"/> </bean> <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> <property name="key" value="changeThis"/> </bean> </list> </property> </bean> <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="rememberMeServices" ref="rememberMeServices"/> </bean>
Reply With Quote