Nov 27th, 2012, 07:52 PM
Using RequestCache when session-management has invalid-session-url
After upgrading from Acegi to Spring Security, I am trying to recreate the old behavior that would allow showing a "Session Expired" message on the login page while still redirecting to the original request's URL.
This is the same issue described here:
The main issue is that the original request is cached when ExceptionTranslationFilter calls the following method:
However, when I add the following to my <http> tag, the ExceptionTranslationFilter is never called:
<session-management invalid-session-url="/login.html?timeout=true" />
The possible solutions I can think of are to use a custom SessionManagementFilter or a custom InvalidSessionStrategy that calls requestCache.saveRequest(request, response) before redirecting to the invalid-session-url. However I cannot find a simple way to provide a custom SessionManagementFilter or to inject a custom InvalidSessionStrategy into the default SessionManagementFilter.
The other alternative is to use a custom ExceptionTranslationFilter that checks request.isRequestedSessionIdValid()...but that could be trickier since it relies on AuthenticationEntryPoint for the login page.
How can I call saveRequest before redirecting to an invalid-sesion-url?
Last edited by MrStanaland; Nov 27th, 2012 at 07:58 PM.
Nov 27th, 2012, 08:00 PM
(Apologies for bad wording in title...can't seem to edit that)