Hi, we've a production's application working weird sometimes. I didn't build the application and I don't know how Spring is working, but I have to make it work.
The application was built on Java 1.5.0, Tomcat 5.5.20 under Solaris 10, two Apaches in round robin running on Windows to attend requests towards Tomcat, and LDAP as the security background platform. There are almost 300 users, and it was configured with the concurrent-session-control max-sessions="1" attribute. The session's expiration time is 10.
Normally the application is working ok, but "randomly" some users (no more than 10 in 6 months) began to report ConcurrentLoginException. They have always tried to login on different times (not simultaneously). They try to log in and get the reported error, they wait for 30 minutes, reset the computer, log in in other computer, use another browser, but the trouble still happens. They can only log in after rebooting Tomcat.
Here is the applicationContext-security.xml:
PHP Code:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location" value="/WEB-INF/classes/file.properties"/>
</bean>
<security:http auto-config="false" >
<security:logout invalidate-session="true" logout-success-url="/index.jsp"/>
<security:intercept-url pattern="/jsp/indexA.jsp" access="ROLE_G_USER_APLL" />
<security:intercept-url pattern="/Apll/*" access="ROLE_G_USER_APLL"/>
<security:form-login default-target-url="/jsp/indexA.jsp" login-page="/index.jsp" authentication-failure-url="/index.jsp?error=1"/>
<security:anonymous />
<security:concurrent-session-control
max-sessions="1"
expired-url="/index.jsp?error=2"
exception-if-maximum-exceeded="true"/>
</security:http>
<security:ldap-server
manager-dn="${ldap.manager-dn}"
manager-password="${ldap.manager-password}"
id="ldap_server"
url="${ldap.url}"/>
<security:ldap-authentication-provider
server-ref="ldap_server"
group-search-filter="${ldap.group-search-filter}"
group-role-attribute="${ldap.group-role-attribute}"
group-search-base="${ldap.group-search-base}"
user-search-filter="${ldap.user-search-filter}"
user-search-base="${ldap.user-search-base}">
<security:password-compare hash="plaintext"/>
</security:ldap-authentication-provider>
<bean id="contextSourceExtra" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="${ldap.url}"/>
<property name="base" value="${ldap.user-search-base}" />
<property name="userDn" value="${ldap.manager-dn}" />
<property name="password" value="${ldap.manager-password}" />
</bean>
<bean id="ldapTemplateExtra" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="contextSourceExtra"/>
</bean>
<bean id="useratributeExtra" class="java.security.UserAtribute">
<property name="ldapTemplate" ref="ldapTemplateExtra"/>
<property name="url" value="${ldap.url}"/>
<property name="userDn" value="${ldap.manager-dn}"/>
<property name="password" value="${ldap.manager-password}"/>
</bean>
<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
</beans>
Do you need any more info? Do you have any ideas about what can be wrong?
Please provide all the help you may have on your hands.
ConcurrentLoginException so weird
