ConcurrentSessionFilter configuration problem

[dyn]

Any chance to help me rewriting this <sec:http/> block with non-namespace based configuration? It aint seem *that* long for me..

Quote:

Originally Posted by dyn

Code:

<sec:http access-decision-manager-ref="accessDecisionManager">
		<sec:intercept-url pattern="/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY,IS_AUTHENTICATED_FULLY"/>
    	<sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
		
		<sec:form-login login-page="/acegilogin.jsp" authentication-failure-url="/acegilogin.jsp?login_error=1"/>
		<sec:anonymous />
		<sec:http-basic />
	</sec:http>

[mickknutson]

So I seem to have this issue, but the strange thing is, when I run Maven:cargo to deploy to embedded Tomcat and then access the application, the security works fine. But when I run through TestNG ->cargo ->tomcat, I keep getting this error:

Code:

Offending resource: class path resource [applicationContext-test.xml]; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Duplicate <global-method-security> detected.
Offending resource: file [C:\opt\projects\baselogic\common-services\webapp-services\web\target\test-classes\WEB-INF\applicationContext-security.xml]
    at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68)

NOTE: When I remove the <global-method-security> section, I get the same error for <http> which is the issue in this thread.

Here is my security applicationContext:
[code]<?xml version="1.0" encoding="UTF-8"?>

<!--
- Sample namespace-based configuration
-
-->
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">

<global-method-security secured-annotations="enabled">
<!-- AspectJ pointcut expression that locates our "post" method and applies security that way
<protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_USER"/>

-->
</global-method-security>

<http auto-config="true" access-denied-page="/view/error/403.jsp">
<intercept-url pattern="/login.jsp*" filters="none"/>

<intercept-url pattern="/view/admin/**" access="ROLE_ADMIN"/>
<intercept-url pattern="/view/member/**" access="ROLE_USER,ROLE_ADMIN"/>


<!-- All of this is unnecessary if auto-config="true" -->
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/person.jsp" />

<!--anonymous /-->

<!--http-basic / -->

<logout logout-success-url="/index.html"/>

<!--remember-me /-->

<!--servlet-api-integration /-->

<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>

</http>


<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT username, password, 'true' FROM app_user WHERE username=?"
authorities-by-username-query="SELECT username, role.name as authority FROM app_user, role, user_role WHERE user_role.user_id = app_user.id AND app_user.username = ?"/>
</authentication-provider>

</beans:beans>

[setki]

Got simular errors.

Reason was that the jar's needed were not in place and wrong versions....

[setki]

Case solved:

the needed jar's were not in place after deploy in the \WEB-INF\lib

[mickknutson]

That was not the issue. But I did solve the issue:

First off, when I was using acegi, I declared an applicationContext-test.xml that myTestNG would instanciate. I then would import my other applicationContext*.xml's that I thought I would need. Now this did not cause an issue in acegi:
<import resource="classpath:applicationContext-service.xml"/>
<import resource="classpath:/WEB-INF/applicationContext*.xml"/> But when I moved to Spring Security 2.0.2, I started getting this error:
Offending resource: class path resource [applicationContext-test.xml];
nested exception is org.springframework.beans.factory.parsing.BeanDefi nitionParsingException:
Configuration problem: Duplicate <global-method-security> detected.
Offending resource:
file [C:\opt\projects\baselogic\common-services\webapp-services\web\target\test-classes\WEB-INF\applicationContext-security.xml]
at org.springframework.beans.factory.parsing.FailFast ProblemReporter.error(FailFastProblemReporter.java :68) When I removed the <global-method-security> I got the same error in the <http> section just as the spring thread above.
The thing that helped me to solve this, and was a strange indicator, was that when I ran this stand alone "mvn -Dcargo.wait=true cargo:start" or "mvn tomcat:run-war" the application would start, and function as expected. So I was confused as everything worked before Spring Security, but now it does not.
The issue seems to be that if maven is deploying the application to embedded tomcat, then TestNG is starting the applicationContext-test.xml which in turn was importing classpath:/WEB-INF/applicationContext*.xml which is the same import as my web.xml is importing:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext*.xml
</param-value>
</context-param> The strange thing is, only my Spring Security has the issue. All my other beans start just fine. So as soon as I removed that declaration from my applicationContext-test.xml for TestNG Testing, the error was fixed.

[Megha Shankar]

I want to customize the SessionRegistry inorder to implement cluster aware concurrent session control. I am using the session-registry-ref attribute of <concurrent-session-control> to refer to the custom registry.
But once I do this, spring security allows multiple logins.
I am not sure what is wrong.

[totempole]

With JUnit, I got a similar error.

@RunWith(SpringJUnit4ClassRunner.class)
@TestExecutionListeners( { DependencyInjectionTestExecutionListener.class,
TransactionalTestExecutionListener.class })
@ContextConfiguration(locations = "/WEB-INF/config/spring-*.xml")
@Transactional

It turned out to be the setting of @ContextConfiguration(locations = "/WEB-INF/config/spring-*.xml"), as my master spring-application.xml imports other spring config files for different aspects. Interesting enough, only tags in spring-security.xml seems to be loaded repeatedly. Changing to @ContextConfiguration(locations = "/WEB-INF/config/spring-application.xml") fixed the problem.

Quote:

Originally Posted by mickknutson

That was not the issue. But I did solve the issue:

First off, when I was using acegi, I declared an applicationContext-test.xml that myTestNG would instanciate. I then would import my other applicationContext*.xml's that I thought I would need. Now this did not cause an issue in acegi:
<import resource="classpath:applicationContext-service.xml"/>
<import resource="classpath:/WEB-INF/applicationContext*.xml"/> But when I moved to Spring Security 2.0.2, I started getting this error:
Offending resource: class path resource [applicationContext-test.xml];
nested exception is org.springframework.beans.factory.parsing.BeanDefi nitionParsingException:
Configuration problem: Duplicate <global-method-security> detected.
Offending resource:
file [C:\opt\projects\baselogic\common-services\webapp-services\web\target\test-classes\WEB-INF\applicationContext-security.xml]
at org.springframework.beans.factory.parsing.FailFast ProblemReporter.error(FailFastProblemReporter.java :68) When I removed the <global-method-security> I got the same error in the <http> section just as the spring thread above.
The thing that helped me to solve this, and was a strange indicator, was that when I ran this stand alone "mvn -Dcargo.wait=true cargo:start" or "mvn tomcat:run-war" the application would start, and function as expected. So I was confused as everything worked before Spring Security, but now it does not.
The issue seems to be that if maven is deploying the application to embedded tomcat, then TestNG is starting the applicationContext-test.xml which in turn was importing classpath:/WEB-INF/applicationContext*.xml which is the same import as my web.xml is importing:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext*.xml
</param-value>
</context-param> The strange thing is, only my Spring Security has the issue. All my other beans start just fine. So as soon as I removed that declaration from my applicationContext-test.xml for TestNG Testing, the error was fixed.

[taochenpfj]

when i remove the configuration of applicationContext*.xml in my web.xml,the problem is fixed!!!
But what is wrong with this, I don't have TestNG or JUnit.
Although there is a <http> which is indicated null for the first time in the process stack,where this http is from is the great question I think!!!!