Spring Security session-management setting and IllegalStateException

Posted by JayL on Stack Overflow See other posts from Stack Overflow or by JayL
Published on 2010-01-26T06:35:49Z Indexed on 2010/04/07 18:23 UTC
Read the original article Hit count: 932

Filed under:

spring-security

|

session-timeout

I'm trying to add <session-management> in my Spring Security namespace configuration so that I can provide a different message than the login page when the session times out. As soon as I add it to my configuration it starts throwing "IllegalStateException: Cannot create a session after the response has been committed" when I access the app.

I'm using Spring Security 3 and Tomcat 6. Here's my configuration:

<http>
    <intercept-url pattern="/go.htm" access="ROLE_RESPONDENT" />
    <intercept-url pattern="/complete.htm" access="ROLE_RESPONDENT" />                          
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <form-login login-processing-url="/j_spring_security_check" 
                login-page="/login.htm" 
                authentication-failure-url="/login.htm?error=true" 
                default-target-url="/go.htm"
    />      
    <anonymous/>
    <logout logout-success-url="/logout_message.htm"/>  
    <session-management invalid-session-url="/login.htm" />     

</http>

Everything works great until I add in the <session-management> line. What am I missing?

© Stack Overflow or respective owner

Related posts about spring-security

Spring Security - Interactive login attempt was unsuccessful

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been trying to track down why Spring Security isn't creating the SPRING_SECURITY_REMEMBER_ME_COOKIE so I turned on logging for org.springframework.security.web.authentication.rememberme. At first glance, the logs make it seem like the login is failing but the login is actually successful in the… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More
Spring Security - Persistent Remember Me Issue

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been trying to track down why Spring Security isn't creating the Spring Security remember me cookie (SPRING_SECURITY_REMEMBER_ME_COOKIE). At first glance, the logs make it seem like the login is failing, but the login is actually successful in the sense that if I navigate to a page that requires… >>> More
Problem with Remember Me Service in Spring Security

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to implement a "remember me" functionality in my website using Spring. The cookie and entry in the persistent_logins table are getting created correctly. Additionally, I can see that the correct user is being restored as the username is displayed at the top of the page. However, once… >>> More
Spring Security 3 - j_spring_security_check is not found

as seen on Stack Overflow - Search for 'Stack Overflow'
I use Spring Security with Spring Framework 3 and when I tyr to login from homepage I get following error: 2010-04-26 12:16:39,525 [tomcat-http--2] WARN org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/AppName/app/j_spring_security_check] in DispatcherServlet… >>> More

Related posts about session-timeout

asp.net 2.0 session timeout

as seen on Stack Overflow - Search for 'Stack Overflow'
I apologize in advance for this likely being asked before. I have an asp.net 2.0 web application and am trying to set the session timeout. My first attempt was to add this to the web.config. < sessionState mode="InProc" timeout="300" Users would tell me though that after about 20 minutes of… >>> More
WCF Reliable Session Timeout

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, when do reliable sessions time out? My session class is defined as follows: [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession, ConcurrencyMode = ConcurrencyMode.Multiple)] and in my app.config... <bindings> <netTcpBinding> <binding name="FTS_netTcpBinding"> … >>> More
Can I set Session timeout for a specified Session variable differently than other Session Variables

as seen on Stack Overflow - Search for 'Stack Overflow'
I'd like to set the timeout on a specific Session Variable in a .Net web application, but leave other Session variables alone. Is this possible? Example: I have 5 Session Variables Session(var1) Session(var2) Session(var3) Session(var4) Session(var5) I want to set it so that Session(var1) through… >>> More
How do I fix: InvalidOperationException upon Session timeout in Ajax WebService call

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi All, We are invoking Asp.Net ajax web service from the client side. So the JavaScript functions have calls like: // The function to alter the server side state object and set the selected node for the case tree. function JSMethod(caseId, url) { Sample.XYZ.Method(param1, param2, OnMethodReturn);… >>> More
How to prevent session timeout in Symfony 1.0?

as seen on Stack Overflow - Search for 'Stack Overflow'
I've used the PHP MVC framework Symfony to build an on-demand web app. It has an annoying bug - the session expires after about 15-30 minutes of inactivity. There is a config directive to prevent session expiration but it does not work. Even workarounds such as this one did not help me. I intend… >>> More