Spring Security session-management setting and IllegalStateException
Posted
by JayL
on Stack Overflow
See other posts from Stack Overflow
or by JayL
Published on 2010-01-26T06:35:49Z
Indexed on
2010/04/07
18:23 UTC
Read the original article
Hit count: 937
spring-security
|session-timeout
I'm trying to add <session-management>
in my Spring Security namespace configuration so that I can provide a different message than the login page when the session times out. As soon as I add it to my configuration it starts throwing "IllegalStateException: Cannot create a session after the response has been committed" when I access the app.
I'm using Spring Security 3 and Tomcat 6. Here's my configuration:
<http>
<intercept-url pattern="/go.htm" access="ROLE_RESPONDENT" />
<intercept-url pattern="/complete.htm" access="ROLE_RESPONDENT" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login login-processing-url="/j_spring_security_check"
login-page="/login.htm"
authentication-failure-url="/login.htm?error=true"
default-target-url="/go.htm"
/>
<anonymous/>
<logout logout-success-url="/logout_message.htm"/>
<session-management invalid-session-url="/login.htm" />
</http>
Everything works great until I add in the <session-management>
line. What am I missing?
© Stack Overflow or respective owner