Spring Security and the Synchronizer Token J2EE pattern, problem when authentication fails.
- by dfuse
Hey,
we are using Spring Security 2.0.4. We have a TransactionTokenBean which generates a unique token each POST, the bean is session scoped. The token is used for the duplicate form submission problem (and security). The TransactionTokenBean is called from a Servlet filter.
Our problem is the following, after a session timeout occured, when you do…
