Details
-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 3.1
-
Fix Version/s: 3.1
-
Component/s: Sample Apps
-
Labels:None
-
Environment:ICEFaces 3.1 + Spring security 3.1.2 + Spring framework 3.0.6
-
Affects:Sample App./Tutorial
Description
Updating the swf-booking-icefaces example to use the above Spring security versions shows a few configuration incompatibilities.
Activity
Greg Dick
created issue -
Greg Dick
made changes -
Field | Original Value | New Value |
---|---|---|
Assignee | Greg Dick [ greg.dick ] |
Ken Fyten
made changes -
Salesforce Case | [] | |
Fix Version/s | 3.1 [ 10312 ] | |
Affects | [Sample App./Tutorial] |
Migration
made changes -
Status | Open [ 1 ] | Resolved [ 5 ] |
Resolution | Fixed [ 1 ] |
Ken Fyten
made changes -
Status | Resolved [ 5 ] | Closed [ 6 ] |
First, the scheme declaration in the security-config.xml file needs to be updated to refer to 3.1 as follows:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
Second, the property configurations have changed on the SessionManagementFilter. The two marked properties are no longer valid and need to be removed:
<beans:bean id="sessionManagementFilter"
class="org.springframework.security.web.session.SessionManagementFilter">
<beans:constructor-arg name="securityContextRepository" ref="httpSessionSecurityContextRepository" />
<!-- <beans:property name="invalidSessionUrl" value="/auth/sessionExpired.jsf" />-->
<!-- <beans:property name="redirectStrategy" ref="jsfRedirectStrategy" />-->
</beans:bean>
At this point the application works, however, there is a new place for the invalidSessionUrl, session management has it's own attribute now:
<session-management invalid-session-url="/auth/sessionExpired.jsf" />