java - Spring Security is clearing session after successful login? SecurityContextHolder is clearing context. -


spring security 4.

html anuglarjs app

i've searched lot issue. unfortunately, none of them helped me. may seem duplicate question i've tried solution of similar questions. i'm using annotation based configuration, user authenticates , spring save generated authorities object securitycontextholder. i'm using html+ angularjs app client, when i'm calling login resource, authenticates user , within same angularjs file call resource, call resource special authority required , after calling resource spring security clears context , details in session being cleared.

oauth2securityconfiguration file security

@configuration @enablewebsecurity public class oauth2securityconfiguration extends websecurityconfigureradapter {  @autowired public void authenticationmanager(authenticationmanagerbuilder auth) throws exception {      auth.authenticationprovider(authenticationprovider());  }  @bean public abstractuserdetailsauthenticationprovider authenticationprovider() {     return new multifieldauthenticationprovider(); }  @override protected void configure(httpsecurity http) throws exception {      http.addfilterbefore(customusernamepasswordauthenticationfilter()             ,usernamepasswordauthenticationfilter.class)             .exceptionhandling().authenticationentrypoint(urlauthenticationentrypoint());      http.authorizerequests().antmatchers("/hasloggedin").hasauthority("prv_persist_session")             .antmatchers("/fetchnavbar").hasauthority("prv_fetch_nav_menu")             .anyrequest().authenticated()             .and().formlogin().permitall()             .and().csrf().disable(); }  @bean public usernamepasswordauthenticationfilter customusernamepasswordauthenticationfilter()         throws exception {     usernamepasswordauthenticationfilter authfilter = new customusernamepasswordauthenticationfilter();      authfilter.setusernameparameter("username");     authfilter.setpasswordparameter("password");     authfilter.setrequiresauthenticationrequestmatcher(             new antpathrequestmatcher("/login","post"));     authfilter.setauthenticationsuccesshandler(new customloginsuccesshandler());     authfilter.setauthenticationfailurehandler(new customloginfailurehandler());     authfilter.setauthenticationmanager(authenticationmanager());     authfilter.setsessionauthenticationstrategy(sas());     return authfilter; }  @bean public loginurlauthenticationentrypoint urlauthenticationentrypoint(){     loginurlauthenticationentrypoint loginurlauthenticationentrypoint =             new customloginurlauthenticationentrypoint("/login");     return loginurlauthenticationentrypoint; }  @override @bean public authenticationmanager authenticationmanagerbean() throws exception {     return super.authenticationmanagerbean(); }  @bean public concurrentsessioncontrolauthenticationstrategy concurrentsessioncontrolauthenticationstrategy(){     concurrentsessioncontrolauthenticationstrategy cscas=new concurrentsessioncontrolauthenticationstrategy(sessionregistry());     cscas.setmaximumsessions(10);     cscas.setexceptionifmaximumexceeded(true);     return cscas; }  @bean public compositesessionauthenticationstrategy sas(){     sessionfixationprotectionstrategy sfps=new sessionfixationprotectionstrategy();     registersessionauthenticationstrategy rsas=new registersessionauthenticationstrategy(sessionregistry());      list<sessionauthenticationstrategy> saslist=new arraylist<sessionauthenticationstrategy>();     saslist.add(concurrentsessioncontrolauthenticationstrategy());     saslist.add(sfps);     saslist.add(rsas);      compositesessionauthenticationstrategy sas= new compositesessionauthenticationstrategy(saslist);     return sas; }  @bean public sessionregistry sessionregistry(){     sessionregistry sessionregistry = new sessionregistryimpl();     return sessionregistry; }  @bean public httpsessioneventpublisher httpsessioneventpublisher() {     return new httpsessioneventpublisher(); }

}

this angularjs code

angular.module('loginapp', []).controller('logincontroller', function($scope, $http , $window ) {  $scope.idorgunit='01';  // $scope.loginformvisible=true; $scope.registerformvisible=false; $scope.signupsuccessmsgvisible = false;  /*login models*/ $scope.loginusername=''; $scope.loginpassword='';  $scope.login=function($event){     $event.preventdefault(); //this prevent default refresh     $http({         method : 'post',         url : 'http://localhost:8080/base/login',         headers: {'content-type': 'application/json'},         params :             {                 'username':$scope.loginusername,                 'password':$scope.loginpassword,                 'orgunitid':'01'             }     }).then(function mysuccess(response) {          $scope.loginresponse = response.data;          if($scope.loginresponse == '00'){              $http({                 method: 'post',                 url: 'http://localhost:8080/base/hasloggedin',                 headers: {'content-type': 'application/json'},                 params: {                 }             }).then(function mysuccess(response) {                 $scope.hasloggedinresponse = response.data;                  if ($scope.hasloggedinresponse.status.code == '00') {                      $scope.loginusername='';                     $scope.loginpassword='';                      var url = "http://" + $window.location.host + "/portal/html/index.html";                     // $log.log(url);                     $window.location.href = url;                  } else {                     //todo logout etc on service not available                     $scope.loginresponseerror = response.statustext;                 }             }, function myerror(response) {                 $scope.loginresponseerror = response.statustext;             });           }else{             $scope.loginresponseerror = response.data;         }     }, function myerror(response) {         $scope.loginresponseerror = response.statustext;     }); }  }

my success handler returning json response. great if can me in way.


Comments

Post a Comment

Popular posts from this blog

python - Operations inside variables -

this question has answer here: evaluating mathematical expression in string 12 answers i want make python script finds maximum possible output using 2 operations. problem says there syntax error @ 2nd last line, in b in there. how can fix it? x = 0 = int(input("1st number:")) c = int(input("2nd number:" )) e = int(input("3rd number:" )) in range(4): if == 0: b = "+" elif == 1: b = "-" elif == 2: b = "/" else: b = "*" j in range(4): if j == 0: d = "+" elif j == 1: d = "-" elif j == 2: d = "/" else: d = "*" k = b c d e print(k) if you're after variables e on single line, couldn...
Read more

Generic Map Parameter java -

i having lot of methods of type: public static list<eduusers> getdetails(class c, map<string, integer> params) { list<eduusers> details = null; session session = hibernateutil.getsessionfactory().opensession(); transaction tx = null; try { tx = session.begintransaction(); criteria cr = session.createcriteria(c); (map.entry<string, integer> entry : params.entryset()) { cr.add(restrictions.eq(entry.getkey(), entry.getvalue())); } details = cr.list(); tx.commit(); } catch (exception asd) { log.debug(asd.getmessage()); if (tx != null) { tx.commit(); } } { session.close(); } return details; } i trying have generic method them , have written far: public static <t> list<t> getdetails(class<t> c, class<t> b) { l...
Read more

arrays - What causes a java.lang.ArrayIndexOutOfBoundsException and how do I prevent it? -

what arrayindexoutofboundsexception mean , how rid of it? here code sample triggers exception: string[] name = {"tom", "dick", "harry"}; for(int = 0; i<=name.length; i++) { system.out.print(name[i] +'\n'); } your first port of call should documentation explains reasonably clearly: thrown indicate array has been accessed illegal index. index either negative or greater or equal size of array. so example: int[] array = new int[5]; int boom = array[10]; // throws exception as how avoid it... um, don't that. careful array indexes. one problem people run thinking arrays 1-indexed, e.g. int[] array = new int[5]; // ... populate array here ... (int index = 1; index <= array.length; index++) { system.out.println(array[index]); } that miss out first element (index 0) , throw exception when index 5. valid indexes here 0-4 inclusive. correct, idiomatic for statement here be: for (int index = 0; index <...
Read more