2

I want to configure expiredUrl(" ") feature in my java spring security.
I want to display HTML page when my concurrent session get expired
I tried in following way:-

JAVA

@Override
public void configure(HttpSecurity http) throws Exception {
    http
            .sessionManagement()
            .sessionFixation()
            .changeSessionId()
            .maximumSessions(1)
            .expiredUrl("/session_expired.html")
}

My context path set as localhost:8080/context_path but
I am not getting how to display session_expired.html page on expiredUrl call
I am using angularJs on Js side
Please help me to display Html page on expiredUrl call

AND

If I tried with the help of Js then my code is:-

JAVA

@Override
public void configure(HttpSecurity http) throws Exception {
    http
            .sessionManagement()
            .sessionFixation()
            .changeSessionId()
            .maximumSessions(1)
            .expiredUrl("/access/session_expired")
}

ANGULARJS

$stateProvider.state('session_expired', {
     'url': '/session_expired',
     'templateUrl': '/session_expired.html',
     'controller': 'SessionExpiredController'
})

.factory('SessionService', function ($resource, restRoot, contextPath) {
return $resource({
    'session_expired': {
        'url': contextPath + '/access/session_expired'
    },
})

.controller('SessionExpiredController', function (SessionService, $state) {
     SessionService.session_expired(function () {
         $state.go("session_expired");
     });
 });

here when session get expired it will goes on link localhost:8080/context_path/session_expired#/landing...
but I want to go on link
localhost:8080/context_path/#/session_expired

OR

I want to display direct HTML page on expiredUrl
so please guide me how to do this.

ojus kulkarni
  • 1,877
  • 3
  • 25
  • 41
  • Did you try something from StackOverflow like this http://stackoverflow.com/questions/2070179/how-to-check-session-has-been-expired-in-java ? And just forward to your page? Or create Filter and check it (and redirect) there? Maybe here http://stackoverflow.com/questions/1026846/how-to-redirect-to-login-page-when-session-is-expired-in-java-web-application – Hrabosch Sep 06 '16 at 08:28

1 Answers1

0

This configuration is working for me:

 @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/", "/list")
                .access("hasRole('USER') or hasRole('ADMIN') or hasRole('DBA')")
                .antMatchers("/newuser/**", "/delete-user-*").access("hasRole('ADMIN')").antMatchers("/edit-user-*")
                .access("hasRole('ADMIN') or hasRole('DBA')").and().formLogin().loginPage("/login")
                .loginProcessingUrl("/login").usernameParameter("ssoId").passwordParameter("password").and()
                .rememberMe().rememberMeParameter("remember-me").tokenRepository(tokenRepository)
                .tokenValiditySeconds(86400).and().csrf().and().exceptionHandling().accessDeniedPage("/Access_Denied");
    }
FuSsA
  • 4,223
  • 7
  • 39
  • 60
  • yes but I want to display HTML page on session expired, so when my session get expired that time it goes on path `localhost:8080/context_path/session_expired#/...` instead of this I want to redirect to `localhost:8080/context_path/#/session_expired` **OR** I want to return html page in `expiredUrl` – ojus kulkarni Jun 30 '16 at 05:14
  • ok and what is that `/Access_Denied` ? is it any link or something else ? – ojus kulkarni Jun 30 '16 at 09:56
  • its a AccessDenied page that will be shown if the users is not allowed to go to certain url’s.. – FuSsA Jun 30 '16 at 10:00
  • can you please share me that code, how you are showing AccessDenied page – ojus kulkarni Jun 30 '16 at 10:04
  • the code is shared.. for example if an user with role 'USER' try to type the delete URL in browser-bar and enter.He should see AccessDenied page.. only user with 'Admin' role can access to delete URL in my example.. – FuSsA Jun 30 '16 at 10:09