Partage de sessions Spring Security entre browsers
Bonjour,
c'est la premiere fois que je configure spring security et apres avoir cru que c'etait terminé, je me suis retrouvé confronté à un probleme.
Lorsque je me connecte avec 2 utilisateurs sur 2 browsers differents et meme sur 2 machines differentes, lorsque le deuxieme utilisateur c'est connecté, si je rafraichi la fenetre du 1ere utilisateur je me retrouve alors sur la page du 2eme utilisateur. En resumé ma session spring security est partagée sans que je comprenne pourquoi.
Voici ma configuration:
Code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118
|
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<sec:http auto-config="true" >
<sec:intercept-url pattern="/jsf/home.xhtml"
access="ROLE_ECRITURE, ROLE_LECTURE, ROLE_ADMIN" />
<sec:intercept-url pattern="/jsf/resultTestEligibilite_ADSL.xhtml"
access="ROLE_ECRITURE, ROLE_LECTURE, ROLE_ADMIN" />
<sec:intercept-url pattern="/jsf/resultTestEligibilite_SDSL.xhtml"
access="ROLE_ECRITURE, ROLE_LECTURE, ROLE_ADMIN" />
<sec:intercept-url pattern="/jsf/resultTestEligibilite_SDSLplus.xhtml"
access="ROLE_ECRITURE, ROLE_LECTURE, ROLE_ADMIN" />
<sec:logout invalidate-session="true"
delete-cookies="JSESSIONID"
success-handler-ref="customLogoutSuccessHandler"/>
<sec:form-login login-processing-url="/j_spring_security_check"
login-page="/index.xhtml" default-target-url="/jsf/home.xhtml"
authentication-failure-url="/index.xhtml?error=1" />
<sec:session-management invalid-session-url="/j_spring_security_logout" />
</sec:http>
<bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="ignoreResourceNotFound" value="true" />
<property name="ignoreUnresolvablePlaceholders" value="false" />
<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
<property name="locations">
<list>
<value>
classpath:/jboss.properties
</value>
</list>
</property>
</bean>
<bean id="ldapUserSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="${ldap.user-search-base}" />
<constructor-arg index="1" value="${ldap.user-search-filter}" />
<constructor-arg index="2" ref="contextSource" />
<property name="searchSubtree" value="true" />
</bean>
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="${ldap.url}" />
<property name="userDn" value="${ldap.manager-dn}" />
<property name="password" value="${ldap.manager-password}" />
</bean>
<sec:ldap-server
url="${ldap.url}"
manager-dn="${ldap.manager-dn}"
manager-password="${ldap.manager-password}"
id = "contextSource"
root="${ldap.root}"/>
<sec:ldap-user-service id="ldapUserService"
server-ref="contextSource"
group-search-base="${ldap.group-search-base}"
group-role-attribute="${ldap.group-role-attribute}"
group-search-filter="${ldap.group-search-filter}"
user-search-base="${ldap.user-search-base}"
user-search-filter="${ldap.user-search-filter}" />
<sec:authentication-manager alias="MyManager">
<sec:ldap-authentication-provider
user-search-base="${ldap.user-search-base}"
user-search-filter="${ldap.user-search-filter}"
group-search-base="${ldap.group-search-base}"
group-search-filter="${ldap.group-search-filter}"
role-prefix="${ldap.role-prefix}"
user-context-mapper-ref="customUserDetailsMapper">
<sec:password-compare hash="{sha}" >
<sec:password-encoder ref="passwordEncoder" />
</sec:password-compare>
</sec:ldap-authentication-provider>
</sec:authentication-manager>
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.LdapShaPasswordEncoder" >
<property name="forceLowerCasePrefix" value="true" />
</bean>
<bean id="LdapUserDetailManager"
class="org.springframework.security.ldap.userdetails.LdapUserDetailsManager">
<constructor-arg ref="contextSource" />
<property name="attributesToRetrieve" >
<list>
<value>wsEligXdslFaiUsername</value>
</list>
</property>
</bean>
<!-- <bean id="ldapAuthenticationProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> -->
<!-- <property name="userDetailsContextMapper" ref="customUserDetailsMapper" /> -->
<!-- </bean> -->
<bean id="customUserDetailsMapper"
class="com.eligibilite.ihm.ldap.impl.CustomUserDetailsContextMapper" />
</beans> |
Est ce que quelqu'un saurait d'ou est ce que ca pourrait venir? Je suis completement perdu