Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>You will indeed be open to session fixations attacks. To remedy this you could again be "inspired" by the Spring code. To create a new session you'll obviously need access to the httpsession so you may have to do some refactoring.</p> <p>If you see the method <a href="https://fisheye.springsource.org/browse/~raw,r=3640/spring-security/trunk/web/src/main/java/org/springframework/security/web/session/SessionUtils.java" rel="nofollow noreferrer"><code>SessionUtils</code></a>.<code>startNewSessionIfRequired</code>.</p> <p>This will migrate the authentication to a new session. You might be able to call this method directly or else just refactor the code a little.</p> <p>As for programmatic logout you can't go too far wrong by simply calling <code>session.invalidate()</code> when you need to log the person out. This will do everything necessary from a general security perspective but bear in mind though you might need to cleanup some things on the session. If you have a very complicated set of filters etc. and you need to ensure that that the user is logged out for the rest of the request then you could add:</p> <pre><code>SecurityContextHolder.getContext().setAuthentication(null); </code></pre> <p>As for interception of the url's you could just set them to something unused and ignore it! I'm not sure if you can turn off the interception in configuration - if you really want to remove it then have a look at the <code>AuthenticationProcessingFilter</code> - you could customise this. If you do this then you'll have to manually setup the spring security xml and not use the provided namespaces. It's not too hard though - look at some older documentation and you'll see how to do this. </p> <p>Hope this helps!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload