Mike3355
Reputation: 12101
Error when trying to use session-management
I am trying to place session-management in my security-application.xml file.
Error:
Invalid content was found starting with element 'session-management'. One of '{"http://www.springframework.org/schema/security":intercept-url,
I tried to put in other places but without success.
Advice?
------------------------UPDATE ONE------------------------
I tried:
<security:session-management invalid-session-url="/logonTimeOut.jsp">
<security:concurrency-control expired-url="/logonTimeOut.jsp"/>
</security:session-management>
and it is still not working.
Upvotes: 3
Views: 313
Answers (1)
ali akbar azizkhani
Reputation: 2289
I think your xml configuration is not correct .Change xml configuration like this
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd"
>
<http create-session="always" use-expressions="true">
<intercept-url pattern="/anonymous*" access="isAnonymous()"/>
<intercept-url pattern="/login*" access="permitAll"/>
<intercept-url pattern="/**" access="isAuthenticated()"/>
<csrf disabled="true"/>
<form-login login-page='/login.html' authentication-success-handler-ref="myAuthenticationSuccessHandler" authentication-failure-url="/login.html?error=true"/>
<logout delete-cookies="JSESSIONID"/>
<remember-me key="uniqueAndSecret" token-validity-seconds="86400"/>
<session-management invalid-session-url="/invalidSession.html">
<concurrency-control max-sessions="2" expired-url="/sessionExpired.html"/>
</session-management>
</http>
<beans:bean id="myAuthenticationSuccessHandler" class="org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler"/>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user1" password="user1Pass" authorities="ROLE_USER"/>
<user name="admin1" password="admin1Pass" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Upvotes: 1
Related Questions
- What is "SessionManagementFilter - Requested session ID XXX is invalid" in Spring?
- Can't use any kind of SessionListener when using Spring Security in Spring Boot
- spring session initialization error
- Spring Session and Spring Security
- Security Config - configureGlobal
- spring security session throws an error when instantiated
- Spring Security session-management setting and IllegalStateException
- Spring Security session-management session-fixation-protection not working
- spring session management not working
- Unable to make Spring 3 Session Concurency Control work