On 14/12/2012 11:08 πμ, jleleu wrote:
Hi,
I'm the developer of the "TerminateWebSessionListener" optimization.
I will do some tests today to see if I can reproduce the problem.
Best regards,
Jérôme
Hello Jérôme,
Thanks for taking a look at this. I would also like to say that there is
another issue with TerminateWebSessionListener, that I just found. If
Services management is not SSO enabled and timeToDieInSeconds passes
without any action, then the user is redirected again to the login form.
The problem is that the cas.securityContext.serviceProperties.service,
which is set as serviceManagerUrl, contains j_acegi_cas_security_check,
so when the user after timeToDieInSeconds tries to access, let's say,
${server.prefix}/services/manage.html his web session is terminated
because the url does not start with $serviceManagerUrl.
The solution was to add a new property in cas.properties
services.url=${server.prefix}/services and change
terminateWebSessionListener bean definition to use this new property.
Best regards,
Pavlos
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
