I have used securityfilter API for implementing the role based access and authorization in my web app. I have an issue when logging into the app in 2 browser instances as 2 different users
1. Suppose I logged in to the app as user1 with role as 'manager' in browser window 1
2. Next I login as user2 with role as 'customer' in browser window 2.
3. If I click on any link in the browser window 1, we get access denied error.
Ideally the browser window 1 should have the logged in user as 'user1' but in the class we have written implementing the SecurityRealmInterface prints it as 'user2'
Please suggest
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your issue here is that the 2 windows share the same session. When you log in with user2, you're changing ownership of your session from user1 to user2. If you're using IE, I seem to remember there being an option to have each window use a new session but I can't say for sure.
Good luck.
Colin
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If the web server is using cookies to manage sessions you may find that only one cookie is shared between the browser instances/windows.
I suggest you configure your web server to use URL rewriting instead of cookies. This way you can easily have multiple sessions in separate browser windows.
You will have to take care in your JSPs that you encode the URLs produced by your application.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have used securityfilter API for implementing the role based access and authorization in my web app. I have an issue when logging into the app in 2 browser instances as 2 different users
1. Suppose I logged in to the app as user1 with role as 'manager' in browser window 1
2. Next I login as user2 with role as 'customer' in browser window 2.
3. If I click on any link in the browser window 1, we get access denied error.
Ideally the browser window 1 should have the logged in user as 'user1' but in the class we have written implementing the SecurityRealmInterface prints it as 'user2'
Please suggest
Rekha,
Your issue here is that the 2 windows share the same session. When you log in with user2, you're changing ownership of your session from user1 to user2. If you're using IE, I seem to remember there being an option to have each window use a new session but I can't say for sure.
Good luck.
Colin
If the web server is using cookies to manage sessions you may find that only one cookie is shared between the browser instances/windows.
I suggest you configure your web server to use URL rewriting instead of cookies. This way you can easily have multiple sessions in separate browser windows.
You will have to take care in your JSPs that you encode the URLs produced by your application.