We have a web application built upon Spring Framework 3.2.x (3.2.12-RELEASE at moment) and Spring Security 3.2.x (i.e 3.2.5-RELEASE)
Security is implemented with classical Spring approach. In web.xml we load ApplicationContext and springSecurityFilterChain
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath*:META-INF/spring/applicationContext*.xml
</param-value>
</context-param>
...
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
As of a change in requirements, we are trying to investigate on how to permit different HttpSessions per tab (or window) within the same browser: in this scenario the same physical user can log in the application using two separate app-users.
I can understand that this is not possibile using JSESSIONID cookie approach. I'm trying using Spring Session (Spring Session and Spring Security and Spring Session Multiple Session) but i can't manage doing it, having difficulties mixing my XML configuration with the JavaConfig approach shown in links before, Tomcat does not even start with a lot of errors.
I'm new with mixing XML and JavaConfig approch, so..can anyone give me an hint in how to proceed with Spring Session?
Are there other ways to fulfill my requirement?
