spring security j_spring_security logout problem

Question

i am working on spring security. but the j_spring_security serlvet seems not working. how do i debug the problem, or at least look for the root cause? i dont see any useful log

Answer 1

Spring Security requires a <listener> in web.xml in order to enable <concurrency-control>, see docs:

<listener>
    <listener-class>
        org.springframework.security.web.session.HttpSessionEventPublisher
    </listener-class>
</listener>

Answer 2

i dont see any useful log files...

Have you configured logging in your webapp to set the logging level to DEBUG? Spring / SpringSecurity output a lot of useful stuff at that level.

EDIT

Your logfiles are typically written to $CATALINA_HOME/logs, but that depends on your logging properties.

The simple way to configure a webapp's logging (assuming log4j) is to put a log4j.properties or log4j.xml file into the webapp's /WEB-INF/classes directory.

If you want to access resource files via the classpath, they also need to be in the classes directory. However if you can access them other ways they could be anywhere in the webapp tree. (You could even put the resources outside of the tree, but then you'd have issues with deploying them.)

These questions are all addressed more comprehensively in the relevant Tomcat and Log4j documentation. And possibly also in the Spring "getting started" documentation.