Spring Security (formerly Acegi) is a useful framework for adding security to webapps. Directories, pages and the like can all be controlled with various user roles and methods can be annotated too, ensuring a belt and braces approach.
The setting to switch it on in the configuration is just this (within the other security config):
and as you can see, you can set a url for spring to redirect to if you already have a session somewhere else. The gotcha though seems to be that unless you configure a listener, it may not know when the session has expired (i.e. if you don’t log out).
so, in the good old web.xml, add this little puppy to listen out for expired sessions…
1 2 3
hopefully, job is a good ‘un