Getting error while reading value from property file in spring security:session-management tag

Question

I need to implement session management in spring security but I am getting an error while deploying the application on tomcat. Application is trying to fetch invalid-session-url and expired-url property values from property file but getting error on deplement.

<security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true">
    <security:intercept-url pattern="/*" access="ROLE_USER"/>
    <security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"/>
    <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="#{CAS_server}/logout?service=#{CAS_application}/" delete-cookies="JSESSIONID"/>
    <security:session-management invalid-session-url="#{CAS_server}/logout?service=#{CAS_application}" session-fixation-protection="newSession" >
        <security:concurrency-control max-sessions="1"  expired-url="#{CAS_server}/logout?service=#{CAS_application}" error-if-maximum-exceeded="true" />
    </security:session-management>
</security:http>

I am only getting this error on session-management tag. Any one have any idea.

Answer 1

Quickly configured a Spring security app and my configuration contain following and it works fine ( note the injection of properties in session management tag)

test.properties

mytestservice=MyApp
loginurl=/my-login.html
invalidsessionurl=/my-login.html

Spring security config

<bean id="webPropertyConfigurer"
        class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="ignoreResourceNotFound" value="true" />
        <property name="ignoreUnresolvablePlaceholders" value="true" />
        <property name="locations">
            <list>
                <value>classpath:test.properties</value>
            </list>
        </property>
    </bean>



    <security:http>
        <security:intercept-url pattern="/my-login.jsp" access="permitAll" />
        <security:intercept-url pattern="/**" access="hasRole('USER')" />
        <security:form-login login-page="${loginurl}"
                             authentication-failure-url="${loginurl}?error" />
        <security:http-basic />
        <security:session-management invalid-session-url="${invalidsessionurl}/logout?service=${mytestservice}" session-fixation-protection="newSession" />
        <security:logout />
    </security:http>