Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 30 21:15
    vpavic milestoned #333
  • Jan 30 21:15
    vpavic milestoned #204
  • Jan 30 20:50
    vpavic milestoned #1329
  • Jan 30 20:50
    vpavic labeled #1329
  • Jan 30 20:50
    vpavic opened #1329
  • Jan 30 20:42
    vpavic labeled #78
  • Jan 30 20:42
    vpavic closed #78
  • Jan 30 20:41
    vpavic labeled #22
  • Jan 30 20:41
    vpavic closed #22
  • Jan 30 20:41
    vpavic labeled #21
  • Jan 30 20:41
    vpavic closed #21
  • Jan 30 20:41
    vpavic labeled #19
  • Jan 30 20:41
    vpavic closed #19
  • Jan 30 18:22
    ltzdby opened #1328
  • Jan 29 20:57
    vpavic closed #1327
  • Jan 29 20:56

    vpavic on 2.0.x

    Ignore failed rename operation … (compare)

  • Jan 29 20:50
    vpavic labeled #1327
  • Jan 29 20:50
    vpavic milestoned #1327
  • Jan 29 20:50
    vpavic labeled #1327
  • Jan 29 20:50
    vpavic labeled #1327
Katia Aresti
@karesti
Thanks for the answer
So, in the case of a remove/delete
expiration
is is possible to create a new session object from the Id of the expired session object and notify that way ?
Pavan K Jadda
@pavankjadda
Guys,
I am trying to implement RememberMe service for my Spring Security application with Spring Session management. I configured, SpringSessionRememberMeServices and SpringSessionBackedSessionRegistry beans based on Spring Session Documentation. When I try to autowire FindByIndexNameSessionRepository I got the following error
Could not autowire. No beans of 'FindByIndexNameSessionRepository<Session>' type found
Vedran Pavic
@vpavic
@karesti Not sure if I understood you correctly - you'd like to create a new Session instance in your session expiry handling code and have it attached to HttpSessionEvent instance? There's no way to create a Session instance with the desired session id, but even if that was possible I wouldn't recommend that approach as you'd be breaking javax.servlet.http.HttpSessionEvent#getSession contract by returning an unrelated session (with different set of properties, attributes, etc.).
Ultimately, most (if not all data) stores have some limitations when used as session stores. In your case this sounds like a limitation of Infinispan in client-server topology.
@pavankjadda See #849 and #1154 for examples. I guess are docs are a bit off there - could you open an issue to improve on that?
Katia Aresti
@karesti
@vpavic thank you, actually I was talking about MapSession, not the Session object. However, we are going to use a custom listener to retrieve the session object when using the remote infinispan instead of the regular client listeners that give only the session id
So there is not such limitation today, it is just something we didn't need before because events were handled only with the id
thanks for the reply! :)
Vedran Pavic
@vpavic

Hi @karesti!

actually I was talking about MapSession, not the Session object.

I referred to Session as I didn't know which particular implementation of org.springframework.session.Session are you working with.
In any case, glad to hear you have managed to work around the original problem - some of our SessionRepository implementations also needed to be a bit creative (so to say :) ) in order to support the HttpSessionEvent use-case.

Katia Aresti
@karesti
@vpavic I have already a PR here to fix this issue. infinispan/infinispan#6534 this will be merged soon and the boot starter will be released with 9.4.5.Final soon with the fixes
Pavan K Jadda
@pavankjadda
@vpavic I added your but I still see same error
Pavan K Jadda
@pavankjadda
Screen Shot 2018-12-17 at 1.02.12 AM.png
Pavan K Jadda
@pavankjadda
Screen Shot 2018-12-17 at 1.22.54 AM.png
@vpavic I created ParameterizedConsumer class, But I still see the same error. I am using JDBC backed session store
Vedran Pavic
@vpavic
@pavankjadda From what I see, that's an error generated by IntelliJ tooling, rather than compilation error. Did you actually try to compile and run that?
Pavan K Jadda
@pavankjadda
@vpavic When I run it, I see following error
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.session.jdbc.JdbcOperationsSessionRepository]: Circular reference involving containing bean 'org.springframework.boot.autoconfigure.session.JdbcSessionConfiguration$SpringBootJdbcHttpSessionConfiguration' - consider declaring the factory method as static for independence from its containing instance. Factory method 'sessionRepository' threw exception; nested exception is java.lang.IllegalArgumentException: Property 'dataSource' is required
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.1.3.RELEASE.jar:5.1.3.RELEASE]
    at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:622) ~[spring-beans-5.1.3.RELEASE.jar:5.1.3.RELEASE]
    ... 121 common frames omitted
Caused by: java.lang.IllegalArgumentException: Property 'dataSource' is required
    at org.springframework.jdbc.support.JdbcAccessor.afterPropertiesSet(JdbcAccessor.java:160) ~[spring-jdbc-5.1.3.RELEASE.jar:5.1.3.RELEASE]
    at org.springframework.jdbc.core.JdbcTemplate.<init>(JdbcTemplate.java:166) ~[spring-jdbc-5.1.3.RELEASE.jar:5.1.3.RELEASE]
    at org.springframework.session.jdbc.config.annotation.web.http.JdbcHttpSessionConfiguration.createJdbcTemplate(JdbcHttpSessionConfiguration.java:218) ~[spring-session-jdbc-2.1.2.RELEASE.jar:2.1.2.RELEASE]
    at org.springframework.session.jdbc.config.annotation.web.http.JdbcHttpSessionConfiguration.sessionRepository(JdbcHttpSessionConfiguration.java:97) ~[spring-session-jdbc-2.1.2.RELEASE.jar:2.1.2.RELEASE]
    at org.springframework.boot.autoconfigure.session.JdbcSessionConfiguration$SpringBootJdbcHttpSessionConfiguration$$EnhancerBySpringCGLIB$$57982810.CGLIB$sessionRepository$1(<generated>) ~[spring-boot-autoconfigure-2.1.1.RELEASE.jar:2.1.1.RELEASE]
    at org.springframework.boot.autoconfigure.session.JdbcSessionConfiguration$SpringBootJdbcHttpSessionConfiguration$$EnhancerBySpringCGLIB$$57982810$$FastClassBySpringCGLIB$$319239f8.invoke(<generated>) ~[spring-boot-autoconfigure-2.1.1.RELEASE.jar:2.1.1.RELEASE]
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) ~[spring-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363) ~[spring-context-5.1.3.RELEASE.jar:5.1.3.RELEASE]
    at org.springframework.boot.autoconfigure.session.JdbcSessionConfiguration$SpringBootJdbcHttpSessionConfiguration$$EnhancerBySpringCGLIB$$57982810.sessionRepository(<generated>) ~[spring-boot-autoconfigure-2.1.1.RELEASE.jar:2.1.1.RELEASE]
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
    at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.1.3.RELEASE.jar:5.1.3.RELEASE]
    ... 122 common frames omitted
But datasource is defined in application.properties and my source file located here
Milad
@miladamery

Hi. i configured a spring boot app to use spring session with redis. in SessionDestroyedEvent im using

ServletRequestAttributes ra = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes

i need this to get the requestedUrl attribute. before using spring session this was ok but now i get the following exception:

Error publishing org.springframework.session.events.SessionDeletedEvent[source=org.springframework.session.data.redis.RedisOperationsSessionRepository@785f06af].
Java.lang.ClassCastException: org.springframework.web.context.request.FacesRequestAttributes cannot be cast to org.springframework.security.web.context.request.ServletRequestAttributes

does anyone know why this happens?

Jakub Kubryński
@jkubrynski
Hi! Does anyone have similar issues with session-mongodb? spring-projects/spring-session-data-mongodb#53
Greg Turnquist
@gregturn
@jkubrynski Are you able to craft a test case? I'm sure we can get this fixed.
Jakub Kubryński
@jkubrynski
@gregturn as posted in the issue it's enough to just enough to extend https://github.com/spring-projects/spring-session-data-mongodb/blob/master/src/test/java/org/springframework/session/data/mongo/JacksonMongoSessionConverterTest.java test and check if expireAt field is integer or array
Herve DARRITCHON
@herveDarritchon
hi, I 'd like to do a Custom Session Repository based on Redis but that don't need pub/sub because we use Dynomite to do the cross datacenter replication. What I think what have to be done, it's to do a custom repository Class (based on RedisOperationsSessionRepository class) but without pub/sub messaging. And I have to register the bean sessionRepository to this new custom class instead of the one auto configure by Spring-Boot. (I have posted a question on stackoverflow about this issue : https://stackoverflow.com/questions/55818188/custom-spring-session-repository-redis-with-dynomite). Can you help me ?
Okke Harsta
@oharsta
@herveDarritchon Try adding the org.springframework.context.annotation.Primary annotation to your bean definition.
Herve DARRITCHON
@herveDarritchon
@oharsta it doesn’t work :(
this is the exception [17:47:06.124] WARN [nConfigServletWebServerApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.support.BeanDefinitionOverrideException: Invalid bean definition with name 'sessionRepository' defined in class path resource [com/orange/ccmd/spring/redis/SessionConfig.class]: Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=true; factoryBeanName=sessionConfig; factoryMethodName=sessionRepository; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [com/orange/ccmd/spring/redis/SessionConfig.class]] for bean 'sessionRepository': There is already [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration; factoryMethodName=sessionRepository; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfiguration.class]] bound.

and my config class

@EnableRedisHttpSession
public class SessionConfig extends AbstractHttpSessionApplicationInitializer {

    @Bean
    @Primary
    public SessionRepository sessionRepository() {
        return new InitialRedisDynoSessionRepository();
    }
}

but I use spring-boot in my app. May be it is not the right way to do so ?

Okke Harsta
@oharsta
@herveDarritchon @Primary is not enough from version 2.1.0+. You’ll also need to allow bean definition overriding. See https://github.com/spring-projects/spring-boot/issues/13609#issuecomment-435485946
Herve DARRITCHON
@herveDarritchon

@oharsta Ok, I see but my problem (may be I am wrong) but my custom class is not the same type as the standard class (plead find below the 2 signatures).
I get an exception, quite clear I guess. If I am doing an override method of the bean, I have to have the same type.

[21:10:27.047] WARN   [nConfigServletWebServerApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'redisMessageListenerContainer' defined in class path resource [org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.data.redis.listener.RedisMessageListenerContainer]: Factory method 'redisMessageListenerContainer' threw exception; nested exception is java.lang.IllegalStateException: @Bean method RedisHttpSessionConfiguration.sessionRepository called as bean reference for type [org.springframework.session.data.redis.RedisOperationsSessionRepository] but overridden by non-compatible bean instance of type [com.orange.ccmd.spring.redis.RedisDynoSessionRepository]. Overriding bean of same name declared in: class path resource [com/orange/ccmd/spring/redis/SessionConfig.class]

This is my custom class signature :

public class RedisDynoSessionRepository implements
        FindByIndexNameSessionRepository<RedisDynoSessionRepository.RedisSession>

And this is the standard Class :

public class RedisOperationsSessionRepository implements
        FindByIndexNameSessionRepository<RedisOperationsSessionRepository.RedisSession>,
        MessageListener

It implements the MessageListener but as I don’t want to do messaging in my custom class I don’t implement this interface.

Herve DARRITCHON
@herveDarritchon
Hi, I have opened an issue on the github Spring-sesssion repo (spring-projects/spring-session#1406). I had my answer. In fact, I did it the wrong way. As it is stated in the documentation. I have to use the @EnableSpringHttpSessionannotation to register my custom bean instead of the @EnableRedisHttpSession.
Katia Aresti
@karesti
Hi, someone detected that in our Infinispan Session, when the session id is modified, we don't remove explicitly the [session-id|mapsession] key-value from Infinispan. The user has opened a pull request that removes the entry if the session id has changed (id != originalId). This seems ok for me, but the user has called "deleteById" method instead of just removing the value from infinispan. Which means that an event is send whenever this scenario happens (a session deleted event). I think is right to remove the session from infinispan and create a new entry, but I'm not sure about sending any event in this scenario
The pull request is here
Could anyone in Spring session give me some light on that? thanks a lot
jcn
@illingtonFlex
I am trying to use spring-session-hazelcast for session replication, and I don't think I have it configured correctly. The app loses state between requests. It works without spring-session enabled, but once I turn on session replication, it breaks. I have a very simple demo repo here: https://github.com/illingtonFlex/ViewScopeDemo
If you run the app and go to /index.html, you see that modifications to the fields do not persist into the session. But with the spring-session-hazelcast dependency removed, the app works. Any ideas what I might be missing?
Katia Aresti
@karesti
Hi again I got my answer when I looked to the hazelcast and redis implementation
You use delete instead of remove and delete brings null old value, so you skip notification that way
Koizumi85
@Koizumi85

Hi everyone.
I am not sure If I am right here, but I found an "incompatibility between default values" for the reactive spring-webflux and the non-reactive servlet based session handling.
It is based in the CookieHttpSessionIdResolver respectively in CookieWebSessionIdResolver.
By default, the Servlet-based strategy is base64-encoding the session id for the cookie value, the reactive solution does not (and seems not to have an option to activate such a behavior as far I can see).
So in an heterogenous microservice environment with servlet- and webflux-based microservices, a setup using the default values, will not work. So for example:
auth-service creates the cookie (base64 encoded, because it is a servlet-based application), and another microservice (a spring-cloud-gateway API gateway for example) would fail to find the session because it tries to find the base64 encoded value in the database.

So my questions:

  • Is this "working as intended"?
  • Wouldn't it be better to make the default behavior the same "in both worlds" by implementing Base64 encoding/decoding in CookieWebSessionIdResolver by default too?
Vedran Pavic
@vpavic
Hi @Koizumi85. Note that CookieHttpSessionIdResolver is a Spring Session component, and for Servlet apps we're handling session cookie while CookieWebSessionIdResolver is a part of Spring WebFlux.
Koizumi85
@Koizumi85
@vpavic yes. I saw that. But nonetheless it's very confusing if there are two different default behaviors. I think the two project teams should try to discuss about one behavior for both web stacks. Or at least document this somewhere really clearly... maybe I failed to google for the right stuff, but it took me a long time to figure out why my authentication is not working as intended...
Vedran Pavic
@vpavic
Can you clarify what actually caused your authentication not to work correctly? This is a difference, albeit in different stacks (Servlet vs Reactive) so I wouldn't expect it to cause issues.
But I'll try bringing this up against Framework.
I've just re-read you original comment - are you sharing Spring Session backed session store between different apps?
mlakshminara
@mlakshminara
Am using spring-session-hazelcast 1.3.1.RELEASE version for session replication but when I hit the login page it goes in an infinite loop invoking /oauth/authorize and /login
see hazelcast-spring sample project inside the zip file (spring-session-1.3.2.RELEASE\samples)
can any one help in setting up spring-session for hazelcasr
mlakshminara
@mlakshminara
does spring-session can be used to stored Spring's Security Context since it doesn't have customized SecurityContextPersistenceFilter. So can we use spring-session to replicate SecurityContext by having a customized context repository other than the default HttpSessionSecurityContextRepository