So, in the case of a remove/delete
expiration
is is possible to create a new session object from the Id of the expired session object and notify that way ?
Guys,
I am trying to implement RememberMe service for my Spring Security application with Spring Session management. I configured, SpringSessionRememberMeServices and SpringSessionBackedSessionRegistry beans based on Spring Session Documentation. When I try to autowire FindByIndexNameSessionRepository I got the following error
I am trying to implement RememberMe service for my Spring Security application with Spring Session management. I configured, SpringSessionRememberMeServices and SpringSessionBackedSessionRegistry beans based on Spring Session Documentation. When I try to autowire FindByIndexNameSessionRepository I got the following error
Could not autowire. No beans of 'FindByIndexNameSessionRepository<Session>' type found
@karesti Not sure if I understood you correctly - you'd like to create a new
Session instance in your session expiry handling code and have it attached to HttpSessionEvent instance? There's no way to create a Session instance with the desired session id, but even if that was possible I wouldn't recommend that approach as you'd be breaking javax.servlet.http.HttpSessionEvent#getSession contract by returning an unrelated session (with different set of properties, attributes, etc.).
Ultimately, most (if not all data) stores have some limitations when used as session stores. In your case this sounds like a limitation of Infinispan in client-server topology.
So there is not such limitation today, it is just something we didn't need before because events were handled only with the id
thanks for the reply! :)
Hi @karesti!
actually I was talking about MapSession, not the Session object.
I referred to Session as I didn't know which particular implementation of org.springframework.session.Session are you working with.
In any case, glad to hear you have managed to work around the original problem - some of our SessionRepository implementations also needed to be a bit creative (so to say :) ) in order to support the HttpSessionEvent use-case.
@vpavic I have already a PR here to fix this issue. infinispan/infinispan#6534 this will be merged soon and the boot starter will be released with 9.4.5.Final soon with the fixes
@vpavic I created ParameterizedConsumer class, But I still see the same error. I am using JDBC backed session store
@vpavic When I run it, I see following error
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.session.jdbc.JdbcOperationsSessionRepository]: Circular reference involving containing bean 'org.springframework.boot.autoconfigure.session.JdbcSessionConfiguration$SpringBootJdbcHttpSessionConfiguration' - consider declaring the factory method as static for independence from its containing instance. Factory method 'sessionRepository' threw exception; nested exception is java.lang.IllegalArgumentException: Property 'dataSource' is required
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:622) ~[spring-beans-5.1.3.RELEASE.jar:5.1.3.RELEASE]
... 121 common frames omitted
Caused by: java.lang.IllegalArgumentException: Property 'dataSource' is required
at org.springframework.jdbc.support.JdbcAccessor.afterPropertiesSet(JdbcAccessor.java:160) ~[spring-jdbc-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.springframework.jdbc.core.JdbcTemplate.<init>(JdbcTemplate.java:166) ~[spring-jdbc-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.springframework.session.jdbc.config.annotation.web.http.JdbcHttpSessionConfiguration.createJdbcTemplate(JdbcHttpSessionConfiguration.java:218) ~[spring-session-jdbc-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.session.jdbc.config.annotation.web.http.JdbcHttpSessionConfiguration.sessionRepository(JdbcHttpSessionConfiguration.java:97) ~[spring-session-jdbc-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.boot.autoconfigure.session.JdbcSessionConfiguration$SpringBootJdbcHttpSessionConfiguration$$EnhancerBySpringCGLIB$$57982810.CGLIB$sessionRepository$1(<generated>) ~[spring-boot-autoconfigure-2.1.1.RELEASE.jar:2.1.1.RELEASE]
at org.springframework.boot.autoconfigure.session.JdbcSessionConfiguration$SpringBootJdbcHttpSessionConfiguration$$EnhancerBySpringCGLIB$$57982810$$FastClassBySpringCGLIB$$319239f8.invoke(<generated>) ~[spring-boot-autoconfigure-2.1.1.RELEASE.jar:2.1.1.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) ~[spring-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363) ~[spring-context-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.springframework.boot.autoconfigure.session.JdbcSessionConfiguration$SpringBootJdbcHttpSessionConfiguration$$EnhancerBySpringCGLIB$$57982810.sessionRepository(<generated>) ~[spring-boot-autoconfigure-2.1.1.RELEASE.jar:2.1.1.RELEASE]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.1.3.RELEASE.jar:5.1.3.RELEASE]
... 122 common frames omitted
But datasource is defined in application.properties and my source file located here
Hi. i configured a spring boot app to use spring session with redis. in SessionDestroyedEvent im using
ServletRequestAttributes ra = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributesi need this to get the requestedUrl attribute. before using spring session this was ok but now i get the following exception:
Error publishing org.springframework.session.events.SessionDeletedEvent[source=org.springframework.session.data.redis.RedisOperationsSessionRepository@785f06af].
Java.lang.ClassCastException: org.springframework.web.context.request.FacesRequestAttributes cannot be cast to org.springframework.security.web.context.request.ServletRequestAttributesdoes anyone know why this happens?
Hi! Does anyone have similar issues with session-mongodb? spring-projects/spring-session-data-mongodb#53
@gregturn as posted in the issue it's enough to just enough to extend https://github.com/spring-projects/spring-session-data-mongodb/blob/master/src/test/java/org/springframework/session/data/mongo/JacksonMongoSessionConverterTest.java test and check if
expireAt field is integer or array
hi, I 'd like to do a Custom Session Repository based on Redis but that don't need pub/sub because we use Dynomite to do the cross datacenter replication. What I think what have to be done, it's to do a custom repository Class (based on RedisOperationsSessionRepository class) but without pub/sub messaging. And I have to register the bean sessionRepository to this new custom class instead of the one auto configure by Spring-Boot. (I have posted a question on stackoverflow about this issue : https://stackoverflow.com/questions/55818188/custom-spring-session-repository-redis-with-dynomite). Can you help me ?
this is the exception
[17:47:06.124] WARN [nConfigServletWebServerApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.support.BeanDefinitionOverrideException: Invalid bean definition with name 'sessionRepository' defined in class path resource [com/orange/ccmd/spring/redis/SessionConfig.class]: Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=true; factoryBeanName=sessionConfig; factoryMethodName=sessionRepository; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [com/orange/ccmd/spring/redis/SessionConfig.class]] for bean 'sessionRepository': There is already [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration; factoryMethodName=sessionRepository; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfiguration.class]] bound.
and my config class
@EnableRedisHttpSession
public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
@Bean
@Primary
public SessionRepository sessionRepository() {
return new InitialRedisDynoSessionRepository();
}
}but I use spring-boot in my app. May be it is not the right way to do so ?
@herveDarritchon
@Primary is not enough from version 2.1.0+. You’ll also need to allow bean definition overriding. See https://github.com/spring-projects/spring-boot/issues/13609#issuecomment-435485946
@oharsta Ok, I see but my problem (may be I am wrong) but my custom class is not the same type as the standard class (plead find below the 2 signatures).
I get an exception, quite clear I guess. If I am doing an override method of the bean, I have to have the same type.
[21:10:27.047] WARN [nConfigServletWebServerApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'redisMessageListenerContainer' defined in class path resource [org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.data.redis.listener.RedisMessageListenerContainer]: Factory method 'redisMessageListenerContainer' threw exception; nested exception is java.lang.IllegalStateException: @Bean method RedisHttpSessionConfiguration.sessionRepository called as bean reference for type [org.springframework.session.data.redis.RedisOperationsSessionRepository] but overridden by non-compatible bean instance of type [com.orange.ccmd.spring.redis.RedisDynoSessionRepository]. Overriding bean of same name declared in: class path resource [com/orange/ccmd/spring/redis/SessionConfig.class]This is my custom class signature :
public class RedisDynoSessionRepository implements
FindByIndexNameSessionRepository<RedisDynoSessionRepository.RedisSession>And this is the standard Class :
public class RedisOperationsSessionRepository implements
FindByIndexNameSessionRepository<RedisOperationsSessionRepository.RedisSession>,
MessageListenerIt implements the MessageListener but as I don’t want to do messaging in my custom class I don’t implement this interface.
Hi, I have opened an issue on the github Spring-sesssion repo (spring-projects/spring-session#1406). I had my answer. In fact, I did it the wrong way. As it is stated in the documentation. I have to use the
@EnableSpringHttpSessionannotation to register my custom bean instead of the @EnableRedisHttpSession.
Hi, someone detected that in our Infinispan Session, when the session id is modified, we don't remove explicitly the [session-id|mapsession] key-value from Infinispan. The user has opened a pull request that removes the entry if the session id has changed (id != originalId). This seems ok for me, but the user has called "deleteById" method instead of just removing the value from infinispan. Which means that an event is send whenever this scenario happens (a session deleted event). I think is right to remove the session from infinispan and create a new entry, but I'm not sure about sending any event in this scenario
The pull request is here
Could anyone in Spring session give me some light on that? thanks a lot
I am trying to use spring-session-hazelcast for session replication, and I don't think I have it configured correctly. The app loses state between requests. It works without spring-session enabled, but once I turn on session replication, it breaks. I have a very simple demo repo here: https://github.com/illingtonFlex/ViewScopeDemo
If you run the app and go to /index.html, you see that modifications to the fields do not persist into the session. But with the spring-session-hazelcast dependency removed, the app works. Any ideas what I might be missing?
If you run the app and go to /index.html, you see that modifications to the fields do not persist into the session. But with the spring-session-hazelcast dependency removed, the app works. Any ideas what I might be missing?
You use delete instead of remove and delete brings null old value, so you skip notification that way
Hi everyone.
I am not sure If I am right here, but I found an "incompatibility between default values" for the reactive spring-webflux and the non-reactive servlet based session handling.
It is based in the CookieHttpSessionIdResolver respectively in CookieWebSessionIdResolver.
By default, the Servlet-based strategy is base64-encoding the session id for the cookie value, the reactive solution does not (and seems not to have an option to activate such a behavior as far I can see).
So in an heterogenous microservice environment with servlet- and webflux-based microservices, a setup using the default values, will not work. So for example:
auth-service creates the cookie (base64 encoded, because it is a servlet-based application), and another microservice (a spring-cloud-gateway API gateway for example) would fail to find the session because it tries to find the base64 encoded value in the database.
So my questions:
- Is this "working as intended"?
- Wouldn't it be better to make the default behavior the same "in both worlds" by implementing Base64 encoding/decoding in
CookieWebSessionIdResolverby default too?
@vpavic yes. I saw that. But nonetheless it's very confusing if there are two different default behaviors. I think the two project teams should try to discuss about one behavior for both web stacks. Or at least document this somewhere really clearly... maybe I failed to google for the right stuff, but it took me a long time to figure out why my authentication is not working as intended...
But I'll try bringing this up against Framework.
I've just re-read you original comment - are you sharing Spring Session backed session store between different apps?
am using the same code as given in https://github.com/spring-projects/spring-session/archive/1.3.2.RELEASE.zip
see hazelcast-spring sample project inside the zip file (spring-session-1.3.2.RELEASE\samples)
can any one help in setting up spring-session for hazelcasr
does spring-session can be used to stored Spring's Security Context since it doesn't have customized SecurityContextPersistenceFilter. So can we use spring-session to replicate SecurityContext by having a customized context repository other than the default HttpSessionSecurityContextRepository