Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 30 2019 21:15
    vpavic milestoned #333
  • Jan 30 2019 21:15
    vpavic milestoned #204
  • Jan 30 2019 20:50
    vpavic milestoned #1329
  • Jan 30 2019 20:50
    vpavic labeled #1329
  • Jan 30 2019 20:50
    vpavic opened #1329
  • Jan 30 2019 20:42
    vpavic labeled #78
  • Jan 30 2019 20:42
    vpavic closed #78
  • Jan 30 2019 20:41
    vpavic labeled #22
  • Jan 30 2019 20:41
    vpavic closed #22
  • Jan 30 2019 20:41
    vpavic labeled #21
  • Jan 30 2019 20:41
    vpavic closed #21
  • Jan 30 2019 20:41
    vpavic labeled #19
  • Jan 30 2019 20:41
    vpavic closed #19
  • Jan 30 2019 18:22
    ltzdby opened #1328
  • Jan 29 2019 20:57
    vpavic closed #1327
  • Jan 29 2019 20:56

    vpavic on 2.0.x

    Ignore failed rename operation … (compare)

  • Jan 29 2019 20:50
    vpavic labeled #1327
  • Jan 29 2019 20:50
    vpavic milestoned #1327
  • Jan 29 2019 20:50
    vpavic labeled #1327
  • Jan 29 2019 20:50
    vpavic labeled #1327
Herve DARRITCHON
@herveDarritchon
this is the exception [17:47:06.124] WARN [nConfigServletWebServerApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.support.BeanDefinitionOverrideException: Invalid bean definition with name 'sessionRepository' defined in class path resource [com/orange/ccmd/spring/redis/SessionConfig.class]: Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=true; factoryBeanName=sessionConfig; factoryMethodName=sessionRepository; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [com/orange/ccmd/spring/redis/SessionConfig.class]] for bean 'sessionRepository': There is already [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration; factoryMethodName=sessionRepository; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfiguration.class]] bound.

and my config class

@EnableRedisHttpSession
public class SessionConfig extends AbstractHttpSessionApplicationInitializer {

    @Bean
    @Primary
    public SessionRepository sessionRepository() {
        return new InitialRedisDynoSessionRepository();
    }
}

but I use spring-boot in my app. May be it is not the right way to do so ?

Okke Harsta
@oharsta
@herveDarritchon @Primary is not enough from version 2.1.0+. You’ll also need to allow bean definition overriding. See https://github.com/spring-projects/spring-boot/issues/13609#issuecomment-435485946
Herve DARRITCHON
@herveDarritchon

@oharsta Ok, I see but my problem (may be I am wrong) but my custom class is not the same type as the standard class (plead find below the 2 signatures).
I get an exception, quite clear I guess. If I am doing an override method of the bean, I have to have the same type.

[21:10:27.047] WARN   [nConfigServletWebServerApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'redisMessageListenerContainer' defined in class path resource [org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.data.redis.listener.RedisMessageListenerContainer]: Factory method 'redisMessageListenerContainer' threw exception; nested exception is java.lang.IllegalStateException: @Bean method RedisHttpSessionConfiguration.sessionRepository called as bean reference for type [org.springframework.session.data.redis.RedisOperationsSessionRepository] but overridden by non-compatible bean instance of type [com.orange.ccmd.spring.redis.RedisDynoSessionRepository]. Overriding bean of same name declared in: class path resource [com/orange/ccmd/spring/redis/SessionConfig.class]

This is my custom class signature :

public class RedisDynoSessionRepository implements
        FindByIndexNameSessionRepository<RedisDynoSessionRepository.RedisSession>

And this is the standard Class :

public class RedisOperationsSessionRepository implements
        FindByIndexNameSessionRepository<RedisOperationsSessionRepository.RedisSession>,
        MessageListener

It implements the MessageListener but as I don’t want to do messaging in my custom class I don’t implement this interface.

Herve DARRITCHON
@herveDarritchon
Hi, I have opened an issue on the github Spring-sesssion repo (spring-projects/spring-session#1406). I had my answer. In fact, I did it the wrong way. As it is stated in the documentation. I have to use the @EnableSpringHttpSessionannotation to register my custom bean instead of the @EnableRedisHttpSession.
Katia Aresti
@karesti
Hi, someone detected that in our Infinispan Session, when the session id is modified, we don't remove explicitly the [session-id|mapsession] key-value from Infinispan. The user has opened a pull request that removes the entry if the session id has changed (id != originalId). This seems ok for me, but the user has called "deleteById" method instead of just removing the value from infinispan. Which means that an event is send whenever this scenario happens (a session deleted event). I think is right to remove the session from infinispan and create a new entry, but I'm not sure about sending any event in this scenario
The pull request is here
Could anyone in Spring session give me some light on that? thanks a lot
jcn
@illingtonFlex
I am trying to use spring-session-hazelcast for session replication, and I don't think I have it configured correctly. The app loses state between requests. It works without spring-session enabled, but once I turn on session replication, it breaks. I have a very simple demo repo here: https://github.com/illingtonFlex/ViewScopeDemo
If you run the app and go to /index.html, you see that modifications to the fields do not persist into the session. But with the spring-session-hazelcast dependency removed, the app works. Any ideas what I might be missing?
Katia Aresti
@karesti
Hi again I got my answer when I looked to the hazelcast and redis implementation
You use delete instead of remove and delete brings null old value, so you skip notification that way
Koizumi85
@Koizumi85

Hi everyone.
I am not sure If I am right here, but I found an "incompatibility between default values" for the reactive spring-webflux and the non-reactive servlet based session handling.
It is based in the CookieHttpSessionIdResolver respectively in CookieWebSessionIdResolver.
By default, the Servlet-based strategy is base64-encoding the session id for the cookie value, the reactive solution does not (and seems not to have an option to activate such a behavior as far I can see).
So in an heterogenous microservice environment with servlet- and webflux-based microservices, a setup using the default values, will not work. So for example:
auth-service creates the cookie (base64 encoded, because it is a servlet-based application), and another microservice (a spring-cloud-gateway API gateway for example) would fail to find the session because it tries to find the base64 encoded value in the database.

So my questions:

  • Is this "working as intended"?
  • Wouldn't it be better to make the default behavior the same "in both worlds" by implementing Base64 encoding/decoding in CookieWebSessionIdResolver by default too?
Vedran Pavic
@vpavic
Hi @Koizumi85. Note that CookieHttpSessionIdResolver is a Spring Session component, and for Servlet apps we're handling session cookie while CookieWebSessionIdResolver is a part of Spring WebFlux.
Koizumi85
@Koizumi85
@vpavic yes. I saw that. But nonetheless it's very confusing if there are two different default behaviors. I think the two project teams should try to discuss about one behavior for both web stacks. Or at least document this somewhere really clearly... maybe I failed to google for the right stuff, but it took me a long time to figure out why my authentication is not working as intended...
Vedran Pavic
@vpavic
Can you clarify what actually caused your authentication not to work correctly? This is a difference, albeit in different stacks (Servlet vs Reactive) so I wouldn't expect it to cause issues.
But I'll try bringing this up against Framework.
I've just re-read you original comment - are you sharing Spring Session backed session store between different apps?
mlakshminara
@mlakshminara
Am using spring-session-hazelcast 1.3.1.RELEASE version for session replication but when I hit the login page it goes in an infinite loop invoking /oauth/authorize and /login
see hazelcast-spring sample project inside the zip file (spring-session-1.3.2.RELEASE\samples)
can any one help in setting up spring-session for hazelcasr
mlakshminara
@mlakshminara
does spring-session can be used to stored Spring's Security Context since it doesn't have customized SecurityContextPersistenceFilter. So can we use spring-session to replicate SecurityContext by having a customized context repository other than the default HttpSessionSecurityContextRepository
rahulmlokurte
@rahulmlokurte
I was looking into spring-session reference material of 2.1.5.RELEASE. There is some mistake in Section 4 (spring session modules) under spring-session-data-geode reposiory . It says Hosts the spring session data geode twice.
mchingwaru1
@mchingwaru1
Hi there , I am getting a httpSEssionExpiredException : expected session attribute. I get this error when I trying post to a url with modelattribute bound to it . This only happens when the session has expired . How can that exception handled and redirected to some error page
mchingwaru1
@mchingwaru1
Ps HttpSessionRequiredException
Alexey Stepanov
@SteelAlex

Hi all,

I need help with the next case:

https://gist.github.com/SteelAlex/ac129a8099c9518e50f6815b3c2bfe1f - I configured Spring Security + Spring Session. I use custom header for session. And I can't change session timeout, I always logout after default 15 minutes of inactivity. I tried to set spring.session.timeout and/or server.servlet.session.timeout, but it doesn't work.

I am sure I am doing something wrong, but I have no ideas what.

Ken Rachynski
@kenrachynski
I'm trying to wrap my head around sessions and think I'm struggling because I had authentication first and my SAML filters might be fighting with session handling
Greg Turnquist
@gregturn

Imagine the old fashion servlet API where you had a "thing" attached your connection to the servlet that you could store information, like a shopping cart. In the olden days, we had sticky servers so a given browser would be sent back to the same server, and they could then tap that bucket of shopping cart data.

If you didn't guess, this doesn't scale. If you're running 10,000 servers in the cloud, forcing existing browsers back to the same node is asking for trouble. So what do you do?

Solution: move this bucket of information that is specific to a given user in their browser into a 3rd party data store, like a JDBC store. That's what Rob Winch basically did. He coded a solution that implemented the servlet spec's session API, and delegated to pushing the information off the server and into a remote server.

Now, the browser doesn't have to go back to the same server every single time. Instead, with a cookie in hand, you can go to ANY node, present your cookie, and Spring Session will retrieve the shopping cart, and repopulate your current request's instance with the details.

With this clear break between servlet HttpSession and 3rd party data store, it became easy to implement alternatives like Redis, Hazelcast, Geode, and MongoDB.

But it still boils down to essentially a Map provided to the servlet to store/retrieve session-specific data, but with a much more scalable, cloud friendly, performant solution.

How session details interact with security, SSO, and other things, of course, requires proper integration.
Ken Rachynski
@kenrachynski
thanks
so I shouldn't really need sessions if I only have one server
except that my SAML piece is falling down for some users in a manner that turns up fixes of "change your session handling"
Greg Turnquist
@gregturn
Well...do you need session-based semantics? A shopping cart is a great example. If you need that, then cloud native recommendations are typically to offload state to a 3rd party location like a database.
And Spring Session does that perfectly.
Ken Rachynski
@kenrachynski
I don't think so
Greg Turnquist
@gregturn
K
Ken Rachynski
@kenrachynski
I'll tackle this from the SAML end... something is making authentication act like it needs a session
oh, does session behave differently when hosted in an application server?
Greg Turnquist
@gregturn
That's moving outside my range of experience. I'd have to let @vpavic answer that one. Or maybe SO has more information.
Ken Rachynski
@kenrachynski
I'll go look. thanks
Katia Aresti
@karesti
Hi! We have changed in Infinispan 10 marshalling to use protobuf as a default marshaller on client/server mode. We do also have java "standard" marshaller. Everything works on caching, but concerning MapSession that we use, the only serializer that we can use now is the standard one. Is there any work in progress to make MapSession object serializable with protobuf from your side ?
Sunchezz
@13sunny37_gitlab

Hi dear Programmers :)

Can anyone tell me, how i can obtain the session id from a Mock Request in a unit test?

Josh Cummings
@jzheaux
@13sunny37_gitlab is request.getSession().getId() not working for you? Or maybe I misunderstood the question.
Nuno Marujo
@nhmarujo

Hi everyone. I’m using Spring Session Hazelcast in my stack. The ecosystem is composed by several microservices that are all connected as nodes on Hazelcast.
I’m facing an issue when trying to use those services with different versions of Spring Security. I basically get this error when I try do deserialize the session:

java.io.InvalidClassException: org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 420, local class serialVersionUID = 520

from what I digged so far, it seems that Spring Security uses different serialVersionUID for different Spring Security versions intentionally:
image.png
So, the issue seems to be when desirializing the MapSession object from Hazelcast, since this object contains Spring Security specific classes. But by the way Spring Session works, it seems to me that what goes into MapSession is out of our control (except for the Principal part)
Nuno Marujo
@nhmarujo
What is the correct way to use Spring Session so that we don’t fall into this limitations when we try to bump versions?
Greg Turnquist
@gregturn
Does Hazelcast support using Jackson instead of native serialization? If so, you might consider that. @vpavic may know if this is a way to side step serial UIDs.