Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I get the Session Object in Spring?

I am relatively new to Spring and Spring security.

I was attempting to write a program where I needed to authenticate a user at the server end using Spring security,

I came up with the following:

public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{     @Override     protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken)                     throws AuthenticationException     {         System.out.println("Method invoked : additionalAuthenticationChecks isAuthenticated ? :"+usernamePasswordAuthenticationToken.isAuthenticated());     }      @Override     protected UserDetails retrieveUser(String username,UsernamePasswordAuthenticationToken authentication) throws AuthenticationException      {         System.out.println("Method invoked : retrieveUser");         //so far so good, i can authenticate user here, and throw exception if not authenticated!!         //THIS IS WHERE I WANT TO ACCESS SESSION OBJECT     } } 

My usecase is that when a user is authenticated, I need to place an attribute like:

session.setAttribute("userObject", myUserObject); 

myUserObject is an object of some class that I can access throughout my server code across multiple user requests.

like image 728
Salvin Francis Avatar asked Oct 27 '09 07:10

Salvin Francis


People also ask

How can we get a session object?

The Session object is created and made available through the context variable, $session . You do not need to perform any explicit call to create it. You can get a Session object by using the following syntax, if you already have a valid Entity object: $session=$entity->GetSession();

Where is spring session stored?

The session storage that you mentioned by default is provided by the Servlet container.It is just an internal java. util. Map . Spring Session is a Spring sub-project.

How do I find my spring session ID?

currentRequestAttributes(). getSessionId(); This relies on Spring's RequestContextHolder , so it should be used with Spring MVC's DispatcherServlet or you should have a RequestContextListener declared. Also session will be created if not exists.


1 Answers

Your friend here is org.springframework.web.context.request.RequestContextHolder

// example usage public static HttpSession session() {     ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();     return attr.getRequest().getSession(true); // true == allow create } 

This will be populated by the standard spring mvc dispatch servlet, but if you are using a different web framework you have add org.springframework.web.filter.RequestContextFilter as a filter in your web.xml to manage the holder.

EDIT: just as a side issue what are you actually trying to do, I'm not sure you should need access to the HttpSession in the retieveUser method of a UserDetailsService. Spring security will put the UserDetails object in the session for you any how. It can be retrieved by accessing the SecurityContextHolder:

public static UserDetails currentUserDetails(){     SecurityContext securityContext = SecurityContextHolder.getContext();     Authentication authentication = securityContext.getAuthentication();     if (authentication != null) {         Object principal = authentication.getPrincipal();         return principal instanceof UserDetails ? (UserDetails) principal : null;     }     return null; } 
like image 139
Gareth Davis Avatar answered Oct 12 '22 02:10

Gareth Davis