Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to get a reference to SessionAuthenticationStrategy without configuring the strategy explicit?

Tags:

java

spring

spring-security

In a Spring Security 3.2 based application I have a explicit configured UsernamePasswordAuthenticationFilter, that need an reference to the sessionAuthenticationStrategy (in order to invoke .onAuthentication).*

The sessionAuthenticationStrategy is the default one created by <security:http> (HttpSecurityBeanDefinitionParser).

My question: Is how can I get an reference to the SessionAuthenticationStrategy without configuring the complete SessionAuthenticationStrategy explicite, so that I can inject this reference in XML configuration?

<security:http auto-config="false" use-expressions="true"
    entry-point-ref="loginUrlAuthenticationEntryPoint" 
    access-decision-manager-ref="httpAccessDecisionManager">
    ...
    <security:custom-filter
             ref="usernamePasswordAuthenticationFilter"
             position="FORM_LOGIN_FILTER"/>
    ...
</security:http>

...

<bean id="usernamePasswordAuthenticationFilter"
    class=" o.s.scurity.web.authentication.UsernamePasswordAuthenticationFilter">

   <property name="sessionAuthenticationStrategy" ref="????">   <!-- ?? ->
   ...
</bean>

*my real UsernamePasswordAuthenticationFilter is a customized subclass, but that should not matter for this question

like image 652
Ralph Avatar asked Oct 17 '14 17:10

Ralph

People also ask

How Spring Security manages session?

By default, Spring Security will create a session when it needs one — this is “ifRequired“. For a more stateless application, the “never” option will ensure that Spring Security itself won't create any session. But if the application creates one, Spring Security will make use of it.

What is SessionAuthenticationStrategy?

Interface SessionAuthenticationStrategyAllows pluggable support for HttpSession-related behaviour when an authentication occurs. Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.

What is SessionCreationPolicy?

Enum SessionCreationPolicySpecifies the various session creation policies for Spring Security.

How does Spring Boot generate session ID?

getSessionId(); This relies on Spring's RequestContextHolder , so it should be used with Spring MVC's DispatcherServlet or you should have a RequestContextListener declared. Also session will be created if not exists.

1 Answers

When working with JavaConfig (I'm afraid is not your case) you can get a reference by doing 

        http.getConfigurer(SessionManagementConfigurer.class).init(http);
        http.getSharedObject(SessionAuthenticationStrategy.class);
like image 57
Jordi Avatar answered Oct 12 '22 01:10

Jordi
Sign in to Comment

Related questions

Android - HttpUrlConnection is not closing. Eventually results to SocketException
Java Swing : JSplitPane split two component equals size at start up
How to get character array which is inside StringBuilder to avoid array copy
Java : Get heap dump without jmap or without hanging the application
SSL with Grizzly and Jersey
Why the Number class doesn't have methods like add() or negate()?
Number of objects created during string concatenation
How to check a string contains only digits and one occurrence of a decimal point?
Hive describe partitions to show partition url
No create XHTML option in Eclipse
Which is "better". AtomicIntegerArray (1/0 as true/false) versus AtomicBoolean[]?
Wrong algorithm: AES or Rijndael required
javac: invalid target release: 1.7
Invalid AES key length: 128 bytes?
super keyword without extends to the super class
Difference between Hibernate session.getTransaction().begin() vs session.beginTransaction()
It does not throw exception ConcurrentModificationException [duplicate]
ElasticSearch Java Client querying nested objects
Spring optional parameter int
Is the java.exe program the actual VM? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!