Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to store spring security session information in redis?

Tags:

redis

spring-security

session-management

I am using Spring security for Authentication and Authorization in my application. I am using Neo4j database as backend and implemented userDetailsService for authentication.

However, whenever my application restarts, user is forced to login once again. To overcome this, i am thinking to store session information in redis database and load the data to Spring security Context whenever application gets started.

Kindly pass on if there are any articles and pointers to implement the same.

I am thinking of following implementation for it, 1) For every successful authentication, store user details and session details in redis. This must be implemented in loadUserByUsername() method of UserDetailsService implementation 2) Remove the data from redis, whenver user logs out, Where can i do this information? Is there any spring security function where i can call this 3) Load all the data from redis to spring security whenever application restarts, again where do i need to write this logic?

Please let me know if i have missed any information.

like image 552
Abdul Azeez Avatar asked Nov 03 '12 17:11

Abdul Azeez

People also ask

Can we store session in Redis?

Redis is perfect for storing sessions. All operations are performed in memory, and so reads and writes will be fast. If you cannot afford losing any sessions, set appendfsync always in your configuration file. With this, Redis guarantees that any write operations are saved to the disk.

What is Spring session data Redis?

Spring Session Data Redis - provides SessionRepository and ReactiveSessionRepository implementation backed by Redis and configuration support. Spring Session JDBC - provides SessionRepository implementation backed by a relational database and configuration support.

Where does Spring Security store session?

This is the SecurityContextPersistenceFilter. The context will be stored according to the strategy HttpSessionSecurityContextRepository by default, which uses the HTTP Session as storage.

How do I use Redis cache for session management?

When a session is sent to the Redis server by WebSEAL up to 3 keys will be created in the Redis server to represent the session. In a Redis session cache environment, the client browser sends requests to the WebSEAL server cluster, which then interacts with the Redis server for session management.

2 Answers

All you need to do is to implement a

  • SecurityContextRepository that handles security context storage to reds
  • Eventually a custom filter that retrieves/ stores session information (GenericFilterBean)

I think it is possible to just give the standard filter a different repository, but I am not sure, I needed my own implementation anyway...

like image 168
Papick G. Taboada Avatar answered Oct 13 '22 08:10

Papick G. Taboada

Store session in a redis is out-of the box functionality now

http://docs.spring.io/spring-session/docs/current/reference/html5/guides/httpsession.html

like image 31
Yura Avatar answered Oct 13 '22 06:10

Yura
Sign in to Comment

Related questions

XML configuration of Spring Security in Spring Boot
Spring MVC Error : org.springframework.web.bind.annotation.RequestMapping.name()Ljava/lang/String;
How to force Spring Security to make https redirect requests when behind a load balancer
Metadata refresh deadlock (spring-security-saml)
Secure MVC Controller methods with @Secured annotation
Customizing CSRF error page in Spring Security
Spring Security filter not invoked
Spring prevent ajax call from being target url on authentication
Spring throws exception for undefined bean
Two repos for the same entity, one exported and one not
Verify ifAnyGranted from a TagLib
How do I get the Spring Security SessionRegistry?
Spring Security: method is not secured with @PreAuthorize annotation
Spring Social Rember me login
How to use J2eePreAuthenticatedProcessingFilter and a custom authentication provider?
Spring Security Custom User Authorization Tables
Mock Grails Spring Security Logged in User
How to post restricted access form in JMeter
cas custom logout
Cannot access javax.servlet.Filter; class file for javax.servlet.Filter not found

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!