How to store spring security session information in redis?

Question

I am using Spring security for Authentication and Authorization in my application. I am using Neo4j database as backend and implemented userDetailsService for authentication.

However, whenever my application restarts, user is forced to login once again. To overcome this, i am thinking to store session information in redis database and load the data to Spring security Context whenever application gets started.

Kindly pass on if there are any articles and pointers to implement the same.

I am thinking of following implementation for it, 1) For every successful authentication, store user details and session details in redis. This must be implemented in loadUserByUsername() method of UserDetailsService implementation 2) Remove the data from redis, whenver user logs out, Where can i do this information? Is there any spring security function where i can call this 3) Load all the data from redis to spring security whenever application restarts, again where do i need to write this logic?

Please let me know if i have missed any information.

Answer 1

All you need to do is to implement a

• SecurityContextRepository that handles security context storage to reds
• Eventually a custom filter that retrieves/ stores session information (GenericFilterBean)

I think it is possible to just give the standard filter a different repository, but I am not sure, I needed my own implementation anyway...

Answer 2

Store session in a redis is out-of the box functionality now

http://docs.spring.io/spring-session/docs/current/reference/html5/guides/httpsession.html