Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Retrieving Session ID with Spring Security

For logging purposes, I'd like to create a logger that automatically adds the current session's ID to logged lines.
For logged in users this isn't a problem:

((WebAuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails())     .getSessionId() 

The problem is, before the user has logged in getAuthentication() returns null. Is there another way for getting the session ID without having a reference to the current response or anything of that sort?

like image 889
abyx Avatar asked Aug 22 '10 15:08

abyx


People also ask

How do I find my spring session ID?

getSessionId(); This relies on Spring's RequestContextHolder , so it should be used with Spring MVC's DispatcherServlet or you should have a RequestContextListener declared. Also session will be created if not exists. @axtavt I have angular appli running in diffrnt port and server code is running in diffrnt port .

Does Spring Security use session?

By default, Spring Security will create a session when it needs one — this is “ifRequired“. For a more stateless application, the “never” option will ensure that Spring Security itself won't create any session. But if the application creates one, Spring Security will make use of it.

Which tag is used to manage session in Spring Security?

SessionManagementFilter in Spring Security web. session. SessionManagementFilter. In XML configuration it's represented by a tag called <session-management />.

How do I set session timeout in Spring Security?

Spring Security Session Timeout In the case of Tomcat we can set the session timeout by configuring the maxInactiveInterval attribute on the manager element in server. xml or using the session-timeout element in web. xml. Note that the first option will affect every app that's deployed to the Tomcat instance.


1 Answers

You may use

RequestContextHolder.currentRequestAttributes().getSessionId(); 

This relies on Spring's RequestContextHolder, so it should be used with Spring MVC's DispatcherServlet or you should have a RequestContextListener declared. Also session will be created if not exists.

like image 194
axtavt Avatar answered Sep 19 '22 17:09

axtavt