Skip to content

Spring Session integration with Spring Security on concurrent session control #1328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ltzdby opened this issue Jan 30, 2019 · 3 comments
Closed

Spring Session integration with Spring Security on concurrent session control #1328

ltzdby opened this issue Jan 30, 2019 · 3 comments
Assignees
@vpavic
Labels
status: duplicate A duplicate of another issue

Comments

@ltzdby
Copy link

ltzdby commented Jan 30, 2019

I'm configuring Spring Session integration with Spring Security on concurrent session control, on Spring Boot. I followed the steps illustrated on Spring Session reference but got an error:

Description:

Field sessionRepository in com.xxx.configuration.WebSecurityConfiguration required a bean of type 'org.springframework.session.FindByIndexNameSessionRepository' that could not be found.

The injection point has the following annotations:

  • @org.springframework.beans.factory.annotation.Autowired(required=true)

Action:

Consider defining a bean of type 'org.springframework.session.FindByIndexNameSessionRepository' in your configuration.

Versions:
Spring Boot 2.1.2.RELEASE
Spring Session 2.1.3.RELEASE
Spring Security 5.1.3.RELEASE

Here is some code for reproducing:

WebSecurityConfiguration.java:

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    ...

    @Autowired
    protected FindByIndexNameSessionRepository<? extends Session> sessionRepository;

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .and()
                .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/");
        httpSecurity.sessionManagement()
                .maximumSessions(1)
                .maxSessionsPreventsLogin(false)
                .sessionRegistry(sessionRegistry());
    }

    @Bean
    protected SpringSessionBackedSessionRegistry sessionRegistry(){
        return new SpringSessionBackedSessionRegistry<>(this.sessionRepository);
    }
}

application.properties:

...
spring.session.store-type=redis
spring.session.redis.flush-mode=on_save
spring.session.redis.namespace=spring:session
...

I've also tried the code following, but it does not working:

WebSecurityConfiguration.java:

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    ...

    @Autowired
    **protected FindByIndexNameSessionRepository sessionRepository;**

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .and()
                .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/");
        httpSecurity.sessionManagement()
                .maximumSessions(1)
                .maxSessionsPreventsLogin(false)
                .sessionRegistry(sessionRegistry());
    }

    @Bean
    protected SpringSessionBackedSessionRegistry sessionRegistry(){
        **return new SpringSessionBackedSessionRegistry(this.sessionRepository);**
    }
}

I wonder if I should define a bean of type 'FindByIndexNameSessionRepository' somewhere in my configuration, even with Spring Boot's auto-configuration? I looked up documents of Spring Session, Spring Boot and Spring Security but found no further information.
Is there any mistake in my usage of Spring Session (and Spring Boot's auto-configuration) or the document needs further explanation of this integration ( or it is a bug ) ?
@ltzdby
Copy link
Author

ltzdby commented Feb 1, 2019
edited
Loading

Solve this issue by adding a dependency to pom.xml:

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-redis</artifactId>
  <version>1.4.7.RELEASE</version>
</dependency>

Hope to add this dependency to the document HttpSession with Redis Guide to avoid more confusion like this issue. ^_^

@rwinch rwinch added the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Feb 4, 2019
@DongJigong
Copy link

DongJigong commented Mar 23, 2019
edited
Loading

try do this

<dependency> <groupId>org.springframework.session</groupId> <artifactId>spring-session-data-redis</artifactId> </dependency>

@mivui
Copy link

mivui commented Jul 29, 2019
edited
Loading

if you use redis,@EnableRedisHttpSession must be enabled

//{@link RedisHttpSessionConfiguration#sessionRepository()}
@Autowired
private RedisOperationsSessionRepository redisOperationsSessionRepository;

@Bean
public SpringSessionBackedSessionRegistry sessionRegistry() {
    return new SpringSessionBackedSessionRegistry<>(redisOperationsSessionRepository);
}

Or reference #1304

@ltzdby ltzdby closed this as completed Aug 1, 2019
@vpavic vpavic added status: duplicate A duplicate of another issue and removed status: ideal-for-contribution An issue that we actively are looking for someone to help us with labels Aug 1, 2019
@vpavic vpavic self-assigned this Aug 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vpavic vpavic

Labels
status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rwinch @vpavic @DongJigong @ltzdby @mivui