Skip to content

Cannot save redis session object retrieved from repository. #636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lglapinski opened this issue Sep 21, 2016 · 6 comments
Closed

Cannot save redis session object retrieved from repository. #636

lglapinski opened this issue Sep 21, 2016 · 6 comments
Assignees
@vpavic
Labels
for: stack-overflow A question that's better suited to stackoverflow.com

Comments

@lglapinski
Copy link

lglapinski commented Sep 21, 2016
edited
Loading

I have scenario when I want to reload Pricipal information stored in session when specific user is edited by admin.

I wrote following code.

@Service
public class UserSecurityService implements UserDetailsService {
    @Autowired  //This will be RedisOperationsSessionRepository
    private FindByIndexNameSessionRepository<? extends ExpiringSession> repository;

    public void reloadLoggedInUser(User user) {
        repository
                .findByIndexNameAndIndexValue(
                        FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
                        user.getEmail())
                .values().forEach(s -> {
                    SecurityContext context = s.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
                    setAuthentication(context, user);
                    s.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
                    repository.save(s); //<-- Incompatibile types error here
                });
    }

    private void setAuthentication(SecurityContext context, User user) {
        List<GrantedAuthority> authorities = buildUserAuthority(user);

        context.setAuthentication(
                new UsernamePasswordAuthenticationToken(
                        new GenericUserDetails(user, authorities),
                        null,
                        authorities
                )
        );
    }
}

I understand that you may want to preserve RedisSession as private class but I think that there should be any interface to save it after modifications of public part of it.
@marcoblos
Copy link
Contributor

marcoblos commented Sep 22, 2016
edited
Loading

@Glapa I have same problem.
I need to serialize RedisSession to use with RMI in other applications and I don't find way for this.

I have a lot of system and I need to control sessions for all systems in one system and this one system persist the sessions in Redis. The operations like a getSession, createSession, delete and save I want expose by a server session system.

In client application I implemented a SessionRepository making bind to server application through RMI.
In server application I expose the same SessionsRepository methods injecting RedisOperationSessionRepository (just for use the implementation and persistence in redis) and bind the methods with RMI Server.

Did I make everything wrong? There is other way to implement this?

@rwinch, please, give a way of thinking in this problem 😢

Thanks in advance.

@kkocsis
Copy link

kkocsis commented Oct 21, 2016
edited
Loading

Same problem here.
I have a backend service which stores the user's custom session timeout interval. After the login procedure, I want to overwrite the default maxInactiveInterval, but I can not save the session into Redis because of this package private RedisSession class.

Anyone has an idea for this problem?

@marcoblos
Copy link
Contributor

@kkocsis As I said, I have a lot of system, and all these system need to persist the session in redis.
My alternative for this problem was import in all systems the library spring-boot-data-redis to give me "powers" to connect to the redis and persist the session "automagically" with @EnableRedisHttpSession.
To "filter" all sessions in one point for all systems, I did expose a service in a unique server that controll the permissions and invalidate sessions, and all other systems connect to this service, passing the loggedUser parameter (the object was persisted in the redis) to be validated or invalidated.
This solution resolve my problem, but, I really did want more.

@kkocsis
Copy link

kkocsis commented Oct 26, 2016

@marcoblos Thanks for the comment, it helped me to resolve the problem. Here is an example:

@Autowired
RedisOperations<Object, Object> sessionRedisTemplate;

public void setInterval(String sessionId, int interval) {
    sessionRedisTemplate.boundHashOps("spring:session:sessions:" + sessionId).put("maxInactiveInterval", interval);
}

@lglapinski lglapinski mentioned this issue Jun 21, 2017
Closed
@vpavic vpavic self-assigned this Aug 11, 2017
@vpavic vpavic added the for: stack-overflow A question that's better suited to stackoverflow.com label Aug 11, 2017
@vpavic
Copy link
Contributor

vpavic commented Aug 11, 2017

This looks like the the same problem as #849 - take a look at this comment in particular.

@vpavic vpavic added the status: waiting-for-feedback We need additional information before we can continue label Aug 11, 2017
@vpavic
Copy link
Contributor

vpavic commented Sep 8, 2017

Closing as answered. If you have additional questions or feel that your original question isn't properly answered, please re-open the issue.

@vpavic vpavic closed this as completed Sep 8, 2017
@vpavic vpavic removed the status: waiting-for-feedback We need additional information before we can continue label Sep 8, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vpavic vpavic

Labels
for: stack-overflow A question that's better suited to stackoverflow.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kkocsis @vpavic @lglapinski @marcoblos