Spring Security and Spring Session

Extend JSON-based login The client and server timed out and authentication failed due to prolonged interaction on the server.However, the user does no...
Extend JSON-based login

The client and server timed out and authentication failed due to prolonged interaction on the server.However, the user does not want to jump to the login interface for login, expecting to login in the current interface pop-up window and proceed to the next step.

Solution: When the server intercepts the request to discover that authentication is invalid, the value returned to Code prompts the client for JSON login, and the client proceeds to the previous step after successful login.

Note: HTTP CODE cannot return 302, this code viewer will block automatic go to landing page

Implement this by adding an interceptor in Spring security to intercept a specified JSON request for a login operation.

/** * Support for JSON login * AuthenticationFilter that supports rest login(json login) and form login. */ @Slf4j public class AuthenticationRestfullFilter extends UsernamePasswordAuthenticationFilter { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { //attempt Authentication when Content-Type is json if (MediaType.APPLICATION_JSON_UTF8_VALUE.equals(request.getContentType()) || MediaType.APPLICATION_JSON_VALUE.equals(request.getContentType())) { //use jackson to deserialize json can use jackson here because it is wrapped by Security ObjectMapper mapper = new ObjectMapper(); UsernamePasswordAuthenticationToken authRequest = null; try (InputStream is = request.getInputStream()) { UsernamePasswordVm userDto = mapper.readValue(is, UsernamePasswordVm.class); authRequest = new UsernamePasswordAuthenticationToken(userDto.getUsername(), userDto.getPassword()); } catch (IOException e) { log.warn(e.getMessage(), e); e.printStackTrace(); authRequest = new UsernamePasswordAuthenticationToken("", ""); } finally { setDetails(request, authRequest); } log.debug("User Rest login app !"); return this.getAuthenticationManager().authenticate(authRequest); } return super.attemptAuthentication(request, response); } } @Getter @Setter public class UsernamePasswordVm { private String username; private String password; private Boolean rememberMe; }
Shared Session

Introduction: When an application evolves into a distributed or clustered application, user requests may be loaded onto different servers, and Web container sessions are not universal, so user session information is shared through Spring Session.

Solution: Spring Session intercepts user session (wrapping Http Request) information and stores it in a specified storage location while other servers can manipulate the data, enabling Session sharing and improving application performance and concurrency.

Implementation:

@EnableRedisHttpSession(maxInactiveIntervalInSeconds="Maximum request interval period, which can be interpreted as Session Timeout") public class StarUpAdminApp { }

Related Configuration

spring: http: encoding: charset: UTF-8 enabled: true force: true session: store-type: redis redis: flush-mode: on-save namespace: session database: 2 host: 127.0.0.1 lettuce: pool: max-active: 4 max-wait: -1ms max-idle: 2 min-idle: 0

7 November 2019, 16:46 | Views: 5391

Add new comment

For adding a comment, please log in
or create account

0 comments