How to use Spring Session + Spring xml security configuration and multi-gain filter

Question

How to use Spring Session + Spring xml security configuration and multi-gain filter

Background

Hey, we have a project Springthat uses Spring security. We defined security filters by specifying

 <b:bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">

whith filter-chain-map

and in web.xmlwe perform

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

 <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

and everything works well :). Now when connecting Spring sessionwith redisaccording to the docfollowing next lines

<context:annotation-config />
<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>

create filterwith a name springSessionRepositoryFilter. Thus, basically, what we have done, in each user, filter-chainwe add this filter as the very first filter. i.e:

<b:bean id="springSecurityFilterChain"   class="org.springframework.security.web.FilterChainProxy">
     <filter-chain-map request-matcher="ant">

           <filter-chain pattern="/api/someapieformobilelogin" filters="none" />  <!-- no filter on login -->
        <filter-chain pattern="/api/**"
            filters="springSessionRepositoryFilter, securityContextFilter,and some other spring security filter />

        <filter-chain pattern="/**"
            filters="springSessionRepositoryFilter, securityContextFilter,and some other spring security filter />

Results : the application works well, and also shows monitoringthrough redis-cliwhat Springcommunicates with redis.

Question

springSessionRepositoryFilter filter-chain? ?

,

, , Authenticate i.e

Authentication authentication = authenticationManager
                .authenticate(authenticationToken);
SecurityContext securityContext = SecurityContextHolder
                .getContext();
securityContext.setAuthentication(authentication);

. , , filter-chain org.springframework.security.web.FilterChainProxy.

, filter web.xml?

<filter>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

springSessionRepositoryFilter springSecurityFilterChain, org.springframework.web.filter.DelegatingFilterProxy . springSessionRepositoryFilter springSecurityFilterChain ?

+4

spring-data-redis spring-security spring-session

oak 08 . '15 13:41

2

oak · Answer 1 · 2016-10-30T07:37:47+0000

, springSessionRepositoryFilter . , springSessionRepositoryFilter HttpSession. xml.

Redis-cache.xml

<context:annotation-config />
<bean
    class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration" />

<bean
    class="org.springframework.security.web.session.HttpSessionEventPublisher" />

<!-- end of seesion managment configuration -->


<bean id="redisConnectionFactory"
    class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory">
    <property name="port" value="${app.redis.port}" />
    <property name="hostName" value="${app.redis.hostname}" />
    <property name="password" value="${app.redis.password}" />
    <property name="usePool" value="true" />
</bean>

RedisHttpSessionConfiguration, Spring Session XML- (. gh-104). Spring Bean springSessionRepositoryFilter, Filter. HttpSession Spring Session. Spring Session Redis.

, session filter springSessionRepositoryFilter, , HttpSession.

, web.xml. docs

web.xml

<filter>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>


<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>CharacterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    /WEB-INF/redis-cache.xml
    </param-value>
</context-param>

 <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

, - springSessionRepositoryFilter. actully org.springframework.web.filter.DelegatingFilterProxy Bean. Bean, . reference

redis-cache.xml. spring application context redis

reference

Rob Winch · Answer 2 · 2015-09-09T05:58:41+0000

. Javadoc:

SessionRepositoryFilter , HttpSession , , .

springSessionRepositoryFilter , HttpSession, . Spring , , - springSessionRepositoryFilter SecurityContextPersistenceFilter. , springSessionRepositoryFilter Spring FilterChainProxy (.. <filter-chain>).

How to use Spring Session + Spring xml security configuration and multi-gain filter

Background

Question

Redis-cache.xml

web.xml

More articles: