How to store spring security session information in redis?

spring-security redis session-management
Abdul Azeez picture Abdul Azeez · Nov 3, 2012 · Viewed 7.8k times · Source

I am using Spring security for Authentication and Authorization in my application. I am using Neo4j database as backend and implemented userDetailsService for authentication.

However, whenever my application restarts, user is forced to login once again. To overcome this, i am thinking to store session information in redis database and load the data to Spring security Context whenever application gets started.

Kindly pass on if there are any articles and pointers to implement the same.

I am thinking of following implementation for it, 1) For every successful authentication, store user details and session details in redis. This must be implemented in loadUserByUsername() method of UserDetailsService implementation 2) Remove the data from redis, whenver user logs out, Where can i do this information? Is there any spring security function where i can call this 3) Load all the data from redis to spring security whenever application restarts, again where do i need to write this logic?

Please let me know if i have missed any information.

Answer

Papick G. Taboada picture Papick G. Taboada · Oct 14, 2014

All you need to do is to implement a

  • SecurityContextRepository that handles security context storage to reds
  • Eventually a custom filter that retrieves/ stores session information (GenericFilterBean)

I think it is possible to just give the standard filter a different repository, but I am not sure, I needed my own implementation anyway...

Related questions

Authentication Principal is empty while using Spring Session Redis

I am building rest API using Spring Boot v1.3.3. API is secured by Spring Security. I have implemented custom user details service to have custom principal in authentication context. I needed to share sessions of API with other Spring app …

Read More
How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session

In the custom AuthenticationProvider from my spring project, I am trying read the list of authorities of the logged user, but I am facing the following error: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.horariolivre.…

Read More
How do I get the Session Object in Spring?

I am relatively new to Spring and Spring security. I was attempting to write a program where I needed to authenticate a user at the server end using Spring security, I came up with the following: public class CustomAuthenticationProvider extends …

Read More