发表新帖
发表新帖

OAuth2ClientContext (spring-security-oauth2) not persisted in Redis when using spring-session and spring-cloud-security

前端 未结
关注
3 2023
旧巷少年郎
旧巷少年郎 2020-12-30 10:40

Thanks a lot in advance for reading this question.

Setup

I am using:

  • spring-security-oauth2:2.0.7.RELEASE
  • spring-
相关标签:
3条回答
  • 无人及你
    2020-12-30 11:10

    I came across this post and I have the exact same issue with some minor differences:

    • my application is not a Spring Boot application
    • I use JDBC persistence instead of Redis

    However, and this might save some hours of future readers, the above solution also worked for me. Since I'm not using Spring Boot, I'll publish the solution here to be applied in a non Spring Boot application using web.xml configuration.

    The "trick" is to define in the web.xml the RequestContextFilter. As far as my testing goes I have not seen any border effects of having both the request context filter living aside the request context listener.

    What is important is the ordering of the filters. You need to define the filters in this order in your web.xml:

    • session repository filter
    • request context filter
    • security filter

    So something like:

    <filter>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSessionRepositoryFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>requestContextFilter</filter-name>
    <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>requestContextFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

    If this helps you save a few hours of digging into Stackoverflow and other web sites, it makes my day.

    0 讨论(0)
  • 小蘑菇
    2020-12-30 11:13

    @dave-syer hint was correct.

    I post here the configuration which can be used to setup the RequestContextFilter and enable spring-session persistence of spring-security-oauth objects. In case this can help someone...

    @Configuration
public class RequestContextFilterConfiguration {

    @Bean
    @ConditionalOnMissingBean(RequestContextFilter.class)
    public RequestContextFilter requestContextFilter() {
        return new RequestContextFilter();
    }

    @Bean
    public FilterRegistrationBean requestContextFilterChainRegistration(
            @Qualifier("requestContextFilter") Filter securityFilter) {
        FilterRegistrationBean registration = new FilterRegistrationBean(securityFilter);
        registration.setOrder(SessionRepositoryFilter.DEFAULT_ORDER + 1);
        registration.setName("requestContextFilter");
        return registration;
    }
}
    0 讨论(0)
  • 醉酒成梦
    2020-12-30 11:27

    There's a known issue there (https://github.com/spring-projects/spring-session/issues/129 and https://github.com/spring-projects/spring-boot/issues/2637). You can work around it by adding a RequestContextFilter.

    0 讨论(0)
 看不清?
提交回复
热议问题