Getting the Session in RememberMeServices- Grails/Spring Security

Question

I have a class which implements the RememberMeServices and LogoutHandler interface. I have turned on session fixation and have the option to create session to true. When I try to get my session in the loginSuccess method using

RequestContextHolder.currentRequestAttributes().getSession()

I get an error saying

java.lang.IllegalStateException: setAttribute: Session already invalidated
    at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1273)
    at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1238)
    at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:130)
    at org.codehaus.groovy.grails.web.servlet.mvc.GrailsHttpSession.setAttribute(GrailsHttpSession.java:210)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:229)
    at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:52)
    at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:40)
    at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
    at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128)
    at com.teslagovernment.security.TabulaeRememberMeServices.loginSuccess(TabulaeRememberMeServices.groovy:70)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:294)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218)
    at org.codehaus.groovy.grails.plugins.springsecurity.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:40)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
    at org.codehaus.groovy.grails.plugins.springsecurity.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:79)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:167)

How can I get the current session ?

score 0 · Accepted Answer · answered Aug 16 '12 at 20:34

Without seeing your actual code and not know the grails version you're using. It sounds to me like you're trying to get the session from the "loginSuccess" method of some Controller? If so, isn't the session simply available as "session" without calling that RequestContextHolder stuff? You should have access to it just like the "request" object and simply stuff data into it like a map:

session.foo = "bar"

Getting the Session in RememberMeServices- Grails/Spring Security

1 Answers1