Spring Session Spring Security Rest API and Redis

Question

I am new to using Spring Session and Spring Security. Hope can get help. I want to use Spring Session and Spring Security on REST API and using Redis to store the session information. I followed the sample from http://docs.spring.io/spring-session/docs/current/reference/html5/guides/rest.html But I use xml instead of Java class and I am using Spring 3.2.4.

There is no problem when I use curl with username:password, x-auth-token is saved in Redis and 200 ok is obtained in the header. However, problem is encountered when I use curl WITHOUT username and password. 401 unauthorized is obtained but there is x-auth-token returned in the header and it is also saved in Redis < HTTP/1.1 401 Unauthorized * Server Apache-Coyote/1.1 is not blacklisted < Server: Apache-Coyote/1.1 < x-auth-token: 71554566-17d3-44ca-94b8-009d090c61a1 < Content-Type: text/html;charset=utf-8 < Content-Language: en < Content-Length: 1018 < Date: Mon, 21 Mar 2016 14:40:18 GMT

score 0 · Answer 1 · answered Mar 23 '16 at 15:37

0

I'm guessing this is due to the fact that the previous request is being saved. You can fix this using NullRequestCache. In XML you can leverage <request-cache>. The configuration looks something like:

<http ...>

    <request-cache ref="requestCache"/>
</http>

<b:bean id="requestCache" class="org.springframework.security.web.savedrequest.NullRequestCache"/>

answered Mar 23 '16 at 15:37

Rob Winch

21,440
2
59
76

Thanks, it works. This issue haunted me for several days already. – user6094158 Mar 27 '16 at 04:09

Spring Session Spring Security Rest API and Redis

1 Answers1