0

Issues in using AutoWired HttpSession:

LoginController calls LoginService passing HttpServletRequest as parameter.

I've autowired HttpSession like this in few other annotated classes (but NOT in LoginService):

@Autowired 
private HttpSession httpSession;

In LoginService class, if I try to get session by calling request.getSession(false) I receive null in some instances.

If I try to get session by calling request.getSession(true) I am ending up with two HttpSession objects (one here and another one thru AutoWiring).

If I autowire HttpSession in LoginServic class and use the session from there, then also I am ending with two HttpSession objects.

When exactly autowired HttpSession will be created? What is the best way to handle this situation?

Thanks!

viruskimera
  • 193
  • 16
Swamy
  • 49
  • 1
  • 9
  • Welcome to Stack Overflow! Please review our [SO Question Checklist](http://meta.stackoverflow.com/questions/260648/stack-overflow-question-checklist) to help you to ask a good question, and thus get a good answer. – Joe C Dec 14 '16 at 20:46
  • It's extremely unclear what you're asking, but the *best* approach is to use Spring Security and not to write security code yourself. – chrylis -cautiouslyoptimistic- Dec 14 '16 at 22:29
  • Given the current timing of our project, I can't use Spring Security. If you follow the steps mentioned, you will understand my issue. If you are unclear in any step let me know, I can correct. In short, I need to know when exactly AutoWired HttpSession will be created and how to use it. – Swamy Dec 14 '16 at 22:45
  • Your question is answered here. http://stackoverflow.com/questions/41153689/spring-mvc-how-autowiring-of-httpsession-works/41158126#41158126 – Avinash Dec 15 '16 at 07:13

1 Answers1

1

The LoginController is supposed to manage the Web Concern.
The LoginService is supposed to manage the Authentication Concern and not supposed to be aware of the Web Concern.
A HttpSession is a concern of the Web domain. And so, has to be managed in the Class that manage the Web Concern -> the LoginController.
So, the LoginController will declare as a parameter of a Mapped method the HttpSession, and will read/write what it need from the HttpSession and pass it as a parameter of the method called on the LoginService.
Something like :

@Controller
public class ApplicationController {

@Autowired
private LoginService loginService;

@RequestMapping(value = "/login", method = POST)
public void Login(HttpSession httpSession) {
    final String myAttribute = String.valueOf(httpSession.getAttribute("myAttribute"));
    loginService.doWhatYouNeedToDo(myAttribute);
}
}
Claude Michiels
  • 101
  • 3
  • The issue I am running into is: The httpSession passed to Login method is different from the autowired httpSession and ending up two different httpSession objects. – Swamy Dec 14 '16 at 21:19
  • @Swamy did you fix your issue? I run in the same problem! my httpsession is different in my login process than in my rest call – Rémi Roy Jun 19 '17 at 16:11