I want to set up session management and authentication with Spring Boot. Specifically, when the user logs into my web application, they should be able to call my REST API to get data. Furthermore, after a certain period of time, they should be automatically logged out of the system at which point any REST calls should also fail. How can I accomplish this with Spring Boot ?
Asked
Active
Viewed 3.8k times
17
-
1Concept of REST is state-less, it should be implemented without HTTP session, see - https://en.wikipedia.org/wiki/Representational_state_transfer#Stateless – jnemecz Feb 04 '17 at 19:45
-
How can I pass session id generate by Spring Session to another micro service? I have the same requirement. When we implemented spring secuirty to the micro service, how the session filter will run and get the session to authenticate user based on session id. – Atul Mar 18 '19 at 18:09
1 Answers
17
Spring Session takes care of distributed session management.
Spring Session provides an API and implementations for managing a user’s session information. It also provides transparent integration with:
HttpSession - allows replacing the HttpSession in an application container (i.e. Tomcat) neutral way. Additional features include:
Clustered Sessions - Spring Session makes it trivial to support clustered sessions without being tied to an application container specific solution.
Multiple Browser Sessions - Spring Session supports managing multiple users' sessions in a single browser instance (i.e. multiple authenticated accounts similar to Google).
RESTful APIs - Spring Session allows providing session ids in headers to work with RESTful APIs
Barath
- 5,093
- 1
- 17
- 42