how to fetch Session from spring data redis by session Id?

Question

I have a service method which will save user data as session data into the spring data redis. Then this generates JWT with session ID.

Suppose I am calling another microservice which has filter where do validation of the JWT and want to validate the session by fetching session id and checking it valid or not.

How can we do this. following is the method where do filter for JWT.

public class RequestValidationFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request,
                                    HttpServletResponse response,
                                    FilterChain filterChain) throws ServletException, IOException {

        String token  = request.getHeader("AUTHORIZATION");
        if(!token.isEmpty()){
            try {
                Claims claims = Jwts.parser()
                        .setSigningKey("superdupersecretkey")
                        .parseClaimsJws(token).getBody();
                String username = String.valueOf(claims.get("username"));
                String authorities = (String) claims.get("authorities");
                String sessionId = (String) claims.get("sessionId");
               
                    Authentication auth = new UsernamePasswordAuthenticationToken(username,null,
                            AuthorityUtils.commaSeparatedStringToAuthorityList(authorities));
                    SecurityContextHolder.getContext().setAuthentication(auth);
            

            }catch (Exception e) {
                throw new BadCredentialsException("Invalid Token received!");
            }
        }
        filterChain.doFilter(request, response);
    }
}

Is there way to get session object and payload from redis cache?

Thanks.

Why? That is what spring Session is handling for you, why do you want to do that manually? — M. Deinum, Sep 14 '22 at 11:29
@M.Deinum. Let me to explain my requirement. I have auth service, when user do login JWT will be generated with the session of logged user details. So suppose there is another service where you have to call APIs, both JWT validation and session validation both should be done before any API call happen. How can I do this ? — D.Anush, Sep 14 '22 at 11:35
Spring Security does that (retrieve the info etc) feels like you are working around the frameworks you are using? — M. Deinum, Sep 14 '22 at 11:46
@M.Deinum, I am not getting your point. Can you explain it bit? — D.Anush, Sep 14 '22 at 11:51
Spring Security should do the token validation etc. feels like you are working around that and reinvent the wheel? — M. Deinum, Sep 14 '22 at 12:19
@M.Deinum Ah yes, see the above code sample I have done the token validation. But my problem is for the session validation. — D.Anush, Sep 14 '22 at 12:20

how to fetch Session from spring data redis by session Id?

0 Answers0