Comments (6)
sjohnr
commented on June 11, 2024
@svankamamidi, thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.
Having said that, in your example the 2nd filter chain is not annotated with @Bean. If that doesn't help, please open a stack overflow question and post the link here and I will be happy to work through the correct configuration with you.
from spring-security.
svankamamidi
commented on June 11, 2024
@sjohnr I think this is a bug in Spring Reactive Security. There is already an SO item https://stackoverflow.com/questions/56056404/disable-websession-creation-when-using-spring-security-with-spring-webflux/67005365#67005365 without helping our issue. Regarding second code snippet it was typo and I corrected it. Can you please reopen this issue
from spring-security.
sjohnr
commented on June 11, 2024
@svankamamidi the SO question you linked already has an accepted answer. If that does not solve your issue, please open a new question and I can take a look. If you believe this is a bug, please provide a minimal sample that reproduces the issue.
from spring-security.
svankamamidi
commented on June 11, 2024
@sjohnr I created new SO question can you please take a look https://stackoverflow.com/questions/78208839/reactive-spring-security-is-always-creating-the-session-in-redis-even-when-noops
from spring-security.
svankamamidi
commented on June 11, 2024
@sjohnr Here is the github project where issue can be reproduced,
- invoke GET http://localhost:8080/api/websession?id=222¬e=helloworld
- Check the redis keys. Ideally no key should be created but I can see session key is getting created.
from spring-security.
svankamamidi
commented on June 11, 2024
This is still issue to us, how to avoid session object creation (for non UI calls and when jwt token is passed) while authentication is being used. I will try to setup a project with authentication then I may be able to reproduce the issue for others to review
from spring-security.
Related Issues (20)
- The continueOnError value is inconsistent with that described in the java doc HOT 1
- On formLogin -> authenticationSuccessHandler -> new RedirectServerAuthenticationSuccessHandler("/location") fails redirect HOT 6
- Upgrade nimbus-jose-jwt:jar to 9.37.3 HOT 3
- InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified HOT 1
- Allow customization of redirect strategy in `CasAuthenticationEntrypoint` HOT 2
- Update Documentation about CAS Authentication
- Signature of Assertion from issuer was not valid and invalid destination for SAML response by multiple simultaneous login HOT 3
- Endless Authentication Loop with ActiveDirectoryLdapAuthenticationProvider on Incorrect Password
- Support Certificate-Bound (POP) JWT Access Token Validation (Reactive) HOT 2
- Support Certificate-Bound (POP) Opaque Access Token Validation HOT 6
- Add ClientAuthenticationMethod constants tls_client_auth and self_signed_tls_client_auth
- Documentation links for 6.2 are broken HOT 3
- Make OidcUserService overrideable HOT 3
- ReactiveOAuth2AuthorizedClientManagerConfiguration has been created too early
- Upgrade to Spring Data Bom 2024.0.0-RC1
- ArrayIndexOutOfBoundsException thrown when validating csrf token using CookieCsrfTokenRepository.In Version 6.2.3 HOT 1
- Add Spring Session support to OIDC Back-Channel Logout HOT 1
- Update to Bouncycastle 1.78
- DelegatingSecurityContextTaskExecutor / DelegatingSecurityContextRunnable / DelegatingSecurityContextCallable should provide extension points HOT 7
- LogoutConfigurer forces POST even if CSRF is disabled for /logout
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-security.