Comments (6)
@svankamamidi, thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.
Having said that, in your example the 2nd filter chain is not annotated with @Bean
. If that doesn't help, please open a stack overflow question and post the link here and I will be happy to work through the correct configuration with you.
from spring-security.
@sjohnr I think this is a bug in Spring Reactive Security. There is already an SO item https://stackoverflow.com/questions/56056404/disable-websession-creation-when-using-spring-security-with-spring-webflux/67005365#67005365 without helping our issue. Regarding second code snippet it was typo and I corrected it. Can you please reopen this issue
from spring-security.
@svankamamidi the SO question you linked already has an accepted answer. If that does not solve your issue, please open a new question and I can take a look. If you believe this is a bug, please provide a minimal sample that reproduces the issue.
from spring-security.
@sjohnr I created new SO question can you please take a look https://stackoverflow.com/questions/78208839/reactive-spring-security-is-always-creating-the-session-in-redis-even-when-noops
from spring-security.
@sjohnr Here is the github project where issue can be reproduced,
- invoke GET http://localhost:8080/api/websession?id=222¬e=helloworld
- Check the redis keys. Ideally no key should be created but I can see session key is getting created.
from spring-security.
This is still issue to us, how to avoid session object creation (for non UI calls and when jwt token is passed) while authentication is being used. I will try to setup a project with authentication then I may be able to reproduce the issue for others to review
from spring-security.
Related Issues (20)
- The continueOnError value is inconsistent with that described in the java doc HOT 1
- On formLogin -> authenticationSuccessHandler -> new RedirectServerAuthenticationSuccessHandler("/location") fails redirect HOT 6
- Upgrade nimbus-jose-jwt:jar to 9.37.3 HOT 3
- InMemoryUserDetailsManager: consider improving the error message when no PasswordEncoding has been specified HOT 1
- Allow customization of redirect strategy in `CasAuthenticationEntrypoint` HOT 2
- Update Documentation about CAS Authentication
- Signature of Assertion from issuer was not valid and invalid destination for SAML response by multiple simultaneous login HOT 3
- Endless Authentication Loop with ActiveDirectoryLdapAuthenticationProvider on Incorrect Password
- Support Certificate-Bound (POP) JWT Access Token Validation (Reactive) HOT 2
- Support Certificate-Bound (POP) Opaque Access Token Validation HOT 6
- Add ClientAuthenticationMethod constants tls_client_auth and self_signed_tls_client_auth
- Documentation links for 6.2 are broken HOT 3
- Make OidcUserService overrideable HOT 3
- ReactiveOAuth2AuthorizedClientManagerConfiguration has been created too early
- Upgrade to Spring Data Bom 2024.0.0-RC1
- ArrayIndexOutOfBoundsException thrown when validating csrf token using CookieCsrfTokenRepository.In Version 6.2.3 HOT 1
- Add Spring Session support to OIDC Back-Channel Logout HOT 1
- Update to Bouncycastle 1.78
- DelegatingSecurityContextTaskExecutor / DelegatingSecurityContextRunnable / DelegatingSecurityContextCallable should provide extension points HOT 7
- LogoutConfigurer forces POST even if CSRF is disabled for /logout
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-security.