Skip to content

bug(spring-session-mongo) HttpSessionRequestCache tries to deserialize SPRING_SECURITY_SAVED_REQUEST but fails #686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
leon opened this issue Dec 4, 2016 · 5 comments
Closed

bug(spring-session-mongo) HttpSessionRequestCache tries to deserialize SPRING_SECURITY_SAVED_REQUEST but fails #686

leon opened this issue Dec 4, 2016 · 5 comments
Assignees
@vpavic
Labels
for: stack-overflow A question that's better suited to stackoverflow.com

Comments

@leon
Copy link

leon commented Dec 4, 2016

When using spring-session-mongo I've using spring security and a UserDetails Service which should be persisted into the session.

I'm currently getting multiple problems when trying to deserialize the session.

java.util.LinkedHashMap cannot be cast to org.springframework.security.web.savedrequest.SavedRequest

caused by

HttpSessionRequestCache

on line 71, where it tries to cast the deserialized map into a SavedRequest

I've written a couple of test where you can try it out.
https://github.com/leon/spring-session/blob/mongo-cannot-handle-saved-request/spring-session/src/test/java/org/springframework/session/data/mongo/JacksonMongoSessionConverterTest.java#L92

I then have the same problem with the UserDetails class which gets serialized as the principal.

Am I doing something wrong, or is this a bug / feature that is missing?
@mkopylec
Copy link

mkopylec commented Jan 30, 2017
edited
Loading

I'm having the same issue, ver. 1.3.0.RELEASE

@vpavic vpavic self-assigned this Jan 30, 2017
@vpavic vpavic added the for: stack-overflow A question that's better suited to stackoverflow.com label Jan 30, 2017
@vpavic
Copy link
Contributor

vpavic commented Jan 30, 2017

@leon @mkopylec There are two options to address this issue:

@mkopylec
Copy link

Thanks @vpavic, that should fix the problem.

@vpavic
Copy link
Contributor

vpavic commented Jan 31, 2017

@mkopylec Thanks for feedback, closing as answered.

@vpavic vpavic closed this as completed Jan 31, 2017
@leon
Copy link
Author

leon commented Feb 17, 2017
edited
Loading

To those finding this here is what you need to do explicitly

Add a @Configuration which provides a AbstractMongoSessionConverter that also has the spring security converters baked in.

import com.fasterxml.jackson.databind.Module;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.jackson2.SecurityJackson2Modules;
import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;

import java.util.List;

@Configuration
@EnableMongoHttpSession
public class SessionConfig {

	/**
	 * Register security jackson modules so that jackson can convert the session including the spring security classes
	 */
	@Bean
	public AbstractMongoSessionConverter mongoSessionConverter() {
		List<Module> securityModules = SecurityJackson2Modules.getModules(getClass().getClassLoader());
		return new JacksonMongoSessionConverter(securityModules);
	}

}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vpavic vpavic

Labels
for: stack-overflow A question that's better suited to stackoverflow.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@leon @vpavic @mkopylec