TechQA.

Reactive Spring Security is always creating the Session in redis even when NoOpServerSecurityContextRepository specified for securityContextRepository

39 views Asked by At

Reactive Spring Security is always creating the Session even when NoOpServerSecurityContextRepository specified for securityContextRepository

Tried below two methods and still Session object is being created in redis

Method-1

    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {     
        http.authorizeExchange().pathMatchers("/api/path")
                .authenticated()            
            .and()
                .securityContextRepository(NoOpServerSecurityContextRepository.getInstance())
            .oauth2ResourceServer().jwt();
        return http.build();
    }

Method-2

@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {
http
.requestCache().disable()
.oauth2ResourceServer().jwt();

    return http.build();
}

By trying both of the above given methods still every time redis Session object is creating when I invoke my API /api/path. Here is the github project where issue can be reproduced,

  1. invoke GET http://localhost:8080/api/websession?id=222&note=helloworld
  2. Check the redis keys. Ideally no key should be created but I can see session key is getting created. enter image description here
spring-security spring-webflux reactive
Original Q&A
0

There are 0 answers

Related Questions in SPRING-SECURITY

Related Questions in SPRING-WEBFLUX

Related Questions in REACTIVE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions