All Questions
Tagged with spring-session spring-security-oauth2
23
questions
4
votes
1
answer
3k
views
Spring Session (Redis) + Oauth2 + Spring Cloud Gateway fails when restarting application if session already exists
Version
Spring Boot Version: 2.6.5
Spring Cloud Version: 2021.0.0
The application built has the following characteristics:
It is a reactive application (Reactor + WebFlux)
It is an Oauth2 Client ...
1
vote
0
answers
1k
views
Spring GW Oauth2 Client and Spring Session Redis - Loop in authentication in round robin cluster
I have a Spring Cloud Gateway service (reactive version) with Spring Security, which is Oauth2 client to a PingID service with Authorization Code Flow.
It is going to act as a BFF for a JS SPA client ...
4
votes
1
answer
5k
views
Spring Boot with Spring Session and Redis - RedisConnectionFactory is required
I am setting up a Spring Boot app that uses:
OAuth2 Login
Spring Session for authentication
Redis for the session storage
Using this spring boot application.yaml to enable redis:
spring:
session:
...
0
votes
1
answer
488
views
WebSessions not displaying replicating behaviour with Spring Session and Keycloak
I have created an API gateway using Spring Cloud Gateway.
The Gateway is using Spring OAuth2 Client to connect to Keycloak.
Spring Session is present, configured to work with Redis (@...
0
votes
2
answers
2k
views
Spring boot login using Facebook throws authorization_request_not_found
I'm implementing login using Facebook with Spring Boot, Spring Session and Spring Security OAuth2. My application runs on a local machine and I am using a selfed-sign certificate. I'm using header-...
3
votes
1
answer
5k
views
How to persist OAuth2AuthorizedClient in redis-session
My project uses redis session with springboot session and spring security 5.1.10. I just migrated the old oauth2 implementation. Before, when I restarted the app I still had the access_token and ...
0
votes
1
answer
523
views
oauth2 spring security with spring session to invalid those users which are inactive for 30 minutes
After 30 minutes of inactivity means (no request with access token is made),than the session will expire and user need to create token again. But if request is done than again 30 minutes will given ...
0
votes
1
answer
544
views
Spring session jdbc - How to add multiple HttpSessionIdResolver for a single application
I have a problem in injecting multiple HttpSessionIdResolver for a single spring application.
For normal web application I would like to use CookieHttpSessionIdResolver
For Rest API I would go for ...
4
votes
0
answers
953
views
How to define a custom grant type in a Spring Security Oauth2 client?
I have a working api-gateway application built on spring-boot 2.2, which is an Oauth2 client supporting authorization-code grant flow. It is built using spring-boot @EnableOAuth2Sso, which will create ...
3
votes
1
answer
2k
views
Spring Session/Redis and Oauth2 not working together
Oauth2 and Redis will not play well together. As soon as I'm enabling Spring Session, two session IDs are created after I have been authenticated (OIDC) and sent back to the application — one ...
5
votes
1
answer
1k
views
Using multiple OAuth2 clients in single browser session using Spring boot
We have Multi tenant WebApp designed using Spring Boot + Spring Security. This app is used to manage certain resources in Azure. User login into our WebApp using OAuth2.0 and can access Azure ...
0
votes
0
answers
2k
views
Spring Security Oauth2, app behavior with session disabled
I disabled the session management in my REST service, because I am using Oauth2 to authenticate clients + users. So I have these configurations :
Resource server
@Configuration
@EnableResourceServer
...
-1
votes
1
answer
64
views
separate oauth2 and web server
Suppose my site is example.com
When a user at a client.com wants to login via example.com (with oauth2)
He comes to oauth.example.com/authorize and oauth.example.com knows he's not signed in to web....
3
votes
1
answer
2k
views
How to protect the same resource using both spring-session and spring-security-oauth
I have a requirement to use two kinds of authentication,
for web we @EnableRedisHttpSession and for other consumers like mobile we use @EnableAuthorizationServer with @EnableResourceServer.
suppose ...
1
vote
1
answer
10k
views
Spring boot security custom messages while user login
I am trying to integrate spring security in my spring boot application.All working ok but how do I display a message if the account is expired or account is locked? Also, I do not want to display ...