spring-session | Spring Session provides an API and implementations | Application Framework library

I'm trying to implement SessionCreationPolicy.ALWAYS for the /testMVCController/** endpoint and SessionCreationPolicy.STATELESS for rest of endpoints (/**).

Expected scenario:

When accessing to /testMVCController/displayUsers the user logs in once and the log I have implemented in UserDetailsService logs the authorities associated to that user. After that, all the requests to /testMVCController/displayUsers or other URL under /testMVCController/** will not log the authorities again because the session creation policy is always and the user is already logged in.

This works when I don't specify the 2nd security configuration (X509ClientSessionCreationPolicyStateless) but when I add it, all the requests become session stateless.

It is not working with the current security configuration because after I log in with my client certificate, at any request executed under /testMVCController/** endpoint (e.g. /testMVCController/displayUsers), the authenticationUserDetailsService is consulted and the list of authorities is logged for each file request the browser makes (.js file, .css files, ...), even after the initial login.

So, if there are 3 requests (/testMVCController/displayUsers, displayUsers.js, displayUsers.css) the list of authorities log present in authenticationUserDetailsService is logged 3 times.

I configured SecurityConfiguration as shown below but it is not working:

As you can see, I have a simple default test. For some unknown reason for me, it does not load the application context, if I remove @SpringBootTest annotation everything works, but without it I cannot do bean injection, so I need this annotation.

test

I'm storing sessions in Redis using spring-boot and spring-session-redis.

I have the following use-case. When a user lands at /admin, Spring Boot generates an anonymous session for such user and redirects him to the login page.

When a user passes authentication process, RedisIndexedSessionRepository persists the session identifier in the index under session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:null key, and this index never cleanup.

I believe this leads to a memory leak. What should I do to avoid such behavior?

I've setup a simple Spring Security app and enabled web security but can't go to the default login page, it keeps raising Error 404. How to resolve this?

Here're my configurations.

application.properties

I am trying to use LDAP for spring authentication and authorization. Even though I am successfully authenticating users, I couldn't get roles from LDAP yet.

I am setting up a Spring Boot app that uses:

• OAuth2 Login
• Spring Session for authentication
• Redis for the session storage

Using this spring boot application.yaml to enable redis:

I am trying to create a registration page. Even though I am submitting the form, the data isn't being inserted in the postgresql user_table. Logging in works if I insert the data into the table manually. I'm unsure what I'm doing wrong.

register.html

my pom.xml file:

I've got a weird problem which I can't really understand.

I've a got a code to upload a file to AWS S3 bucket using AmazonS3 client. I've got a try-catch block where I catch any exception and in catch block I throw my defined exception which is handled by controller method @ExceptionHandler and should return thymeleaf template errorUpload.html.