Spring Security Concurrent Session Control doesn't work - spring-boot

Following the information available here: Spring Security session
Configuring the HttpSecurity object like
http
.sessionManagement((sessionManagement) -> sessionManagement
.maximumSessions(2)
.sessionRegistry(sessionRegistry()));
When auto-wiring FindByIndexNameSessionRepository I am getting
Caused by: java.lang.IllegalStateException: RedisConnectionFactory is required
I have tried multiple things but nothing seems to work. Any help would be appreciated. My store type is Redis.

The exception log is very clear. You need to create and configure the RedisConnectionFactory instance in your session configuration class to be able to connect to the redis server.

Related

How to configure a non-AgroalDataSource within Quarkus and Panache

Apache ShardingSphere provides the ShardingSphereDataSource to encapsulate the routing mechanisme. So, if we inject a ShardingSphereDataSource into a EntityManager, we can easily persist our data and route to the planned destination via EntityManager#persist method.
I don't know my understanding is correct or not, Does Panache seems to only accept AgroalDataSource?
I refer to this project to produce a ShardingSphereDataSource bean, and use following code snippet to inspect whether the ShardingSphereDataSource is produced successfully.
CDI.current().getBeanManager().getBeans(DataSource.class).forEach(bean -> {
log.info("DataSource Bean name:{}, beanClass:{}", bean.getName(), bean.getBeanClass());
});
The result shows I have a ShardingSphereDataSource named defaultDs in the CDI context.
DataSource Bean name:defaultDs, beanClass:class org.apache.shardingsphere.driver.jdbc.core.datasource.ShardingSphereDataSource
Next, I config a persistent unit and refer to this datasource.
quarkus.hibernate-orm.datasource=defaultDs
quarkus.hibernate-orm.packages=x.y.x.domain
I get the error message.
Caused by: io.quarkus.runtime.configuration.ConfigurationException: The datasource 'defaultDs' is not configured but the persistence unit '<default>' uses it. To solve this, configure datasource 'defaultDs'. Refer to https://quarkus.io/guides/datasource for guidance.
So, how do we configure a non-AgroalDataSource within Quarkus and Panache?

Accessing JNDI Datasource using Container Managed Authentication Alias in Websphere (Spring + Ibatis/Mybatis)

I am using WebSphere 8.5.5.18.
As of now I'm using Component-Managed Authentication Alias for my DataSource. But I want to use Container-Managed instead. When I just change the Security settings in Data Sources → Security settings I am getting error in logs. It is unable to fetch records.
Exception Stacktrace:
Check the SQL Statement (preparation failed).
--- Cause: java.sql.SQLException: [jcc][t4][10205][11234][3.72.54] Null userid is not supported. ERRORCODE=-4461, SQLSTATE=42815 DSRA0010E: SQL State = 42815, Error Code = -4,461
at org.springframework.jdbc.support.SQLStateSQLExceptionTranslator.doTranslate(SQLStateSQLExceptionTranslator.java:97)
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:72)
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
at org.springframework.orm.ibatis.SqlMapClientTemplate.execute(SqlMapClientTemplate.java:212)
at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForObject(SqlMapClientTemplate.java:271)
Basically the database is not being accessed properly when settings are changed from Component-Managed Authentication to Container-Managed Authentication alias.
When I run with Component-Managed Authentication, its working fine.
Does changing security setting to Container Managed Authentication alias, require some other/additional setting/changes? Or do I need to change my underlying Spring ibatis code to make it work?
Any help on configuring/implementing Container-Managed Authentication Alias in websphere would be appreciated.
Container-managed authentication applies when your code (or any third party code that executes upon its behalf) looks up the data source with a resource reference that specifies the resource authentication as container or leaves resource authentication unspecified, in which case it defaults to container.
Component-managed authentication applies when your code (or any third party code that executes upon its behalf) looks up the data source without a resource reference, or uses a resource reference that specifies the resource authentication as application.
Here are some examples of resource references that use container authentication:
// resource injection can be used on a web component (servlet) or ejb component
#Resource(name = "java:comp/env/jdbc/ds1ref", lookup = "jdbc/ds1", authenticationType = Resource.AuthenticationType.CONTAINER)
DataSource ds1;
#Resource(name = "java:comp/env/jdbc/ds2ref", lookup = "jdbc/ds2")
DataSource ds2;
...
// code that looks up one of the above resource references
DataSource ds = InitialContext.doLookup("java:comp/env/jdbc/ds1ref");
Here is an example of a resource reference defined within a web.xml deployment descriptor:
<resource-ref>
<res-ref-name>java:comp/env/jdbc/ds3ref</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<lookup-name>jdbc/ds3</lookup-name>
</resource-ref>
If third party code, such as Spring, is looking up a data source on your behalf and you would like it to use container authentication, you will need to define a resource reference with container managed authentication, such as shown above in the examples, and supply its resource reference name to the third party software in place of however you are doing so currently. If you are unsure where this is done, it might help to search for occurrences of the configured JNDI name of the WebSphere data source within the application.

Could not obtain transaction synchronized Session

HTTP Status 401 - Authentication Failed: Could not obtain transaction-synchronized Session for current thread.
Does anyone faced this exception when using spring & hibernate.
I used #EnableTransactionManagement in configuration. i have #Transactional on both service and repository classes. i configured transaction manager. still i have this problem. can some one spot this error

disable RabbitAutoConfiguration programmatically

Is there a programmatic(properties based) way of disabling RabbitAutoConfiguration in spring boot (1.2.2).
Looks like spring.rabbitmq.dynamic=false disables just the AmqpAdmin but not the connection factory etc.
We want a model where app properties might be sourced from spring cloud config (includes control bus) or via -D jvm args. This decision is made at deployment time.
When properties are sourced from -D jvm args, we disable the spring cloud config client but rabbit keeps throwing exceptions such as :
[org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer] - [Co
nsumer raised exception, processing can restart if the connection factory suppor
ts it. Exception summary: org.springframework.amqp.AmqpConnectException: java.ne
t.ConnectException: Connection refused: connect]
First you need to exclude RabbitAutonfiguration from your app
#EnableAutoConfiguration(exclude=RabbitAutoConfiguration.class)
Then you can import it based on some property like this
#Configuration
#ConditionalOnProperty(name="myproperty",havingValue="valuetocheck",matchIfMissing=false)
#Import(RabbitAutoConfiguration.class)
class RabbitOnConditionalConfiguration{
}

How to get request info on session created in Spring MVC?

I'm hoping to save some client info (IP address, etc) to a database on session created in Spring MVC.
I created a class implementing HttpSessionListener and configured it in web.xml. However, I'm not sure where to go after that.
Would like to be able to inject a bean as well (Spring Data JPA repository).
I've seen How to get the IP address when a session is created? , however if I try to access RequestContextHolder.currentRequestAttributes() I get the following exception:
SEVERE: Session event listener threw exception
java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
You can create a bean this way with Spring java config:
#Bean
#Named ("IP")
#Scope ("session")
public String ip (HttpServletRequest request) {
return request.getRemoteAddr ();
}
If all you want to do is log stuff then you should use the HttpSessionListener, please provide your source and full stack trace. Use pastebin.com if necessary.

Resources