How to map the session id with the username, I am using spring boot with redis for storing the sessions.
I would like to ensure that the session key generated by spring boot with redis should be used for the particular user operations only.
Related
I am trying to add authentication with Active Directory in my web application, so that the user can login with their username and password and start a session.
I need to know the necessary parameters to do the configuration.
Is it better to store the config server username and password as an environment variable (both in the client and server), or by using a keystore? The keystore password is anyway stored as an environment variable, so why actually use a keystore? Or is there a better way to implement authentication in the Spring Cloud Config server?
In our case, config server is ONLY for backend services, but not for clients. We have multiple clients, like iOS, Android and Web app. Each kind of client will manage their own configurations.
Furthermore, we simply use HTTP basic authentication on config server, and store the username and password as instance variables. So the username and password will be not be exposed in source code level. On the other hand, our config server is not exposed to public network.
Hope this will give you some hints.
How do I handle Redis DB down scenario, while using Spring Session with Redis store for session management ? What if Redis DB is down and user tries to access his/her session ?
when redis down, you can store session in you container.
such as apache, Sticky sessions.
Do a filter extends DelegatingFilterProxy , add a switch to control session don't store in redis.
If Redis is down during startup of your application. Then your application will fail to start.
If Redis goes down once your application is up and running. Then spring tries reconnecting to Redis after specific intervals.
I guess what you're looking for has an answer here.
How to disable Redis Caching at run time if redis connection failed
I am writing an application in Spring Boot. I am using the Spring boot default security mechanism. But I want to disable security for certain endpoints like monitoring, healthcheck etc.
You can add following configuration in Spring Boot application.properties
security.ignored= # Comma-separated list of paths to exclude from the default secured paths
Use security.ignored=Url Paths to be ignored property in application.properties
I have a basic springboot application with spring security added in.
When I change the application context path by specifying server.context-path (say /xyz) in application.properties, all endpoints except spring security change as expected to /xyz/endpoint1.
Spring security still redirects unauthenticated requests with a 302 to /login.
Is there anyway to force spring security to respect the context path set in spring boot config?