I want to listen to session life cycle events. I read about adding
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
to web.xml. But I don't have it. I am using class that extends SpringBootServletInitializer. How I can add this listener?
You can use ServletListenerRegistrationBean:
@Bean
public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
}
Just to provide reference to official documentation, http://docs.spring.io/spring-session/docs/current-SNAPSHOT/reference/html5/#httpsession-rest
Here if you refer to, HttpSessionListener topic, you will find the clear example of doing it both Java and XML configuration way.
if your configuration support Redis
@Configuration
@EnableRedisHttpSession
public class RedisHttpSessionConfig {
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
// ...
}
In XML configuration, this might look like
<bean class="org.springframework.security.web.session.HttpSessionEventPublisher"/>
Adding Listener in Class which is extending SpringBootSelvletInitializer can be done as below.
@Configuration
public class Application extends SpringBootServletInitializer {
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
SpringApplicationBuilder app=application.sources(Application.class, ComponentConfiguration.class);
app.listeners(bootstrapContext.commandLineListener());
return app;
}
As the builder class is having listener method which use to add all the listener which is given to be registered. Github link for SpringApplicationBuilder is http://goo.gl/EGj6jE
I think this will solve your issue.
Swaraj
From SpringBootServletInitializer javadoc : A handy opinionated WebApplicationInitializer for applications that only have one Spring servlet, and no more than a single filter (which itself is only enabled when Spring Security is detected). If your application is more complicated consider using one of the other WebApplicationInitializers
So if you want to generate a war and you want to include a session listener, you should use directly a WebApplicationInitializer. Here is an example from the javadoc :
public class MyWebAppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext container) {
// Create the 'root' Spring application context
AnnotationConfigWebApplicationContext rootContext =
new AnnotationConfigWebApplicationContext();
rootContext.register(AppConfig.class);
// Manage the lifecycle of the root application context
container.addListener(new ContextLoaderListener(rootContext));
// Create the dispatcher servlet's Spring application context
AnnotationConfigWebApplicationContext dispatcherContext =
new AnnotationConfigWebApplicationContext();
dispatcherContext.register(DispatcherConfig.class);
// Register and map the dispatcher servlet
ServletRegistration.Dynamic dispatcher =
container.addServlet("dispatcher", new DispatcherServlet(dispatcherContext));
dispatcher.setLoadOnStartup(1);
dispatcher.addMapping("/");
}
}
As you have full control on the ServletContext before it is fully initialized, it is easy to add your listener :
container.addListener(YourListener.class);
Or you can use HttpSessionEventPublisher:
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
like in this description: https://www.baeldung.com/spring-security-session
