4

Recently I am trying to get existing logged user by JSESSIONID with Spring Security. After tracing the source code I still cannot find the way to do this. Is it possible? Where Spring Security store the mapping between JSESSIONID and AuthUser?

Any help will be very appreciated.

Willy
  • 1,828
  • 16
  • 41
  • Is this what you want ? http://stackoverflow.com/questions/1499581/how-can-i-manually-load-a-java-session-using-a-jsessionid ? – Cristian Sevescu Sep 10 '15 at 08:08
  • Could you elaborate on what you are trying to do and why? – M. Deinum Sep 10 '15 at 08:10
  • What I am trying to do is get logged user by JSESSIONID which is not from current session. The reason why I want to know if it is possible is that currently our sever can serve different domains which is not the subdomain of each other. Instead of having something like single-sign on. I want to know if it is possible to just sharing the id in this way – Willy Sep 10 '15 at 08:54
  • One of the domains is just for internal use. So it will be good if I can just having an url like anotherdomain.com?JSESSIONID=12345 to share the session. – Willy Sep 10 '15 at 08:57
  • did you find a solution? – tibi Oct 02 '19 at 20:09

1 Answers1

-1

Something like this:

@RequestMapping(value = "/userAndSession/{providedSessionId}", method = RequestMethod.GET)
public String getUserAndSessionId(UsernamePasswordAuthenticationToken principal,
            HttpServletRequest httpServletRequest, @PathVariable("providedSessionId") String sessionID) {
    // Session ID
    String sessionId = httpServletRequest.getRequestedSessionId();

    if(sessionId.equals(providedSessionId)) {
        // Username 
        String name = principal.getName();
    }

}
Branislav Lazic
  • 14,388
  • 8
  • 60
  • 85
  • Thanks for response. However looks this approach cannot get the logged user by session id if the id is not from current session. – Willy Sep 10 '15 at 08:50
  • Don't expose session IDs in the URL and not via GET: https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html – lilalinux Nov 17 '17 at 16:16