2

I'm trying to get the username from the session scoped bean once the user has logged in using /users/login

I've Autowired a session scoped bean into a RestController and in one of the endpoints in the rest controller, I'm invoking a setter on the session scoped bean. But the effect of setters is not visible for requests from the same session.

The following is my session scoped bean:


import lombok.Getter;
import lombok.Setter;

import java.io.Serializable;

@Getter
@Setter
public class SessionSpecificUserDetails implements Serializable {

    private String userName;

}


import lombok.Getter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.context.annotation.SessionScope;

@Getter
@Configuration
public class UserSessionDetailsConfiguration {

    @Bean
    @SessionScope
    public SessionSpecificUserDetails sessionSpecificUserDetails() {
        return new SessionSpecificUserDetails();
    }

}

The following is the RestController


import com.course.backend.coursebackend.config.SessionSpecificUserDetails;
import com.course.backend.coursebackend.dao.User;
import com.course.backend.coursebackend.repository.UserRepository;
import com.course.backend.coursebackend.utils.ResponseUtils;
import com.course.backend.coursebackend.utils.UserUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;

import javax.validation.Valid;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;

@RestController
@RequestMapping("/users")
public class UserController {

    @Autowired
    UserRepository userRepository;

    @Autowired
    SessionSpecificUserDetails sessionSpecificUserDetails;

    @GetMapping("/getLoggedInUser")
    public String getLoggedInUser() {
        return sessionSpecificUserDetails.getUserName();
    }

    @PostMapping("/login")
    public ResponseUtils.CustomResponse login(@RequestBody User user) {
        List<User> users = getAllUsers();
        Optional<User> optionalUser = users.stream()
                .filter(currentUser -> currentUser.getUserName().equals(user.getUserName()))
                .findAny();
        if (optionalUser.isEmpty()) {
            return ResponseUtils.getErrorResponse(List.of("Username not found!"));
        }
        if (optionalUser.get().getPassword().equals(user.getPassword())) {
            sessionSpecificUserDetails.setUserName(user.getUserName());
            return ResponseUtils.getSuccessResponse("Login Successful!");
        }
        return ResponseUtils.getErrorResponse(List.of("Login failed due to wrong password!"));
    }

}

I see that spring is creating proxy for the session scoped bean. (And may be because of that my setters are not having any effect even for the same session?)

My question is what's the correct way to use the session scoped beans in the RestController? And what's the good way to get the username for the same session across requests? I tried marking UserController also as @SessionScope but that's also not working.

Lavish Kothari
  • 2,211
  • 21
  • 29
  • 1
    Can you check if the session is the same for the 2 requests? You can get HttpServletRequest with methods here: https://stackoverflow.com/questions/559155/how-do-i-get-a-httpservletrequest-in-my-spring-beans, then you can get session with HttpServletRequest.getSession(false) – Çağatay Sel Mar 10 '21 at 18:46
  • Hi @Lavish Kothari Were you able to solve this problem. I am very interested in the solution. – Ana Sustic Sep 21 '21 at 09:12

0 Answers0