Reactive Spring Security is always creating the Session in redis even when NoOpServerSecurityContextRepository specified for securityContextRepository

39 Views Asked by Sudhakar V At 22 March 2024 at 21:06

Reactive Spring Security is always creating the Session even when NoOpServerSecurityContextRepository specified for securityContextRepository

Tried below two methods and still Session object is being created in redis

Method-1

    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {     
        http.authorizeExchange().pathMatchers("/api/path")
                .authenticated()            
            .and()
                .securityContextRepository(NoOpServerSecurityContextRepository.getInstance())
            .oauth2ResourceServer().jwt();
        return http.build();
    }

Method-2

@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {
http
.requestCache().disable()
.oauth2ResourceServer().jwt();

    return http.build();
}

By trying both of the above given methods still every time redis Session object is creating when I invoke my API /api/path. Here is the github project where issue can be reproduced,

invoke GET http://localhost:8080/api/websession?id=222&note=helloworld
Check the redis keys. Ideally no key should be created but I can see session key is getting created.

Original Q&A

Reactive Spring Security is always creating the Session in redis even when NoOpServerSecurityContextRepository specified for securityContextRepository

There are 0 best solutions below

Related Questions in SPRING-SECURITY

Related Questions in SPRING-WEBFLUX

Related Questions in REACTIVE

Trending Questions

Popular # Hahtags

Popular Questions