How do I get the Session Object in Spring?

by

Your friend here is org.springframework.web.context.request.RequestContextHolder

// example usage
public static HttpSession session() {
    ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
    return attr.getRequest().getSession(true); // true == allow create
}

This will be populated by the standard spring mvc dispatch servlet, but if you are using a different web framework you have add org.springframework.web.filter.RequestContextFilter as a filter in your web.xml to manage the holder.

EDIT: just as a side issue what are you actually trying to do, I’m not sure you should need access to the HttpSession in the retieveUser method of a UserDetailsService. Spring security will put the UserDetails object in the session for you any how. It can be retrieved by accessing the SecurityContextHolder:

public static UserDetails currentUserDetails(){
    SecurityContext securityContext = SecurityContextHolder.getContext();
    Authentication authentication = securityContext.getAuthentication();
    if (authentication != null) {
        Object principal = authentication.getPrincipal();
        return principal instanceof UserDetails ? (UserDetails) principal : null;
    }
    return null;
}

More Related Contents:

  1. Spring Boot Security CORS
  2. Handle spring security authentication exceptions with @ExceptionHandler
  3. Spring Boot CORS filter – CORS preflight channel did not succeed
  4. Spring Security exclude url patterns in security annotation configurartion
  5. Spring Security 3.2 CSRF support for multipart requests
  6. Spring Security configuration: HTTP 403 error
  7. Spring + Web MVC: dispatcher-servlet.xml vs. applicationContext.xml (plus shared security)
  8. getting exception: No bean named ‘springSecurityFilterChain’ is defined
  9. Multiple antMatchers in Spring security
  10. An Authentication object was not found in the SecurityContext – Spring 3.2.2
  11. Spring Security 3.2 CSRF disable for specific URLs
  12. With Spring Security 3.2.0.RELEASE, how can I get the CSRF token in a page that is purely HTML with no tag libs
  13. Looking for a Simple Spring security example [closed]
  14. Spring security 4 custom login j_spring_security_check return http 302
  15. Is it possible to invalidate a spring security session?
  16. Spring Security : Multiple HTTP Config not working
  17. How to avoid the “Circular view path” exception with Spring MVC test
  18. What is difference between @RequestBody and @RequestParam?
  19. Spring Hibernate – Could not obtain transaction-synchronized Session for current thread
  20. How do I prevent people from doing XSS in Spring MVC?
  21. Spring CORS No ‘Access-Control-Allow-Origin’ header is present
  22. RESTful Authentication via Spring
  23. Spring webSecurity.ignoring() doesn’t ignore custom filter
  24. Can I make a custom controller mirror the formatting of Spring-Data-Rest / Spring-Hateoas generated classes?
  25. How to handle HTTP OPTIONS requests in Spring Boot?
  26. antMatchers that matches any beginning of path
  27. Spring MVC Annotated Controller Interface with @PathVariable
  28. Neither BindingResult nor plain target object for bean name available as request attr [duplicate]
  29. Spring Boot with embedded Tomcat behind Apache proxy
  30. Adding custom RequestCondition’s in Spring mvc 3.1

Leave a Comment