DWR and Spring Security - User is deauthenticated in few seconds
Posted
by
Vojtech
on Stack Overflow
See other posts from Stack Overflow
or by Vojtech
Published on 2012-03-22T23:18:24Z
Indexed on
2012/03/22
23:29 UTC
Read the original article
Hit count: 213
Filed under:
spring-security
|dwr
I am trying to implement user authentication via DWR as follows:
public class PublicRemote {
@Autowired
@Qualifier("authenticationManager")
private AuthenticationManager authenticationManager;
public Map<String, Object> userLogin(String username, String password, boolean stay) {
Map<String, Object> map = new HashMap<>();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
try {
Authentication authentication = authenticationManager.authenticate(authRequest);
SecurityContextHolder.getContext().setAuthentication(authentication);
map.put("success", "true");
} catch (Exception e) {
map.put("success", "false");
}
return map;
}
public Map<String, Object> getUserState() {
Map<String, Object> map = new HashMap<>();
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
boolean authenticated = authentication != null && authentication.isAuthenticated();
map.put("authenticated", authenticated);
if (authenticated) {
map.put("authorities", authentication.getAuthorities());
}
return map;
}
}
The authentication works correctly and by calling getUserState() I can see that the user is successfully logged in. The problem is that this state will stay only for few seconds. In probably 5 seconds, the getAuthentication() starts returning null.
Is there some problem with session in DWR or is it some misconfiguration of Spring Security?
© Stack Overflow or respective owner
