• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

How to implement Spring Form Based Authenticationand Authorization without session scope ?

 
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Hello Ranchers ,

We are working on a web based application using Springs .
This application will be handling request using load balancing servers .
Due to some issues in load balancing servers for request , the client does not want to use anything in Springs kept in session scope or Application Context scope.

Now we are trying to use Form Based Authentication and Authorization in springs .
But looking out the examples based on spring authentication it seems that spring security context executes in session scope
We want to implement form based authentication in springs without a session scope .



The sample code in security file (Security using database) will be something like this :-



Hence, I want to know, is there any way to implement spring form base authentication and authorization without session scope ... maybe request scope or cookies ?

Any pointer or help in this regard will be very helpful as this is now major blocker for our app

Thanks in Advance
 
Ranch Hand
Posts: 686
Netbeans IDE Chrome Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
wait a minute..so your load balancer config is such that user can flip flop between load balancers at every hit? In that case, how do load balancers sync with each other? Do you want to send the cookie around every time?

In our case, once user sticks to one load balancer he is served until there is no session left for that user. He does not switch from one to another.

Cookies and request scope is the only other way I see this working but I feel that is overkill for your app...unless it is high security tool
 
kumar shinde
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes exactly Vyas !!!

Each time a request comes it may or may not flip flop between load balancer's , hence we cannot use session .

I know that cookies or request will be overkill, but this is how the client wants .

Hence I want to know how can spring based authentication and authorization as mentioned previously can be implemented using cookies or request .




 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic