Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibility to apply the SessionRepositoryFilter conditionally. #2942

Open
yuezk opened this issue Apr 16, 2024 · 2 comments
Open

Possibility to apply the SessionRepositoryFilter conditionally. #2942

yuezk opened this issue Apr 16, 2024 · 2 comments
Labels
in: core type: enhancement A general enhancement

Comments

@yuezk
Copy link

yuezk commented Apr 16, 2024

Expected Behavior

The SessionRepositoryFilter can be applied conditionally.

Current Behavior

The SessionRepositoryFilter cannot be applied conditionally.

Context

We are working on a legacy giant project and we want to migrate to Spring Session progressively. Currently, it seems like the SessionRepositoryFilter is applied to all requests once set up. However, we only want to apply the filter to some requests, for example, requests that have a specific header or requests that have a specific path.

I looked into the source code of SessionRepositoryFilter and it seems like there is no way to achieve this. I am wondering if there is a way to achieve this with the current Spring Session implementation.

If not possible, shall we consider introducing such a mechanism to the Spring Session? For example:

  • Support accepting a customized SessionRepositoryFilter bean, instead of creating a new one in SpringHttpSessionConfiguration.java
  • Support passing a condition bean to the SessionRepositoryFilter bean, so that the filter can be applied conditionally.
  • Or any other better ideas?

Thanks in advance!
@yuezk yuezk added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Apr 16, 2024
@yuezk
Copy link
Author

yuezk commented Apr 17, 2024
edited
Loading

The current solution is to define our own SessionRepositoryFilter, which extends the default SessionRepositoryFilter and add condition check in the doFilterInternal method.

In the Spring configuration class, implement the BeanDefinitionRegistryPostProcessor and remove the default springSessionRepositoryFilter bean definition, then add a new bean definition with the bean class set to our own SessionRepositoryFilter.

ConditionalSessionRepositoryFilter.java

public class ConditionalSessionRepositoryFilter<S extends Session> extends SessionRepositoryFilter<S> {
    public ConditionalSessionRepositoryFilter(SessionRepository<S> sessionRepository) {
        super(sessionRepository);
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        if (shouldNotFilter(request)) {
            filterChain.doFilter(request, response);
            return;
        }
        super.doFilterInternal(request, response, filterChain);
    }

    private boolean shouldNotFilter(HttpServletRequest request) {
        // Return true or false based on your needs.
    }
}

SpringSessionConfig.java

@Configuration(proxyBeanMethods = false)
@EnableRedisIndexedHttpSession
public class SpringSessionConfig implements BeanDefinitionRegistryPostProcessor {
    @Bean
    public LettuceConnectionFactory connectionFactory() {
        return new LettuceConnectionFactory();
    }

    @Override
    public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
        registry.removeBeanDefinition("springSessionRepositoryFilter");

        BeanDefinition definition = BeanDefinitionBuilder.genericBeanDefinition(ConditionalSessionRepositoryFilter.class)
                .addConstructorArgReference("sessionRepository")
                .getBeanDefinition();

        registry.registerBeanDefinition("springSessionRepositoryFilter", definition);
    }
}

Not sure whether it is possible for Spring Session to define an optional condition bean in SessionRepositoryFilter and make it injectable. If yes, we don't have to implement our own postProcessBeanDefinitionRegistry hook method.

@marcusdacoregio marcusdacoregio added in: core and removed status: waiting-for-triage An issue we've not yet triaged labels May 9, 2024
@marcusdacoregio
Copy link
Contributor

Thanks for the report @yuezk. I agree that there should be an easier way to define my own SessionRepositoryFilter. Let's use this ticket to investigate if there is a better way to structure our configuration classes so we can have a better reuse if we want to customize some components that it creates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: core type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yuezk @marcusdacoregio