Search code examples
web-servicessessionspring-securityspring-bootstateless

Session bean when the application is stateless

I have very simple question: What will happen when I have SESSION scoped bean in my application which is STATELESS?

Long story. I have backend application, written in Spring Boot, which serves REST API for frontend written in AngularJS. I'm using JWT for authentication proccess and the Spring Security is configured to be STATELESS. But I'm also using WebServiceTemplate to communicate with SharePoint. My beans responsible for communication with SOAP API are SESSION scoped beans because they depends on user credentials. It's very hard to configure WebServiceTemplate to use different credentials for every call so I decided to configure on creation and then my problems started.

Solution

  • As soon as you are storing some state into session scoped bean, your application becomes stateful.

    If you need to share state (in this case SOAP service credentials) between requests and want to have stateless application (e.g. because of clustering of your app), you have few options:

    1. Store that state into DB and optionally cache it in service. (If SOAP call fails, you can invalidate cache and read fresh credentials from DB)
    2. Use Spring Session project or some key-value store to store session state.