I am using Spring Security and Spring Session (v1.3.1) in my application.
I would like to use SpringSessionBackedSessionRegistry as my Session Registry and Redis as my Session repository.
The constructor for SpringSessionBackedSessionRegistry is as follows:
SpringSessionBackedSessionRegistry(FindByIndexNameSessionRepository<ExpiringSession> sessionRepository)
The Redis repository, RedisOperationsSessionRepository implements:
FindByIndexNameSessionRepository<org.springframework.session.data.redis.RedisOperationsSessionRepository.RedisSession>
How, then, can I construct an instance of SpringSessionBackedSessionRegistry given an instance of RedisOperationsSessionRepository?
Why is the constructor for SpringSessionBackedSessionRegistry not:
SpringSessionBackedSessionRegistry(FindByIndexNameSessionRepository<? extends ExpiringSession> sessionRepository)
You are correct that SpringSessionBackedSessionRegistry should take FindByIndexNameSessionRepository<? extends ExpiringSession> sessionRepository as constructor argument.
I've opened the PR to address the issue, you can track it here.
In the meanwhile you can use raw FindByIndexNameSessionRepository in your configuration to configure SpringSessionBackedSessionRegistry. Here's an example:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private FindByIndexNameSessionRepository sessionRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.sessionManagement()
.maximumSessions(1)
.sessionRegistry(sessionRegistry());
}
@Bean
@SuppressWarnings("unchecked")
public SpringSessionBackedSessionRegistry sessionRegistry() {
return new SpringSessionBackedSessionRegistry(this.sessionRepository);
}
}