I needed to auto wire logged in User Object in my controller /service classes. So i created a util Bean as
@Component
public class UtilBeans {
@Autowired
UserService userService;
@Bean(name = "loggedInUser")
@SessionScope
public UserMaster userMaster() {
UserMaster user;
try {
user = (UserMaster) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
user.setAuthorities(userService.getUserAuthorities(user.getUserId()));
} catch (Exception e) {
// TODO Auto-generated catch block
System.out.println("user Not logged in");
}
return user;
}
}
and used in controller class as
@Autowired
@Qualifier(value = "loggedInUser")
UserMaster user;
In most controllers it works OK, but in some controllers first logged in user object doesn’t change until I restart the application.
my logout configuration is as follows
.formLogin().loginPage("/loginForm").permitAll()
.and()
.formLogin().defaultSuccessUrl("/dashboard").and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.deleteCookies("JSESSIONID").clearAuthentication(true)
.invalidateHttpSession(true).permitAll();
Please help me where I am doing wrong. What I understand is , Session Scoped object should expire on logout, and it do changes but why not in some cases.
Advertisement
Answer
I by mistake assigned a different object of same type and same id to user in controller, changing code to remove that assignment fixed the problem.