I needed to auto wire logged in User Object in my controller /service classes. So i created a util Bean as
JavaScript
x
@Componentpublic class UtilBeans { @Autowired UserService userService; @Bean(name = "loggedInUser") @SessionScope public UserMaster userMaster() { UserMaster user; try { user = (UserMaster) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); user.setAuthorities(userService.getUserAuthorities(user.getUserId())); } catch (Exception e) { // TODO Auto-generated catch block System.out.println("user Not logged in"); } return user; }}and used in controller class as
JavaScript
@Autowired @Qualifier(value = "loggedInUser") UserMaster user;In most controllers it works OK, but in some controllers first logged in user object doesn’t change until I restart the application.
my logout configuration is as follows
JavaScript
.formLogin().loginPage("/loginForm").permitAll() .and() .formLogin().defaultSuccessUrl("/dashboard").and() .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .deleteCookies("JSESSIONID").clearAuthentication(true) .invalidateHttpSession(true).permitAll();Please help me where I am doing wrong. What I understand is , Session Scoped object should expire on logout, and it do changes but why not in some cases.
Advertisement
Answer
I by mistake assigned a different object of same type and same id to user in controller, changing code to remove that assignment fixed the problem.