Persist Spring Session without Spring Security

Question

I am seeking assistance in configuring Spring Boot to persist a Spring Session without using Spring Security.

I started with the HttpSession JDBC Spring Boot sample app, to persist a Spring Session for a Spring Boot app. However this uses Spring Security. When removing Spring Security, the session ceases to be persisted in the H2 database. The XML config and Java config sample apps do not utilize Spring Security. Thus, not a requirement.

The guide states that the springSessionRepositoryFilter will create the Spring Session. However, after removing Spring Security and debugging this filter (SessionRepositoryFilter), the boolean passed to SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(boolean) is never set to true. Thus, the Spring Session is never created and persisted.

Any suggestions on additional configuration required to persist a Spring Session for a Spring Boot app, without Spring Security?

Here are the relevant classes, pom.xml, and application.property file:

@SpringBootApplication
public class SbWebSessionJdbcApplication {

    public static void main(String[] args) {
        SpringApplication.run(SbWebSessionJdbcApplication.class, args);
    }
}

@EnableJdbcHttpSession 
public class HttpSessionConfig {
}

pom.xml

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.3.5.RELEASE</version>
    <relativePath/>
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <java.version>1.8</java.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.session</groupId>
        <artifactId>spring-session-jdbc</artifactId>
        <version>1.2.0.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.session</groupId>
        <artifactId>spring-session</artifactId>
        <version>1.2.0.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-jdbc</artifactId>
    </dependency>

    <dependency>
        <groupId>com.h2database</groupId>
        <artifactId>h2</artifactId>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

application.properties

spring.thymeleaf.cache=false
spring.template.cache=false
spring.datasource.schema=classpath:org/springframework/session/jdbc/schema-h2.sql
spring.h2.console.enabled=true
logging.level.org.springframework.web=DEBUG

Answer 1

Actually, there isn't anything more in particular you need to configure - you just need to initiate the creation of HttpSession and use it according to your needs. For example, the simplest way to achieve this would be to have Spring MVC controller method with HttpSession as an argument.

Check out this repo on Github, in particular basic-jdbc module. It's exactly the sample you're looking for - Spring Boot application with Spring Session but without Spring Security.