Session in Spring Boot application

Question

My project is a springboot application with basic crud functionality with a login page using HTML and CSS only. How do I add session for login and logout

Answer 1

Spring Security is best option for authentication and authorization. For login, if new user got logged in then you need to maintain session for particular user until logout. You can use Spring security session management.

http://www.baeldung.com/spring-security-session

You can set UserDetails object in http.setAttribute("USER_DETAILS", userDetails);

(userDetails is object of UserDetails which is in built class)

You can use this httpSession object like httpSession.getAttribute("USER_DETAILS"); for manipulation further. For logout use can use httpSession.invalidate() method.

Answer 2

As others have suggested, you can use Spring security. Or if you don't want to deal with the complexities of Spring Security, you can get HttpSession object in your controller's handlers' methods' arguments. You can set values or objects in that session using HttpSession.setAttribute("name you want to refer to", actual value or object) once a user logs in. And when a user presses logout, you can use HttpSession.invalidate(); to finish the session.

Answer 3

It is recommended to use Spring Security.

You can find a lot of example if you search for "spring security tutorial" in google.

For instance it is an offical tutorial with angular js (1.x) https://spring.io/guides/tutorials/spring-security-and-angular-js/

If you don't want to use spring security you have to create a http session and store the logged in user data in http session.

In spring you can inject the HttpSession to your bean and you can add session attributes, or you can create a session scoped bean.

Answer 4

easy tutorial of spring web security see link here and here

Answer 5

The best solution to this would be the use of Spring Security. Take a look at this: https://spring.io/guides/gs/securing-web/.