DWR and Spring Security - User is deauthenticated in few seconds

Posted by Vojtech on Stack Overflow See other posts from Stack Overflow or by Vojtech
Published on 2012-03-22T23:18:24Z Indexed on 2012/03/22 23:29 UTC
Read the original article Hit count: 242

Filed under:
|

I am trying to implement user authentication via DWR as follows:

public class PublicRemote {

    @Autowired
    @Qualifier("authenticationManager")
    private AuthenticationManager authenticationManager;


    public Map<String, Object> userLogin(String username, String password, boolean stay) {
        Map<String, Object> map = new HashMap<>();

        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);

        try {
            Authentication authentication = authenticationManager.authenticate(authRequest);
            SecurityContextHolder.getContext().setAuthentication(authentication);

            map.put("success", "true");

        } catch (Exception e) {
            map.put("success", "false");
        }

        return map;
    }


    public Map<String, Object> getUserState() {
        Map<String, Object> map = new HashMap<>();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        boolean authenticated = authentication != null && authentication.isAuthenticated();

        map.put("authenticated", authenticated);

        if (authenticated) {
            map.put("authorities", authentication.getAuthorities());
        }
        return map;
    }
}

The authentication works correctly and by calling getUserState() I can see that the user is successfully logged in. The problem is that this state will stay only for few seconds. In probably 5 seconds, the getAuthentication() starts returning null.

Is there some problem with session in DWR or is it some misconfiguration of Spring Security?

© Stack Overflow or respective owner

Related posts about spring-security

Related posts about dwr