OAuth2ClientContext (spring-security-oauth2) not persisted in Redis when using spring-session and spring-cloud-security

Question

Thanks a lot in advance for reading this question.

Setup

I am using:

• spring-security-oauth2:2.0.7.RELEASE
• spring-

Answer 1

I came across this post and I have the exact same issue with some minor differences:

• my application is not a Spring Boot application
• I use JDBC persistence instead of Redis

However, and this might save some hours of future readers, the above solution also worked for me. Since I'm not using Spring Boot, I'll publish the solution here to be applied in a non Spring Boot application using web.xml configuration.

The "trick" is to define in the web.xml the RequestContextFilter. As far as my testing goes I have not seen any border effects of having both the request context filter living aside the request context listener.

What is important is the ordering of the filters. You need to define the filters in this order in your web.xml:

• session repository filter
• request context filter
• security filter

So something like:

    springSessionRepositoryFilter
    org.springframework.web.filter.DelegatingFilterProxy


    springSessionRepositoryFilter
    /*



    requestContextFilter
    org.springframework.web.filter.RequestContextFilter


    requestContextFilter
    /*



    springSecurityFilterChain
    
        org.springframework.web.filter.DelegatingFilterProxy
    


    springSecurityFilterChain
    /*

If this helps you save a few hours of digging into Stackoverflow and other web sites, it makes my day.