Announcement Announcement Module
No announcement yet.
issue with switch user (proxy) and @SessionAttributes annotation Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • issue with switch user (proxy) and @SessionAttributes annotation

    I am using the switch user in spring security along with a controller that has a @SessionAttributes annotation. I am seeing an issue wherein the object returned for the @SessionAttributes annotation to a method is at times the currently logged in user's session object and at other times it is a previously switched to user's session object.

    - log in as user X with switch user (proxy) rights
    - switch to user A and invoke controller methods that create and use the @SessionAttributes scoped object
    - switch to user B and perform functions that create the @SessionAttributes scoped object
    - continue using controller methods with @ModelAttribute in the signature which is the @SessionAttributes scoped object and I can see in the debugger that Spring will give me an object ID that is the object ID created for user A!!!

    Has anyone seen anything like this? Any thoughts on what might be happening?

  • #2
    answering my own question

    I guess i was expecting too much from spring in clearing out any objects in session that were annotated @SessionAttributes when using the switch user filter.

    But the fact that it took what it kept in memory and overwrote my object in session seems to be flat out wrong. Perhaps an exception thrown when it finds a different object in session?

    Anyway I resolved this by always checking for the session object first - before creating another - which is strange since each user's session should be distinct but switch user doesn't really provide that.