Problem with sessionStore in v5.0.0

[rodolfosaraiva]

Issue description

I'm using grails-spring-security-rest version 5.0.0 with grails 6.2.2

When trying to log in with Google2Client, I'm getting the following error:

Cannot invoke "org.pac4j.core.context.session.SessionStore.set(org.pac4j.core.context.WebContext, String, Object)" because "sessionStore" is null

Trying to debug, I saw that in RestOauthService it is passing the sessionStore as null:

And it's used in final Optional<Credentials> getCredentials:

What could I be doing wrong?

If I customize the client, overriding retrieveCredentials to use JEESessionStore.INSTANCE.

The exception is thrown in cleanAttemptedAuthentication. which I was unable to override.

[jdaugherty]

Thanks for reporting the issue. When we back ported these changes, it looks like this got missed (the session doesn't exist in the later versions).

Do you have an example project that reproduces this scenario?

[rodolfosaraiva]

Thanks for reporting the issue. When we back ported these changes, it looks like this got missed (the session doesn't exist in the later versions).

Do you have an example project that reproduces this scenario?

I created a project to reproduce this error:
https://github.com/rodolfosaraiva/spring-security-rest-test-impl

This is the basic authentication flow through the Google client. In the project, I included a readme that simulates the Google callback (so you don't have to configure an app on Google). The error occurs on the first call

[rodolfosaraiva]

If you can release the release with these changes I would really appreciate it.

[jdaugherty]

Thank you for doing the leg work on the project. This will make sure we get a test added so it doesn't break in the future. I'll get the snapshot done today. Can you test with it first then we'll release?

[rodolfosaraiva]

Thank you for doing the leg work on the project. This will make sure we get a test added so it doesn't break in the future. I'll get the snapshot done today. Can you test with it first then we'll release?

Sure, I can test it

[jdaugherty]

I've merged the pull request after testing it locally. It's now published (https://github.com/grails/grails-spring-security-rest/actions/runs/12355344062/job/34478858931)

Assuming you have a repository in your build.gradle to include the grails repo:

repositories {
    maven { url "https://repo.grails.org/grails/core" }
}

Then you should be able to use implementation 'org.grails.plugins:spring-security-rest:5.0.1-SNAPSHOT' to test this issue with the snapshot build. The only change in the snapshot is this fix.

[rodolfosaraiva]

I've merged the pull request after testing it locally. It's now published (https://github.com/grails/grails-spring-security-rest/actions/runs/12355344062/job/34478858931)

Assuming you have a repository in your build.gradle to include the grails repo:

repositories {
    maven { url "https://repo.grails.org/grails/core" }
}

Then you should be able to use implementation 'org.grails.plugins:spring-security-rest:5.0.1-SNAPSHOT' to test this issue with the snapshot build. The only change in the snapshot is this fix.

It worked! Thanks for solving the problem.

[jdaugherty]

You are welcome. I'll see if I can get this released quickly.

[jdaugherty]

5.0.1 is released with this change.