'Prevent spring to default to session authentication when using JWT

I have a spring boot application which is secured by Azure AD oauth2. I use JWT authorization. in securityConfig

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .anyRequest().authenticated()
                .and()
                .oauth2ResourceServer().jwt();
    }

I also save some things inside session. But I found out that users can bypass JWT authentication if they already authenticated, because spring boot saves authentication inside session. How Can I disable this behavior and only allow authorization via JWT.

Solution 1:^[1]

Try this :

@Override
    protected void configure(HttpSecurity http) throws Exception {
       http.sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source
Solution 1	Bessem Manita

'Prevent spring to default to session authentication when using JWT

Solution 1:[1]

Sources

Related Questions

Solution 1:^[1]