问题:
带有执行器和自定义安全性的Spring boot OpenSessionInViewFilter
丌官翰采
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().anyRequest().fullyAuthenticated()
.and().httpBasic().authenticationDetailsSource(new WebAuthenticationDetailsSource()
{
@Override
public WebAuthenticationDetails buildDetails(HttpServletRequest context)
{
return new ThirdPartyAuthenticationDetails(context);
}
})
.and().csrf().disable();
}
}
@Configuration
public class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter
{
@Autowired
private DataSource dataSource;
@Autowired
@Qualifier("thirdPartySystemDAO")
private EntityDAO<ThirdPartySystem> thirdPartySystemDAO;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception
{
auth.authenticationProvider(authenticationProvider());
}
@Bean
public AuthenticationProvider authenticationProvider()
{
ThirdPartyAuthenticationProvider result = new ThirdPartyAuthenticationProvider();
result.setSecurityService(thirdPartySecurityService());
return result;
}
@Bean
public ThirdPartySecurityService thirdPartySecurityService()
{
ThirdPartySecurityServiceImpl result = new ThirdPartySecurityServiceImpl();
result.setJdbcTemplate(new JdbcTemplate(dataSource));
result.setThirdPartySystemDAO(thirdPartySystemDAO);
return result;
}
}
org.hibernate.HibernateException: Could not obtain transaction-synchronized Session for current thread
at org.springframework.orm.hibernate4.SpringSessionContext.currentSession(SpringSessionContext.java:134) ~[spring-orm-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.hibernate.internal.SessionFactoryImpl.getCurrentSession(SessionFactoryImpl.java:988) ~[hibernate-core-4.2.2.Final.jar:4.2.2.Final]
at com.redi.dao.hibernate.HibernateDAO.getCurrentSession(HibernateDAO.java:495) ~[redi-dao-4.3.0.jar:4.3.0]
at com.redi.dao.hibernate.HibernateDAO.createQuery(HibernateDAO.java:460) ~[redi-dao-4.3.0.jar:4.3.0]
at com.redi.dao.hibernate.HibernateDAO.findOneWhere(HibernateDAO.java:58) ~[redi-dao-4.3.0.jar:4.3.0]
at com.mycompany.DefaultVerifiService.getInstitution(DefaultVerifiService.java:349) ~[classes/:na]
at com.mycompany.thirdparty.ws.security.ThirdPartyAuthenticationProvider.retrieveUser(ThirdPartyAuthenticationProvider.java:36) ~[classes/:na]
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:143) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) ~[tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) ~[tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:537) [tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1085) [tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:658) [tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222) [tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1556) [tomcat-embed-core-8.0.15.jar:8.0.15]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1513) [tomcat-embed-core-8.0.15.jar:8.0.15]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_51]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_51]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.15.jar:8.0.15]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_51]
共有1个答案
司业
注册OpenSessionInViewFilter,将以下代码放在您的配置类上:
@Bean
public FilterRegistrationBean registerOpenEntityManagerInViewFilterBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
OpenEntityManagerInViewFilter filter = new OpenEntityManagerInViewFilter();
registrationBean.setFilter(filter);
registrationBean.setOrder(5);
return registrationBean;
}
你必须记住...如果使用的是Hibernate,请声明OpenSessionInViewFilter。但是如果您使用的是JPA,请声明OpenEntityManagerInViewFilter。
祝你好运.
类似资料:
-
我正在为Spring Security实现一个自定义的AngularJS登录页面,但在身份验证方面存在问题。 遵循本教程/示例,他们的示例在本地工作得很好。 值得注意的变化(也很可能是我的问题的根源): > 文件结构更改 使用严格的Angular(没有jQuery)--这将导致发出POST请求所需的不同函数 用bower代替wro4j 角代码样式/范围 许多相关的Spring Security问题
-
我有一个带有OAuth2授权和资源服务器的Spring引导设置。用户可以通过向发出POST请求来获取令牌。到目前为止,一切都很好。 但是,我不想通过基本auth保护,而是通过自定义安全过滤器。 一些简单的例子如何实现这一点将是非常有帮助的。谢谢!
-
Spring Boot执行器endpoint默认受基本http安全保护。 这个可以改成使用Spring Security吗?我已经成功地设置了Spring Security并使用它来保护我的其他页面。 我尝试了并在授权请求中添加了(注意,我使用了不同的url作为endpoint的根用户),但这没有帮助。我一直得到一个基本的http身份验证日志,它不是用户在AuthenticationManager
-
我正在使用这个环境: Spring 4.0.5 Spring security 3.2.4 在我的环境中,我有一个SSO系统,我需要在这个系统中集成我的web应用程序。这个系统是私人产品。SSO机制的最终结果是在请求头中放置一个参数。所以我在申请中应该做的是: null 此场景类似于CAS集成场景;所以我从CAS集成着手;我写了我的自定义过滤器,我写了我的自定义入口点和处理请求所需的所有其他类,但
-
我们正在使用spring和Spring-Security-3.2。最近,我们向RESTAPI添加了注释@preauthorize(以前是基于URL的)。 我们已经有了用-@ControllerAdvice和自定义的PermissionEvaluator注释的全局异常处理程序,除了错误消息之外,其他一切都正常工作。 是否可能抛出一个包含权限名称的异常,所以最终的错误消息应该是“Access Is d