会话修复 - 访问会话中的值时出错

时间:2012-07-12 15:01:22

标签: grails spring-security

我正在编写一个使用Spring Security插件的grails应用程序。我打开了spring security插件的以下属性

  

grails.plugins.springsecurity.useSessionFixationPrevention = true   grails.plugins.springsecurity.SessionFixationPrevention.migrate = true   grails.plugins.springsecurity.SessionFixationPrevention.alwaysCreateSession   = true

我在AuthenticationProvider中有以下代码

  

def session =   RequestContextHolder.currentRequestAttributes()。的getSession()

     

session.key ="一些价值"

现在验证后,我的RememberMeService类的loginSuccess方法中的代码被调用,当我尝试获取放置的会话中的值时,我收到此错误

Ĵ

  

ava.lang.IllegalStateException:getAttribute:Session已经   无效于   org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1014)     在   org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:110)     在   org.codehaus.groovy.grails.web.servlet.mvc.GrailsHttpSession.getAttribute(GrailsHttpSession.java:45)     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at   sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)     在   sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)     在java.lang.reflect.Method.invoke(Method.java:597)at   org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite $ PojoCachedMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:229)     在   org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:52)     在   org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:40)     在   org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:54)     在   org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:124)     在   org.codehaus.groovy.grails.plugins.web.ServletsGrailsPlugin $ _closure1_closure2.doCall(ServletsGrailsPlugin.groovy:44)     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at   sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)     在   sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)     在java.lang.reflect.Method.invoke(Method.java:597)at   org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:88)     在   org.codehaus.groovy.runtime.metaclass.ClosureMetaMethod.invoke(ClosureMetaMethod.java:80)     在   groovy.lang.ExpandoMetaClass.getProperty(ExpandoMetaClass.java:1109)     在   org.codehaus.groovy.runtime.InvokerHelper.getProperty(InvokerHelper.java:161)     在   org.codehaus.groovy.runtime.callsite.PojoMetaClassGetPropertySite.getProperty(PojoMetaClassGetPropertySite.java:33)     在   org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGetProperty(AbstractCallSite.java:235)     在   com.teslagovernment.security.TabulaeRememberMeServices.loginSuccess(TabulaeRememberMeServices.groovy:59)     在   org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:294)     在   org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218)     在   org.codehaus.groovy.grails.plugins.springsecurity.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:40)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:378)     在   org.codehaus.groovy.grails.plugins.springsecurity.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:79)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:378)     在   org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:378)     在   org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:167)     在   org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)     在   org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)     在   org.codehaus.groovy.grails.web.servlet.filter.GrailsReloadServletFilter.doFilterInternal(GrailsReloadServletFilter.java:104)     在   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)     在   org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:69)     在   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)     在   org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:65)     在   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)     在   org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)     在   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)     在   org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)     在   org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)     在   org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)     在   org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)     在   org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)     在   org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)     在   org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)     在   org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)     在   org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)     在   org.apache.coyote.http11.Http11Protocol $ Http11ConnectionHandler.process(Http11Protocol.java:583)     在   org.apache.tomcat.util.net.JIoEndpoint $ Worker.run(JIoEndpoint.java:454)

我的问题是为什么会发生这种情况以及如何在AuthenticationProvider中设置数据  我可以在RememberMeService中访问哪些内容?

由于

1 个答案:

答案 0 :(得分:1)

尝试在身份验证后立即发出重定向,并在访问任何复制的会话属性之前尝试。验证后服务中的会话变量可能仍然是指请求上下文中的旧会话。重定向将刷新请求上下文。

否则,您可以在AuthenticationProvider中的spring security主体对象中存储任何其他属性。在提供者之外,您可以通过applicationSetext:

中的springSecurityService访问主体 
MyPrincipalObject obj = springSecurityService.principal
def key = obj.key
相关问题
最新问题