您好我已经编写了一个身份验证事件侦听器模块,用于在最大登录尝试后锁定用户。
<beans:bean id="ftfStatsAuthenticationEvent" class="com.ibm.ftfstats.auth.FTFStatsAuthenticationEvent">
<beans:property name="userMgr" ref="userManager"></beans:property>
</beans:bean>
这是用于捕获AuthenticationFailure事件的模块的定义方式
public void onApplicationEvent(ApplicationEvent event) {
// TODO Auto-generated method stub
if(event instanceof AuthenticationFailureBadCredentialsEvent){
onAuthenticationFailureBadCredentialsEvent((AuthenticationFailureBadCredentialsEvent)event);
}else if(event instanceof AuthenticationSuccessEvent){
onAuthenticationSuccessEvent((AuthenticationSuccessEvent)event);
}
}
public void onAuthenticationFailureBadCredentialsEvent(AuthenticationFailureBadCredentialsEvent event){
Authentication authentication = event.getAuthentication();
String userId = authentication.getName();
System.out.println("bad credential for user : " + userId);
getUserMgr().encounterFailedlogin(userId);
User user = getUserMgr().getUserById(userId);
}
getUserMgr()返回一个用户管理器类,其中encounterFailedlogin(userId)方法被定义为
public User encounterFailedlogin(String userId) {
// TODO Auto-generated method stub
User user = getUserDAO().getUserById(userId);
return encounterFailedlogin(user);
}
@Transactional
public User encounterFailedlogin(User user) {
// TODO Auto-generated method stub
int failedAttempts = user.getFailedAttempts() + 1;
user.setFailedAttempts(failedAttempts);
System.out.println("updating user");
updateUser(user);
return getUserDAO().getUserById(user.getUserID());
//return true;
}
@Transactional
public boolean updateUser(User user){
getUserDAO().updateUser(user);
return true;
}
用户DAO定义为:
public void addUser(User user){
getSessionFactory().getCurrentSession().save(user);
}
我的应用程序上下文文件定义为
<!-- UserDB Session Factory Declaration -->
<bean id="UserSessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="UserDataSource" />
<property name="annotatedClasses">
<list>
<value>com.ibm.ftfstats.data.user.model.User</value>
<value>com.ibm.ftfstats.data.user.model.Environment</value>
<value>com.ibm.ftfstats.data.user.model.Role</value>
<value>com.ibm.ftfstats.data.user.model.Question</value>
<value>com.ibm.ftfstats.data.user.model.SearchCriteria</value>
<value>com.ibm.ftfstats.data.user.model.UserRequest</value>
<value>com.ibm.ftfstats.data.user.model.RequestType</value>
<value>com.ibm.ftfstats.data.user.model.RequestComment</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.show_sql">true</prop>
</props>
</property>
</bean>
<bean id = "transactionManager" class = "org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name = "sessionFactory" ref = "UserSessionFactory" />
</bean>
<tx:annotation-driven/>
<!-- DAOs List goes here -->
<bean id="UserDAO" class="com.ibm.ftfstats.data.dao.UserDAO">
<property name="sessionFactory" ref="UserSessionFactory"></property>
<property name="msg" ref="msgBundle"></property>
</bean>
<bean id="userManager" class="com.ibm.ftfstats.service.impl.UserManagerImp">
<property name="userDAO" ref="UserDAO" />
</bean>
这是我在登录表单中输入错误凭据时收到的错误
SEVERE: Servlet.service() for servlet default threw exception
org.hibernate.HibernateException: No Session found for current thread
at org.springframework.orm.hibernate4.SpringSessionContext.currentSession(SpringSessionContext.java:97)
at org.hibernate.internal.SessionFactoryImpl.getCurrentSession(SessionFactoryImpl.java:978)
at com.ibm.ftfstats.data.dao.UserDAO.updateUser(UserDAO.java:35)
at com.ibm.ftfstats.data.dao.UserDAO$$FastClassByCGLIB$$37731f27.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:627)
at com.ibm.ftfstats.data.dao.UserDAO$$EnhancerByCGLIB$$388b21db.updateUser(<generated>)
at com.ibm.ftfstats.service.impl.UserManagerImp.updateUser(UserManagerImp.java:97)
at com.ibm.ftfstats.service.impl.UserManagerImp.encounterFailedlogin(UserManagerImp.java:84)
at com.ibm.ftfstats.service.impl.UserManagerImp.encounterFailedlogin(UserManagerImp.java:74)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy17.encounterFailedlogin(Unknown Source)
at com.ibm.ftfstats.auth.FTFStatsAuthenticationEvent.onAuthenticationFailureBadCredentialsEvent(FTFStatsAuthenticationEvent.java:42)
at com.ibm.ftfstats.auth.FTFStatsAuthenticationEvent.onApplicationEvent(FTFStatsAuthenticationEvent.java:29)
任何人都可以建议我哪里出错了。
答案 0 :(得分:1)
通常,当在类中调用方法但仅从其他类调用方法时,spring代理不起作用。您可以使用aspectj解决该问题或重新设计您的课程。
答案 1 :(得分:0)
您确定在应用程序上下文中定义了UserDataSource吗?我没有看到一个。
答案 2 :(得分:0)
public User encounterFailedlogin(String userId)需要使用@Transactional进行注释。据我所知,这是从课外调用的方法。
return encounterFailedlogin(user);是内部呼叫,因此不代理。所以在这种情况下public User encounterFailedlogin(User user)不知道是交易性的。