java getSession（）。setAttribute（）

Question

我必须对现有项目（tomcat和java WebApplication）进行改进。 现在，在loginForm中，如果用户输入正确的登录名和密码，那就OK， 用户将显示主页。但是当任何用户输入错误密码时 或者可能是他的帐户暂时被锁定，所以再次向用户显示loginform， 用户无法知道他为什么无法登录，因为他无法登录。 （例如“无效的用户名/密码”，“用户帐户已锁定”，...）。 现在我想插入会话错误消息，其中还包括用户无法登录的原因。 将名为“LoggingError”的属性插入（保存）到会话。 我写的是：

request.getSession().setAttribute("LoggingError", message);

但在运行应用程序时，在此行中

request.getSession().setAttribute("LoggingError", message);

在网页中出现错误：

type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
java.lang.NullPointerException
    com.se.eee.security.EeeAuthenticationProvider.authenticate(EeeAuthenticationProvider.java:153)
    net.sf.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:159)
    net.sf.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
    net.sf.ace
...
...

这里是EeeAuthenticationProvider.java的java代码

package com.se.eee.security;

import net.sf.acegisecurity.*;
import net.sf.acegisecurity.providers.AuthenticationProvider;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
import net.sf.acegisecurity.providers.dao.event.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import com.se.eee.bus.*;
import com.se.eee.bus.SecurityManager;
import com.se.spring.datasource.core.MakeConnectionException;
import com.se.spring.ext.CurrentRequestContext;
import com.opensymphony.webwork.interceptor.SessionAware;
import com.opensymphony.webwork.interceptor.ServletRequestAware;

import javax.servlet.http.HttpServletRequest;
import java.util.Map;

public class EeeAuthenticationProvider implements AuthenticationProvider, SessionAware, ServletRequestAware {
  private static Log log = LogFactory.getLog(EeeAuthenticationProvider.class);
  private JDBCProperties jdbcProp;
  private ApplicationContext context;
  private SecurityManager securityManager;
  private HttpServletRequest request;

  public void setServletRequest(HttpServletRequest req) {
          this.request = req;
  }
  public void setSession(Map session) {
        //To change body of implemented methods use File | Settings | File Templates.
  }

  public void setSecurityManager(SecurityManager securityManager) {
    this.securityManager = securityManager;
  }

  public void setApplicationContext(ApplicationContext applicationContext)
      throws BeansException {
    this.context = applicationContext;
  }

  public void setJdbcProp(JDBCProperties jdbcProp) {
        this.jdbcProp = jdbcProp;
  }

  public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    // Determine username
    // log.warn((authentication.isAuthenticated()?"Already Authenticated. Skip it!":"")+"authenticate: "+authentication);
  if(authentication.isAuthenticated()) {
      //log.warn("Already Authenticated. Skip it!");
    return authentication;
  }
  String username = "NONE_PROVIDED";

  if (authentication.getPrincipal() != null) {
    username = authentication.getPrincipal().toString();
  }

  if (authentication.getPrincipal() instanceof UserDetails) {
    username = ((UserDetails) authentication.getPrincipal()).getUsername();
  }

  UserDetails user = null;
  com.se.eee.bus.User principal=null;

  try
    {
      JDBCProperties props = jdbcProp.deserialize();
      String input_passwords= authentication.getCredentials().toString();
      String[] psd = input_passwords.split(":");
      Filial fil = props.getFilial(psd[1]);

      String sgn = input_passwords;
      int i= sgn.indexOf(":", 1);
      sgn = sgn.substring(i+1,sgn.length());
      i= sgn.indexOf(":", 1);
      sgn = sgn.substring(i+1,sgn.length());

      if(fil==null)username=null;
      securityManager.makeConnect(username, psd[0], fil);
      user=new User(username, "skipped",true,true,true,true, new  GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_USER")});
      //set connection for DataSource
      ContextDataBean dataBean=(ContextDataBean)CurrentRequestContext.get();
      dataBean.setUserKey(username+fil.id);

      principal=securityManager.getUserByLogin(username.toUpperCase());
      if(principal == null) throw new UsernameNotFoundException("Couldn't login.");

      principal.setLogin(username);
      principal.setPassword("******");
      //principal.setBranch(fil.id);

      if (principal.getBanktype().equals("055"))
      {
        if ( sgn!=null && sgn.length() != 0)
        {
            securityManager.insUserKey(principal.getBranch(), principal.getId(), sgn);
            com.se.eee.bus.Document docum = new com.se.eee.bus.Document();
            docum.setBranch(principal.getBranch());
            docum.setEmpId(principal.getId());
            docum.setErrCode("991");
            docum = securityManager.getAnswerUserKey(docum);
            if (!docum.getErrCode().equals("000")) throw new UsernameNotFoundException("Key code error. User: "+principal.getLogin());
        }
        else
        {
            throw new UsernameNotFoundException("error while inserting test key code. please touch i-key or check loginform.ftl. user: "+principal.getLogin());
        }
      }
    }
  catch (MakeConnectionException mex)
    {
      log.error(mex.getMessage());
      if (this.context != null) {
        context.publishEvent(new AuthenticationFailureUsernameOrPasswordEvent(authentication, new User("".equals(username)? "EMPTY_STRING_PROVIDED" : username, "*****", false, false, false, false, new GrantedAuthority[0])));
      }
      throw new BadCredentialsException("Couldn't login connection problem.");
    }
  catch(Exception ex)
  {
    Throwable cause=ex.getCause();
    String message=null;
    if(cause!=null)message = cause.getMessage();
    else message = ex.toString();
    log.error(message);

// здес я пытаюс написать в session
 request.getSession().setAttribute("LoggingError", message);
// но код не компилируется

    throw new UsernameNotFoundException("Couldn't login.");
  }
  return createSuccessAuthentication(principal, authentication, user);

  }
  protected Authentication createSuccessAuthentication(Object principal, Authentication authentication, UserDetails user) {
      UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal, authentication.getCredentials(), user.getAuthorities());
      result.setDetails((authentication.getDetails() != null) ? authentication.getDetails() : null);
      result.setAuthenticated(true);
      return result;
  }

  public boolean supports(Class aClass) {
    if (UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass)) return true;
    return false;
  }
}

Answer 1

如果您的请求对象是HttpServletRequest对象，那么这应该可以。

如果这不是问题，您可以发送确切的代码片段（不应该需要整个程序）和确切的错误消息吗？

Answer 2

这应该有效。

request.getSession(true).setAttribute("LoggingError", message); 

Answer 3

您的身份验证提供程序是否指定为prototype范围bean？不确定Struts / WebWork如何与Spring完全集成，但如果你的bean是singleton，它就无法工作。

换句话说，请确保调用setServletRequest。

顺便说一句，这个应用程序必须很旧，如果它有这样的软件包名称。