我在泽西岛有Async Web Services,有Spring安全性,并且都运行在Tomcat容器中。
我有这个问题,当我启动Tomcat所有工作时,我可以调用我的API,我有响应。问题是,当我不打电话时,例如1小时,在我尝试调用一个API后,我有这个错误:
(SaveContextOnUpdateOrErrorResponseWrapper.java:148) - Skip saving SecurityContext since saving on response commited is disabled
为什么呢?是Tomcat配置问题?或Spring配置问题?
我的Tomcat配置是:
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector SSLEnabled="true"
clientAuth="true" keystoreFile="/home/antonio/Documenti/keystore/server.jks"
keystorePass="secret" maxThreads="200" port="8443"
protocol="HTTP/1.1" scheme="https" secure="true"
sslProtocol="TLS"
truststoreFile="/home/antonio/Documenti/keystore/servertruststore.jks"
truststorePass="secret"/>
API示例:
@Path("/getA")
@POST
@ManagedAsync
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public void lists(RequestData dataRequest,@Suspended final AsyncResponse response) throws JSONException {
service = (ServicesSt) ctx.getAttribute(services);
jdbcStudent = (PersonJDBCTemplate) ctx.getAttribute(dbStudent);
response.setTimeout(15, TimeUnit.SECONDS);
ListenableFuture<Result<Exam>> listsEx = service
.getTestsInterfaceAsync(dataRequest.getToken(),jdbcStudent);
Futures.addCallback(listsEx, new FutureCallback<Result<Exam>>() {
public void onSuccess(Result<Exam> tests) {
response.resume(tests);
}
我的安全配置是:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- To allow public access by default and to set authentication mode to
basic login/password -->
<security:global-method-security secured-annotations="enabled"/>
<security:http auto-config="true" >
<security:http-basic/>
<security:intercept-url pattern="/**" access="ROLE_DUMMY" requires-channel="https"/>
</security:http>
<!-- To delegate authorization to method calls rather than to urls -->
<!-- (Thus, we don't need to set any url-interceptor in this conf)
<security:global-method-security
pre-post-annotations="enabled" />-->
<!-- To create user/password with roles -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user authorities="ROLE_DUMMY" name="user"
password="pass" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>