Spring会话bean初始化事件

时间:2015-07-01 11:29:08

标签: spring authentication spring-security session-bean

在我的项目中,我需要SessionBean来存储与当前会话相关联的对象。在创建Session并且用户通过身份验证时,我想将对象设置为我的bean。

Bean定义:

<bean scope="session" class="org.example.SessionBean">
    <aop:scoped-proxy/>
</bean>

身份验证侦听器:

public class SpringAuthenticationListener implements ApplicationListener<ApplicationEvent> {

private LogService logService;

private UserService userService;

@Autowired
private SessionBean sessionBean;

public SpringAuthenticationListener(LogService logService, UserService userService) {
    this.logService = logService;
    this.userService = userService;
}

@Override
public void onApplicationEvent(ApplicationEvent e) {
    LogEvent logEvent = new LogEvent();

    if (e instanceof AuthenticationSuccessEvent) {
        AuthenticationSuccessEvent event = (AuthenticationSuccessEvent) e;
        UserDetails userDetails = (UserDetails) event.getAuthentication().getPrincipal();

        User loggedUser = userService.getUser( userDetails.getUsername() );
        sessionBean.setLoggedUser(loggedUser);
    } 
}

}

但是,问题是我无法获取当前SessionBean实例的实例。这是我的错误:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.org.example.SessionBean#0': Scope 'session' is not active for the current thread; consider defining a scoped proxy for this bean if you intend to refer to it from a singleton; nested exception is java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.

我该怎么做?什么事件或监听器将允许我用当前用户初始化SessionBean。

1 个答案:

答案 0 :(得分:1)

使用Filter过滤器运行的Spring Security在任何Servlet之前执行,因此也在DispatcherServlet之前执行。为了能够使用requestsession范围内的bean,需要RequestContext。这通常由DispatcherServlet准备。当想要在DispatcherServlet之外使用范围内的bean时,您需要进行一些额外的设置。正如例外情况所述:

  

使用RequestContextListener或RequestContextFilter公开当前请求。

要修复向web.xml添加RequestContextListenerRequestContextFilter的问题。使用后者时,请确保它在springSecurityFilterChain之前执行,否则它将不会生效。监听器总是在任何过滤器之前执行。

相关问题
最新问题