java.lang.IllegalStateException:getAttributeNames:会话已在Spring安全性HttpSessionDestroyedEvent中失效

时间:2017-06-14 13:20:56

标签: java spring spring-security spring-java-config

当我尝试处理SessionDestroyEvent时会发生此异常:

public class SessionEndedListener implements ApplicationListener<SessionDestroyedEvent> {
    private final ContractorService contractorService;

    @Autowired
    public SessionEndedListener(ContractorService contractorService) {
        this.contractorService = contractorService;
    }

    @Override
    public void onApplicationEvent(SessionDestroyedEvent sessionDestroyedEvent) {
        sessionDestroyedEvent.getSecurityContexts()
    }
}

发生这种情况是因为SessionDestroyedEvent会话已经失效。 但在HttpSessionEventPublisher会话有效。

java.lang.IllegalStateException: getAttributeNames: Session already invalidated
    at org.apache.catalina.session.StandardSession.getAttributeNames(StandardSession.java:1199)
    at org.apache.catalina.session.StandardSessionFacade.getAttributeNames(StandardSessionFacade.java:120)
    at org.springframework.security.web.session.HttpSessionDestroyedEvent.getSecurityContexts(HttpSessionDestroyedEvent.java:51)
    at com.ordotrans.util.listener.SessionEndedListener.onApplicationEvent(SessionEndedListener.java:29)
    at com.ordotrans.util.listener.SessionEndedListener.onApplicationEvent(SessionEndedListener.java:18)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:159)
    at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:134)
    at java.lang.Thread.run(Thread.java:745)

1 个答案:

答案 0 :(得分:0)

我找到了解决方案,但看起来像是一个拐杖。

@WebListener
public class SessionCounterListener implements HttpSessionListener {

    @Override
    public void sessionCreated(HttpSessionEvent httpSessionEvent) {
        HttpSession session = httpSessionEvent.getSession();
        session.setMaxInactiveInterval(60*15);
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {

        HttpSession session = httpSessionEvent.getSession();
        SessionDestroyedEvent sessionDestroyedEvent = new HttpSessionDestroyedEvent(session);
        ApplicationContext ctx =
                WebApplicationContextUtils.
                        getWebApplicationContext(session.getServletContext());
        ContractorService contractorService = (ContractorService) ctx.getBean("contractorService");
        for (SecurityContext securityContext : sessionDestroyedEvent.getSecurityContexts()) {
            Authentication authentication = securityContext.getAuthentication();
            CustomUserDetails customUserDetails = (CustomUserDetails) authentication.getPrincipal();

        }

    }

}
相关问题
最新问题