如何使用Grails 3在UserDetailsS​​ervice中获取Session?

时间:2017-09-15 19:08:37

标签: grails spring-security grails-3.0

我有一个Grails 2.5应用程序,我正在尝试使用Spring Security Core插件(3.2.0.M1)升级到3.3,并使用Siteminder进行preauth设置。在我的UserDetailsS​​ervice中,我得到了这样的会话:

UserDetails loadUserByUsername(String userId, boolean loadRoles) throws UsernameNotFoundException, DataAccessException {
    org.grails.web.util.WebUtils.retrieveGrailsWebRequest().getCurrentRequest().getSession()

我需要获得超过传入应用程序的单个标头,并且在本地运行应用程序时按预期工作但在运行战争时,在weblogic 12.2.1上,我收到此错误:

No thread-bound request found: Are you referring to request attributes outside of an 
actual web request, or processing a request outside of the originally receiving thread? 
If you are actually operating within a web request and still receive this message, your code
is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use 
RequestContextListener or RequestContextFilter to expose the current request.

我也尝试过:

((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();

但是在getRequest()上遇到了NPE。使用Spring Sec Core插件2.0-RC6在Grails 2.5中运行时,RequestContextHolder方式正常工作。是否有不同的方法可以抓住标题?或者我可能从我以前的Config.groovy文件中删除了一些属性到application.groovy可能会导致问题吗?

resources.groovy:

beans = {

userDetailsService(com.myapp.security.MyUserDetailsService)

userDetailsServiceWrapper(org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper) {
        userDetailsService = ref('userDetailsService')
}

preauthAuthProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider) {
        preAuthenticatedUserDetailsService = ref('userDetailsServiceWrapper')
}

requestHeaderAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter){
    principalRequestHeader='smauthid'
    checkForPrincipalChanges = false
    invalidateSessionOnPrincipalChange = false
    continueFilterChainOnUnsuccessfulAuthentication = true
    authenticationManager = ref('authenticationManager')
}

}

BootStrap.groovy中

    SpringSecurityUtils.clientRegisterFilter('requestHeaderAuthenticationFilter', SecurityFilterPosition.PRE_AUTH_FILTER)

application.groovy 

    grails.plugin.springsecurity.filterChain.chainMap = [
        [pattern: '/assets/**',      filters: 'none'],
        [pattern: '/**/js/**',       filters: 'none'],
        [pattern: '/**/css/**',      filters: 'none'],
        [pattern: '/**/images/**',   filters: 'none'],
        [pattern: '/**/favicon.ico', filters: 'none'],
        [pattern: '/index/nouser',   filters: 'none'],
        [pattern: '/nouser',         filters: 'none'],
        [pattern: '/**',             filters: 'JOINED_FILTERS']
    ]
    grails.plugin.springsecurity.providerNames = ['preauthAuthProvider']

1 个答案:

答案 0 :(得分:0)

我不确定在UserDetailsS​​ervice中获取Session是否有任何不同,但我得到了我的会话:

session["task"]=object

您可以在此处详细了解会话:Grails 3 latest Session documentation

编辑1 

def show(Project project) {
        respond project
        def object = project //params of the Task "task"
        session["task"]=object 
}
相关问题
最新问题