在Spring+SpringMvc+hibernate4项目中整合springsecurity时报出No Session found for current thread
0
[已关闭问题]
关闭于 2018-01-24 18:53
我在项目中支持springsecurity时UserDetailsService类中loadUserByUsername()方法在调用持久层时报出:No Session found for current thread。迟迟解决不了~
问题补充:
java.lang.RuntimeException: No Session found for current thread
at com.thundersoft.fota.security.MyAuthenticationProvider.authenticate(MyAuthenticationProvider.java:50)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:92)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.thundersoft.fota.utils.SystemContextFilter.doFilter(SystemContextFilter.java:36)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2549)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2538)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
我的security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/c" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 自动配置模式,拦截所有请求--> <http auto-config="true" use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint"> <!--超管界面--> <intercept-url pattern="/index" access="hasRole('ROLE_SUPER_ADMIN')"/> <intercept-url pattern="/vendor/**" access="hasRole('ROLE_SUPER_ADMIN')"/> <!--用户界面--> <intercept-url pattern="/index" access="hasRole('ROLE_VENDOR_ADMIN')"/> <intercept-url pattern="/campaign/**" access="hasRole('ROLE_VENDOR_ADMIN')"/> <intercept-url pattern="/device/**" access="hasRole('ROLE_VENDOR_ADMIN')"/> <intercept-url pattern="/failDevice/**" access="hasRole('ROLE_VENDOR_ADMIN')"/> <intercept-url pattern="/firmware" access="hasRole('ROLE_VENDOR_ADMIN')"/> <intercept-url pattern="/group/**" access="hasRole('ROLE_VENDOR_ADMIN')"/> <intercept-url pattern="/model/**" access="hasRole('ROLE_VENDOR_ADMIN')"/> <intercept-url pattern="/user" access="hasRole('ROLE_VENDOR_ADMIN')"/> <!--厂商界面--> <intercept-url pattern="/index" access="hasRole('ROLE_MODEL_USER')"/> <intercept-url pattern="/campaign/**" access="hasRole('ROLE_MODEL_USER')"/> <intercept-url pattern="/firmware" access="hasRole('ROLE_MODEL_USER')"/> <intercept-url pattern="/device/**" access="hasRole('ROLE_MODEL_USER')"/> <intercept-url pattern="/group/**" access="hasRole('ROLE_MODEL_USER')"/> </http> <!--配置登陆页面--> <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/home"></beans:property> </beans:bean> <!-- 认证管理器。访问后端MyUserDetailsService,访问数据库验证--> <beans:bean id="myUserDetailsService" class="com.thundersoft.fota.security.MyUserDetailsServiceImpl"/> <beans:bean id ="TCustomerAuthenticationProvider" class="com.thundersoft.fota.security.MyAuthenticationProvider"> <beans:property name="myUserDetailsService" ref="myUserDetailsService"></beans:property> </beans:bean> <authentication-manager alias="testingAuthenticationManager"> <authentication-provider ref="TCustomerAuthenticationProvider" /> </authentication-manager> <!-- 指定中文资源 。默认命名空间是security,所以要加前缀beans: --> <beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <beans:property name="basename" value="org.springframework.security.messages"/> </beans:bean> </beans:beans>
------------------------------------------------------------------------------------------
我的UserDetailsService
package com.thundersoft.fota.security; import com.thundersoft.fota.dao.UserDao; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import java.util.*; /** * @author: * Created by tom_plus on 2018年01月15日 */ @Service public class MyUserDetailsServiceImpl implements UserDetailsService { private static final Logger logger = LoggerFactory.getLogger(MyUserDetailsServiceImpl.class); @Autowired private UserDao userDao; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User detail = null; //判断用户输入username是否为null if(username != null){ ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<>(); //根据username获取User对象 com.thundersoft.fota.model.User userByUserName = userDao.getUserByUserName(username);这里报错 //判断User对象是否为空 if (userByUserName != null){ //获取服务器端用户名及密码 String userPwd = userByUserName.getUserPwd(); String userName = userByUserName.getUserName(); //获取该用户在服务器端的权限 List<String> roleName = userDao.getRoleName(username); //获取权限并添加进SimpleGrantedAuthority对象中 SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_"+roleName.get(0)); authorities.add(authority); detail = new User(userName, userPwd, authorities); return detail; } } else { logger.error("用户["+username+"]不存在"); } return detail; } }
