尝试验证用户 grails 3.0.17 和 spring security 3.1.2 时发生内部错误

问题描述 投票:0回答:0

我将 grails 2.4.4 升级到 grails 3.0.17 并使用 spring security core 3.1.2。 当我使用 -debug run-app 运行应用程序时,在我的 intellij iDEA 中,应用程序连接到数据库并创建会话,我可以用我的用户登录。当我将应用程序部署到 tomcat 服务器时,应用程序启动并连接到数据库,但无法使用我的用户登录。我遇到以下错误: `错误

grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter - 尝试对用户进行身份验证时发生内部错误。 org.springframework.security.authentication.InternalAuthenticationServiceException:找不到当前线程的会话 在 org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:127) ~[spring-security-core-4.1.0.RELEASE.jar:4.1.0.RELEASE] 在 org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:144) ~[spring-security-core-4.1.0.RELEASE.jar:4.1.0.RELEASE] 在 org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) ~[spring-security-core-4.1.0.RELEASE.jar:4.1.0.RELEASE] 在 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) [catalina.jar:9.0.68] 在 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) [catalina.jar:9.0.68] 在 org.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:75) [grails-web-mvc-3.0.17.jar:3.0.17] 在 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.8.RELEASE.jar:4.1.8.RELEASE] 原因:org.hibernate.HibernateException:找不到当前线程的会话 在 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)~[na:1.8.0_362] org.kv.server.core.UserDetailsService.loadUserByUsername(UserDetailsService.groovy:36) ~[doc-server-core-plugin-0.1-SNAPSHOT.jar:na]org.kv.server.core.UserDetailsService$$FastClassBySpringCGLIB$$8b074712.invoke() ~[spring-core-4.1.8.RELEASE.jar:na] 在 org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)~[spring-core-4.1.8.RELEASE.jar:4.1.8.RELEASE] 在 org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:717) ~[spring-aop-4.1.8.RELEASE.jar:4.1.8.RELEASE] 在 org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.1.8.RELEASE.jar:4.1.8.RELEASE] 在 org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) ~[spring-tx-4.1.8.RELEASE.jar:4.1.8.RELEASE] 在 org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)~[spring-tx-4.1.8.RELEASE.jar:4.1.8.RELEASE] 在 org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) ~[spring-tx-4.1.8.RELEASE.jar:4.1.8.RELEASE] 在 org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)~[spring-aop-4.1.8.RELEASE.jar:4.1.8.RELEASE] 在 org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653) ~[spring-aop-4.1.8.RELEASE.jar:4.1.8.RELEASE] 在 org.kv.server.core.UserDetailsService$$EnhancerBySpringCGLIB$$449500a4.loadUserByUsername() ~[spring-core-4.1.8.RELEASE.jar:na] 在 org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:115) ~[spring-security-core-4.1.0.RELEASE.jar:4.1.0.RELEASE] ...省略了52个常见的框架

1-我使我的服务具有交易性:

更高的是代码:

class UserDetailsService implements GrailsUserDetailsService {
   // def sessionFactory
    private static final Logger log = LoggerFactory.getLogger(UserDetailsService.class.name)
    static final List NO_ROLES = [new SimpleGrantedAuthority(SpringSecurityUtils.NO_ROLE)]


    @Transactional
    @Override
    UserDetails loadUserByUsername(String username, boolean loadRoles) throws UsernameNotFoundException, DataAccessException {
        return loadUserByUsername(username)
    }


    @Transactional
    @Override
    UserDetails loadUserByUsername(String s) throws UsernameNotFoundException, DataAccessException {

        User user = User.findByUsername(s)
        if (!user) {
            throw new UsernameNotFoundException('User not found', s)
        }
        user.refresh() // KIH-1818: Unable to figure out why session is reused and fix it...

        def permissions = 'i have some code hier'

        def authorities = []
        permissions.each {
            authorities << new SimpleGrantedAuthority(it)
        }

        return new kvGrailsUserDetails(user.username, user.password, user.enabled,
                !user.accountExpired, !user.passwordExpired,
                !user.accountLocked, authorities ?: NO_ROLES, user.id)
    }
}

而 hier 是我在 init 中的 Application.groovy:

import grails.boot.GrailsApp
import grails.boot.config.GrailsAutoConfiguration

class Application extends GrailsAutoConfiguration {
    static void main(String[] args) {
        GrailsApp.run(Application, args)
    }
    @Override
    boolean limitScanningToApplication() {
        return false
    }
}

我也尝试将我的 spring-security-core 版本更改为 3.0.0 和 3.1.1 但它没有用。

这是我的豆子:

beans = {
    localeResolver(SessionLocaleResolver) {
        if (grailsApplication.config.containsKey('languageTag')) {
            grailsApplication.config.defaultLocale = Locale.forLanguageTag(grailsApplication.config.languageTag)
        }

        defaultLocale = grailsApplication.config.defaultLocale
        Locale.setDefault(grailsApplication.config.defaultLocale)

        customPropertyEditorRegistrar(CustomPropertyEditorRegistrar)
        auditLogLookupBean(kvleAuditLogLookup)
        userDetailsService(UserDetailsService)
    }
    caseInsensitivePasswordAuthenticationProvider(CaseInsensitivePasswordAuthenticationProvider) {
        userDetailsService = ref('userDetailsService')
        passwordEncoder = ref('passwordEncoder')
        userCache = ref('userCache')
        saltSource = ref('saltSource')
        preAuthenticationChecks = ref('preAuthenticationChecks')
        postAuthenticationChecks = ref('postAuthenticationChecks')
        hideUserNotFoundExceptions = SpringSecurityUtils.securityConfig.dao.hideUserNotFoundExceptions
    }

    kvSecurityBadCredentialsEventListener(kvSecurityBadCredentialsEventListener)
    kvSecurityGoodAttemptEventListener(kvSecurityGoodAttemptEventListener)
    kvSecurityBasicAuthenticationFilter(kvSecurityBasicAuthenticationFilter) {
        realmName = 'Authentication'
    }

    basicAuthenticationFilter(BasicAuthenticationFilter, ref('authenticationManager'), ref('basicAuthenticationEntryPoint')) {
        authenticationDetailsSource = ref('authenticationDetailsSource')
       // authenticationManager = ref('authenticationManager')
       // authenticationEntryPoint = ref('basicAuthenticationEntryPoint')
        rememberMeServices = ref('rememberMeServices')
        credentialsCharset = SpringSecurityUtils.securityConfig.basic.credentialsCharset // 'UTF-8'
    }

    if (grailsApplication.config.milou.run) {
        milouHttpClient(HTTPClient) {
            connectTimeout = 5000
            readTimeout = 10000
            useCaches = false
            followRedirects = false
            sslTrustAllCerts = true
        }

        milouSoapClient(SOAPClient) {
            serviceURL = grailsApplication.config.milou.serverURL
            httpClient = ref('milouHttpClient')
        }
    }
    sessionRegistry(SessionRegistryImpl)


    sessionAuthenticationStrategy(ConcurrentSessionControlAuthenticationStrategy,ref('sessionRegistry')) {
        maximumSessions = -1
    }

    if(Environment.current.name == 'development'
            && grailsApplication.config.dataSource.dialect == org.kv.server.core.util.H2Dialect.getName()
            && !BootStrapUtil.isH2DatabaseServerRunning("jdbc:h2:tcp://localhost:***/kvDb", "sa", "")
    ){
        h2Server(org.h2.tools.Server, "-tcp,-tcpPort,8043") { bean ->
            bean.factoryMethod = "createTcpServer"
            bean.initMethod = "start"
            bean.destroyMethod = "stop"
        }
    }
}

这些是我在 application.groovy 中的配置:

         grails.plugin.springsecurity.filterChain.chainMap = [
                 [pattern: '/**',            filters: 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter']]
         grails.plugin.springsecurity.providerNames = [
                 'caseInsensitivePasswordAuthenticationProvider',
                 'anonymousAuthenticationProvider',
                 'rememberMeAuthenticationProvider'
         ]

在 application.yml 中:

grails:
    plugin:
        springsecurity:
            useBasicAuth: true
            useSecurityEventListener: true
            basic:
                realmName: 'KV Server'
            SecurityConfigType: 'Annotation'
            userLookup.userDomainClassName: 'org.kv.server.model.User'
            userLookup.authorityJoinClassName: 'org.kv.server.model.UserRole'
            authority.className: 'org.kv.server.model.Role'
            password:
                algorithm: 'SHA-256'
                hash.iterations: 1
            controllerAnnotations:
                staticRules:
                - pattern: '/**'
                  access: ['permitAll']
                - pattern: '/dbconsole/**'
                  access: [org.kv.server.core.model.types.PermissionName.WEB_LOGIN]

如有任何帮助,我将不胜感激。 谢谢

groovy spring-security grails-3.0
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.