RequestContextHolder.getRequestAttributes()null - Spring Security + Multi Tenant [关闭]

问题描述 投票:2回答:1

在实现spring security(基本表单身份验证)之后,我无法使用RequestContextHolder.getRequestAttributes()获取当前请求,之前工作正常。

问题是RequestContextHolder.getRequestAttributes()为空,我需要从登录请求中获取额外的参数(租户ID),以便选择正确的数据库。

这是我的代码:

安全

@EnableWebSecurity
public class Security extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyUserDetailsService myUserDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http

                .authorizeRequests()
                .antMatchers("/assets/**")
                    .permitAll()
                .anyRequest().authenticated()
                    .and()
                .formLogin()
                    .loginPage("/dashboard/login")
                    .defaultSuccessUrl("/dashboard/home")
                    .permitAll()
                    .and()
                .logout()
                    .permitAll();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authProvider
                = new DaoAuthenticationProvider();
        authProvider.setUserDetailsService(myUserDetailsService);
        authProvider.setPasswordEncoder(passwordEncoder());
        return authProvider;
    }


    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(11);
    }
}

CurrentTenantIdentifierResolverImpl

public class CurrentTenantIdentifierResolverImpl implements CurrentTenantIdentifierResolver {

    Logger log = LogManager.getLogger(CurrentTenantIdentifierResolverImpl.class);


    @Override
    public String resolveCurrentTenantIdentifier() {
        ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();

        HttpSession session = attr.getRequest().getSession(false); // true == allow create
        if (session != null) {
            String tenant = (String) session.getAttribute("tenant");
            log.trace("Tenant default resolved in session is: " + tenant);
            if (tenant != null) {
                return tenant;
            }
        }

        String request = attr.getRequest().getRequestURI();

        String tenant = attr.getRequest().getParameter("tenant");
        if (request.equals("/dashboard/login") && tenant != null) {
            return tenant;
        }

        //otherwise return default tenant
        log.trace("Tenant default not resolved in session");
        return null;

    }

    @Override
    public boolean validateExistingCurrentSessions() {
        return true;
    }
}
java hibernate spring-security java-8 multi-tenant
1个回答
3
投票

我不小心删掉了一个至关重要的课程。简单地添加它就解决了这个问题。

@Configuration
@WebListener
public class MyRequestContextListener extends RequestContextListener {

}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.