我正在开发一个 JEE 8 应用程序,我想在其中使用 Google 身份验证机制(OAuth2)来简化新用户的注册过程。
这是我的项目设置:
Pac4J 的配置代码
private Config getConfig() {
Config config = new Config("/callback",
getDirectFormClient(),
getJwAuthClient(),
getGoogle2Client());
config.getClients().setUrlResolver(new JaxRsUrlResolver());
config.getClients().setAjaxRequestResolver(new JaxRsAjaxRequestResolver());
SessionStore<JaxRsContext> sessionStore = new ServletSessionStore() {
private HttpSession applicationSession;
public HttpSession getHttpSession(JaxRsContext context) {
if (applicationSession == null) {
assert context instanceof ServletJaxRsContext;
applicationSession = ((ServletJaxRsContext) context).getRequest().getSession();
}
return applicationSession;
}
};
config.setSessionStore(sessionStore);
return config;
}
通过谷歌登录可以运行几分钟,但随后出现以下异常:
Caused by: java.lang.IllegalStateException: UT000010: Session is invalid ZBZm3NBmhjxSoyrzJyjPD5jVXoqXccctmVILioYd
at [email protected]//io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:519)
at [email protected]//io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122)
at deployment.jakartaee-8-backend.war//org.pac4j.jax.rs.servlet.pac4j.ServletSessionStore.get(ServletSessionStore.java:32)
at deployment.jakartaee-8-backend.war//org.pac4j.jax.rs.servlet.pac4j.ServletSessionStore.get(ServletSessionStore.java:18)
at deployment.jakartaee-8-backend.war//org.pac4j.core.profile.ProfileManager.retrieveAll(ProfileManager.java:81)
at deployment.jakartaee-8-backend.war//org.pac4j.core.profile.ProfileManager.getAll(ProfileManager.java:59)
at deployment.jakartaee-8-backend.war//org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:102)
at deployment.jakartaee-8-backend.war//org.pac4j.jax.rs.filters.SecurityFilter.filter(SecurityFilter.java:55)
at deployment.jakartaee-8-backend.war//org.pac4j.jax.rs.filters.AbstractFilter.filter(AbstractFilter.java:42)
at [email protected]//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:308)
at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:398)
at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:365)
at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:338)
at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
... 59 more
有人遇到同样的问题吗? 我应该使用更新的 Wildfly 还是更新的 pac4j 库? 感谢您的任何提示:-)
你的 谢恩
在我看来,这像是 pac4j 的问题。 ServletSessionStore引用的HttpSession实例需要在会话过期时失效。