Spring 安全 3.1 身份验证 ProviderManager 抛出 NotSerializableException
Spring Security 3.1 Authentication ProviderManager throwing NotSerializableException
我正在构建一个带有 Spring Security 3.1 的 JSF2 网络应用程序来处理安全问题。
每次重新启动 tomcat 时,我都会收到 Spring 安全性的 ProviderManager 抛出的 NotSerializableException,但 Web 应用程序运行良好。恐怕在部署到生产环境时可能会导致一些问题。
有谁知道如何使 ProviderManager 可序列化
这是例外情况:
SEVERE: IOException while loading persisted sessions: java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.springframework.security.authentication.ProviderManager
java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.springframework.security.authentication.ProviderManager
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1355)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1993)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1918)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1801)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:371)
at org.apache.catalina.session.StandardSession.readObject(StandardSession.java:1619)
at org.apache.catalina.session.StandardSession.readObjectData(StandardSession.java:1084)
at org.apache.catalina.session.StandardManager.doLoad(StandardManager.java:282)
at org.apache.catalina.session.StandardManager.load(StandardManager.java:202)
at org.apache.catalina.session.StandardManager.startInternal(StandardManager.java:489)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5537)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardContext.reload(StandardContext.java:4033)
at org.apache.catalina.loader.WebappLoader.backgroundProcess(WebappLoader.java:425)
at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1345)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1546)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1556)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1556)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1524)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.NotSerializableException: org.springframework.security.authentication.ProviderManager
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)
at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1695)
at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:1101)
at org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:430)
at org.apache.catalina.session.StandardManager.unload(StandardManager.java:351)
at org.apache.catalina.session.StandardManager.stopInternal(StandardManager.java:516)
at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232)
at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5719)
at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232)
at org.apache.catalina.core.StandardContext.reload(StandardContext.java:4026)
... 7 more
在您的 LoginBean 中,只需将 @SessionScoped 替换为 @RequestScoped,因为在会话变量中登录时无需保存输入的用户信息,您可以使用 Spring 这样的安全功能
org.springframework.security.core.userdetails.User user = (org.springframework.security.core.userdetails.User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String name = user.getUsername();
我正在构建一个带有 Spring Security 3.1 的 JSF2 网络应用程序来处理安全问题。 每次重新启动 tomcat 时,我都会收到 Spring 安全性的 ProviderManager 抛出的 NotSerializableException,但 Web 应用程序运行良好。恐怕在部署到生产环境时可能会导致一些问题。 有谁知道如何使 ProviderManager 可序列化 这是例外情况:
SEVERE: IOException while loading persisted sessions: java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.springframework.security.authentication.ProviderManager
java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.springframework.security.authentication.ProviderManager
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1355)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1993)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1918)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1801)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:371)
at org.apache.catalina.session.StandardSession.readObject(StandardSession.java:1619)
at org.apache.catalina.session.StandardSession.readObjectData(StandardSession.java:1084)
at org.apache.catalina.session.StandardManager.doLoad(StandardManager.java:282)
at org.apache.catalina.session.StandardManager.load(StandardManager.java:202)
at org.apache.catalina.session.StandardManager.startInternal(StandardManager.java:489)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5537)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardContext.reload(StandardContext.java:4033)
at org.apache.catalina.loader.WebappLoader.backgroundProcess(WebappLoader.java:425)
at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1345)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1546)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1556)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1556)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1524)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.NotSerializableException: org.springframework.security.authentication.ProviderManager
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)
at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1695)
at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:1101)
at org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:430)
at org.apache.catalina.session.StandardManager.unload(StandardManager.java:351)
at org.apache.catalina.session.StandardManager.stopInternal(StandardManager.java:516)
at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232)
at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5719)
at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232)
at org.apache.catalina.core.StandardContext.reload(StandardContext.java:4026)
... 7 more
在您的 LoginBean 中,只需将 @SessionScoped 替换为 @RequestScoped,因为在会话变量中登录时无需保存输入的用户信息,您可以使用 Spring 这样的安全功能
org.springframework.security.core.userdetails.User user = (org.springframework.security.core.userdetails.User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String name = user.getUsername();