混合 spring-security-gemfire 和 spring-security-oauth2 时无法保存会话

Trouble saving session when mixing spring-security-gemfire and spring-security-oauth2

背景:我有一个 Web 应用程序,它利用 AngularJS、spring-mvc 和 spring-rest 来提供 UI。我需要使用 Elastic LB 进行负载平衡,并且 而不是 使用粘性会话;请求是循环的。我使用 spring-session 和 gemfire 实现了会话复制,用于会话存储。这很好用。

我需要与 OAuth2 身份验证服务器(最终是多个 OAuth2 服务器)集成,纯粹用于身份验证和 userInfo 的传递。我试图在网络应用程序上使用 spring 云 oauth2 @EnableOAuth2Sso 并遇到了一些会话序列化问题。仅仅将 oauth2ClientContext 添加到会话中似乎会在会话保存期间导致 ClassCastException 问题。

我尝试提取以下示例,它们开箱即用,特别是 UI 和 Authserver。
https://github.com/spring-guides/tut-spring-security-and-angular-js

但是,当我将 spring 会话添加到组合中并尝试序列化到 gemfire 服务器时,我遇到了完全相同的问题。

这里是堆栈跟踪亮点:

java.lang.ClassCastException: cannot assign instance of org.springframework.beans.factory.support.StaticListableBeanFactory to field org.springframework.aop.scope.DefaultScopedObject.beanFactory of type org.springframework.beans.factory.config.ConfigurableBeanFactory in instance of org.springframework.aop.scope.DefaultScopedObject

下面是缩写的堆栈跟踪:

ERROR o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

org.springframework.dao.DataAccessResourceFailureException: remote server on machine(gemfire:21800:loner):57660:9d1f3438:gemfire: : While performing a remote put; nested exception is com.gemstone.gemfire.cache.client.ServerOperationException: remote server on machine(gemfire:21800:loner):57660:9d1f3438:gemfire: : While performing a remote put
    at org.springframework.data.gemfire.GemfireCacheUtils.convertGemfireAccessException(GemfireCacheUtils.java:238) ~[spring-data-gemfire-1.7.4.RELEASE.jar:1.7.4.RELEASE]
    at org.springframework.data.gemfire.GemfireAccessor.convertGemFireAccessException(GemfireAccessor.java:91) ~[spring-data-gemfire-1.7.4.RELEASE.jar:1.7.4.RELEASE]
    at org.springframework.data.gemfire.GemfireTemplate.put(GemfireTemplate.java:190) ~[spring-data-gemfire-1.7.4.RELEASE.jar:1.7.4.RELEASE]
    at org.springframework.session.data.gemfire.GemFireOperationsSessionRepository.save(GemFireOperationsSessionRepository.java:147) ~[spring-session-1.2.1.RELEASE.jar:na]
    at org.springframework.session.data.gemfire.GemFireOperationsSessionRepository.save(GemFireOperationsSessionRepository.java:35) ~[spring-session-1.2.1.RELEASE.jar:na]
    at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.commitSession(SessionRepositoryFilter.java:244) ~[spring-session-1.2.1.RELEASE.jar:na]
    at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.access0(SessionRepositoryFilter.java:214) ~[spring-session-1.2.1.RELEASE.jar:na]
    at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:167) ~[spring-session-1.2.1.RELEASE.jar:na]
    at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:80) ~[spring-session-1.2.1.RELEASE.jar:na]
    ... tomcat filter chain and spring filter stuff
Caused by: com.gemstone.gemfire.cache.client.ServerOperationException: remote server on machine(gemfire:21800:loner):57660:9d1f3438:gemfire: : While performing a remote put
    ... gemfire internal stuff
    at org.springframework.data.gemfire.GemfireTemplate.put(GemfireTemplate.java:187) ~[spring-data-gemfire-1.7.4.RELEASE.jar:1.7.4.RELEASE]
    ... 31 common frames omitted
Caused by: java.lang.ClassCastException: cannot assign instance of org.springframework.beans.factory.support.StaticListableBeanFactory to field org.springframework.aop.scope.DefaultScopedObject.beanFactory of type org.springframework.beans.factory.config.ConfigurableBeanFactory in instance of org.springframework.aop.scope.DefaultScopedObject
    at java.io.ObjectStreamClass$FieldReflector.setObjFieldValues(ObjectStreamClass.java:2133) ~[na:1.7.0_80]
    at java.io.ObjectStreamClass.setObjFieldValues(ObjectStreamClass.java:1305) ~[na:1.7.0_80]
    ... java.io stuff
    at org.springframework.aop.framework.AdvisedSupport.readObject(AdvisedSupport.java:557) ~[spring-aop-4.3.2.RELEASE.jar:4.3.2.RELEASE]
    at sun.reflect.GeneratedMethodAccessor224.invoke(Unknown Source) ~[na:na]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_80]
    at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.7.0_80]
    at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1058) ~[na:1.7.0_80]
    ... java.io stuff
    at com.gemstone.gemfire.internal.InternalDataSerializer.basicReadObject(InternalDataSerializer.java:2966) ~[gemfire-8.1.0.jar:na]
    at com.gemstone.gemfire.DataSerializer.readObject(DataSerializer.java:3210) ~[gemfire-8.1.0.jar:na]
    at org.springframework.session.data.gemfire.AbstractGemFireOperationsSessionRepository$GemFireSessionAttributes.readObject(AbstractGemFireOperationsSessionRepository.java:800) ~[spring-session-1.2.1.RELEASE.jar:na]
    at org.springframework.session.data.gemfire.AbstractGemFireOperationsSessionRepository$GemFireSessionAttributes.fromDelta(AbstractGemFireOperationsSessionRepository.java:834) ~[spring-session-1.2.1.RELEASE.jar:na]
    at org.springframework.session.data.gemfire.AbstractGemFireOperationsSessionRepository$GemFireSession.fromDelta(AbstractGemFireOperationsSessionRepository.java:589) ~[spring-session-1.2.1.RELEASE.jar:na]
    at com.gemstone.gemfire.internal.cache.EntryEventImpl.processDeltaBytes(EntryEventImpl.java:1345) ~[gemfire-8.1.0.jar:na]
    ... gemfire internal stuff
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.7.0_80]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.7.0_80]
    at com.gemstone.gemfire.internal.cache.tier.sockets.AcceptorImpl.run(AcceptorImpl.java:577) ~[gemfire-8.1.0.jar:na]
    ... 1 common frames omitted

我发现了以下内容,https://jira.spring.io/browse/SPR-14117,这鼓励我将一些 jar 更新到最新版本,希望 spring 启动版本只是落后,但它似乎并没有帮助。

版本信息:

spring-cloud-starter-parent: Brixton.SR4 spring-cloud-security: 1.1.2.RELEASE spring-core: 4.3.2.RELEASE spring-security-oauth2: 2.0.10.RELEASE spring-session: 1.2.1.RELEASE

我考虑了几个选项:重新连接 OAuth2 框架以不再使用 ScopedProxyMode.INTERFACES(似乎令人生畏),使用 Redis 与 Gemfire,从头开始编写整个客户端(我以前做过...一点都不好玩)。

FWIW 我已经按照此处的建议添加了 RequestContextFilter:

有人指导吗?

我不知道这是否直接说明了您的问题,但我 had/have 遇到了类似的问题,我想我的版本与您完全相同。似乎有很多 Spring 个项目,它们都试图彼此保持同步,所以有时似乎存在兼容性问题。我发现 Rob Winch 在这里概述的步骤解决了我的问题 -https://github.com/spring-projects/spring-session/issues/395