如何使用Grails3在UserDetailsService中获取会话？_Grails_Spring Security_Grails 3.0

如何使用Grails3在UserDetailsService中获取会话？

grails spring-security

如何使用Grails3在UserDetailsService中获取会话？,grails,spring-security,grails-3.0,Grails,Spring Security,Grails 3.0,我有一个Grails2.5应用程序，我正试图使用SpringSecurityCore插件（3.2.0.M1）和使用Siteminder的preauth设置升级到3.3。在我的UserDetails服务中，我得到如下会话： UserDetails loadUserByUsername(String userId, boolean loadRoles) throws UsernameNotFoundException, DataAccessException { org.grails.web

我有一个Grails2.5应用程序，我正试图使用SpringSecurityCore插件（3.2.0.M1）和使用Siteminder的preauth设置升级到3.3。在我的UserDetails服务中，我得到如下会话：

UserDetails loadUserByUsername(String userId, boolean loadRoles) throws UsernameNotFoundException, DataAccessException {
    org.grails.web.util.WebUtils.retrieveGrailsWebRequest().getCurrentRequest().getSession()

我需要将多个标头传递到应用程序中，当在本地运行应用程序时，这会按预期工作，但在weblogic 12.2.1上运行war时，我会遇到以下错误：

No thread-bound request found: Are you referring to request attributes outside of an 
actual web request, or processing a request outside of the originally receiving thread? 
If you are actually operating within a web request and still receive this message, your code
is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use 
RequestContextListener or RequestContextFilter to expose the current request.

我也尝试过：

((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();

但在getRequest（）上遇到了NPE。当使用SpringSEC核心插件2.0-RC6在Grails2.5中运行时，RequestContextHolder方法工作正常。有没有其他方法可以抓住标题？或者我从以前的Config.groovy文件中提取到application.groovy的某个属性可能导致了问题

resources.groovy：

beans = {

userDetailsService(com.myapp.security.MyUserDetailsService)

userDetailsServiceWrapper(org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper) {
        userDetailsService = ref('userDetailsService')
}

preauthAuthProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider) {
        preAuthenticatedUserDetailsService = ref('userDetailsServiceWrapper')
}

requestHeaderAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter){
    principalRequestHeader='smauthid'
    checkForPrincipalChanges = false
    invalidateSessionOnPrincipalChange = false
    continueFilterChainOnUnsuccessfulAuthentication = true
    authenticationManager = ref('authenticationManager')
}

}

Bootstrap.groovy

    SpringSecurityUtils.clientRegisterFilter('requestHeaderAuthenticationFilter', SecurityFilterPosition.PRE_AUTH_FILTER)

application.groovy

    grails.plugin.springsecurity.filterChain.chainMap = [
        [pattern: '/assets/**',      filters: 'none'],
        [pattern: '/**/js/**',       filters: 'none'],
        [pattern: '/**/css/**',      filters: 'none'],
        [pattern: '/**/images/**',   filters: 'none'],
        [pattern: '/**/favicon.ico', filters: 'none'],
        [pattern: '/index/nouser',   filters: 'none'],
        [pattern: '/nouser',         filters: 'none'],
        [pattern: '/**',             filters: 'JOINED_FILTERS']
    ]
    grails.plugin.springsecurity.providerNames = ['preauthAuthProvider']

我不确定在UserDetails服务中获取会话是否有任何区别，但我通过以下方式获取会话：

session["task"]=object

您可以在此处阅读有关会话的详细信息：

编辑1

def show(Project project) {
        respond project
        def object = project //params of the Task "task"
        session["task"]=object 
}

application.yml中还有一个新的autoWired配置，这可能是最终无法工作的原因；仍然是相同的错误会话对象不能从服务自动访问，或者至少不在通过my Spring Bean连接的UserDetails服务中请检查我的更新。实际上，我在“show.gsp”页面上捕获了我的会话。这是我的代码，希望它能帮助您访问Grails

控制器中的会话实例，但会话不能自动用于服务。