如何使用Grails3在UserDetailsService中获取会话?
我有一个Grails2.5应用程序,我正试图使用SpringSecurityCore插件(3.2.0.M1)和使用Siteminder的preauth设置升级到3.3。在我的UserDetails服务中,我得到如下会话:如何使用Grails3在UserDetailsService中获取会话?,grails,spring-security,grails-3.0,Grails,Spring Security,Grails 3.0,我有一个Grails2.5应用程序,我正试图使用SpringSecurityCore插件(3.2.0.M1)和使用Siteminder的preauth设置升级到3.3。在我的UserDetails服务中,我得到如下会话: UserDetails loadUserByUsername(String userId, boolean loadRoles) throws UsernameNotFoundException, DataAccessException { org.grails.web
UserDetails loadUserByUsername(String userId, boolean loadRoles) throws UsernameNotFoundException, DataAccessException {
org.grails.web.util.WebUtils.retrieveGrailsWebRequest().getCurrentRequest().getSession()
我需要将多个标头传递到应用程序中,当在本地运行应用程序时,这会按预期工作,但在weblogic 12.2.1上运行war时,我会遇到以下错误:
No thread-bound request found: Are you referring to request attributes outside of an
actual web request, or processing a request outside of the originally receiving thread?
If you are actually operating within a web request and still receive this message, your code
is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use
RequestContextListener or RequestContextFilter to expose the current request.
我也尝试过:
((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
但在getRequest()上遇到了NPE。当使用SpringSEC核心插件2.0-RC6在Grails2.5中运行时,RequestContextHolder方法工作正常。有没有其他方法可以抓住标题?或者我从以前的Config.groovy文件中提取到application.groovy的某个属性可能导致了问题
resources.groovy:
beans = {
userDetailsService(com.myapp.security.MyUserDetailsService)
userDetailsServiceWrapper(org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper) {
userDetailsService = ref('userDetailsService')
}
preauthAuthProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider) {
preAuthenticatedUserDetailsService = ref('userDetailsServiceWrapper')
}
requestHeaderAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter){
principalRequestHeader='smauthid'
checkForPrincipalChanges = false
invalidateSessionOnPrincipalChange = false
continueFilterChainOnUnsuccessfulAuthentication = true
authenticationManager = ref('authenticationManager')
}
}
Bootstrap.groovy
SpringSecurityUtils.clientRegisterFilter('requestHeaderAuthenticationFilter', SecurityFilterPosition.PRE_AUTH_FILTER)
application.groovy
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/assets/**', filters: 'none'],
[pattern: '/**/js/**', filters: 'none'],
[pattern: '/**/css/**', filters: 'none'],
[pattern: '/**/images/**', filters: 'none'],
[pattern: '/**/favicon.ico', filters: 'none'],
[pattern: '/index/nouser', filters: 'none'],
[pattern: '/nouser', filters: 'none'],
[pattern: '/**', filters: 'JOINED_FILTERS']
]
grails.plugin.springsecurity.providerNames = ['preauthAuthProvider']
我不确定在UserDetails服务中获取会话是否有任何区别,但我通过以下方式获取会话:
session["task"]=object
您可以在此处阅读有关会话的详细信息:
编辑1
def show(Project project) {
respond project
def object = project //params of the Task "task"
session["task"]=object
}
application.yml中还有一个新的autoWired配置,这可能是最终无法工作的原因;仍然是相同的错误会话对象不能从服务自动访问,或者至少不在通过my Spring Bean连接的UserDetails服务中请检查我的更新。实际上,我在“show.gsp”页面上捕获了我的会话。这是我的代码,希望它能帮助您访问Grails
控制器中的会话实例,但会话不能自动用于服务。