Fatal编程技术网
  • java/
  • Java 当使用多个域调用Securityutils.getsubject().hasRole(“any”)时,对于不存在的角色,会引发异常

Java 当使用多个域调用Securityutils.getsubject().hasRole(“any”)时,对于不存在的角色,会引发异常

java

Java 当使用多个域调用Securityutils.getsubject().hasRole(“any”)时,对于不存在的角色,会引发异常,java,shiro,Java,Shiro,我在ApacheShiro中创建了两个用于身份验证的域,但是当我尝试调用hasRoleany时,它抛出以下异常(如果角色存在),它返回true: java.lang.ClassCastException: org.apache.shiro.subject.SimplePrincipalCollection cannot be cast to java.lang.String at com.ws.shiro.RedisStringSerializer.serialize(RedisStri

我在ApacheShiro中创建了两个用于身份验证的域,但是当我尝试调用hasRoleany时,它抛出以下异常(如果角色存在),它返回true:

java.lang.ClassCastException: org.apache.shiro.subject.SimplePrincipalCollection cannot be cast to java.lang.String
    at com.ws.shiro.RedisStringSerializer.serialize(RedisStringSerializer.java:13) ~[shiro-redis-3.0.2.jar:?]
    at org.crazycake.shiro.RedisCache.get(RedisCache.java:79) ~[shiro-redis-3.2.2.jar:?]
    at org.apache.shiro.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:328) ~[shiro-core-1.3.2.jar:1.3.2]
    at org.apache.shiro.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:573) ~[shiro-core-1.3.2.jar:1.3.2]
    at org.apache.shiro.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:374) ~[shiro-core-1.3.2.jar:1.3.2]
    at org.apache.shiro.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:153) ~[shiro-core-1.3.2.jar:1.3.2]
    at org.apache.shiro.subject.support.DelegatingSubject.hasRole(DelegatingSubject.java:224) ~[shiro-core-1.3.2.jar:1.3.2]
    at com.ws.user.login.LoginResource.login(LoginResource.java:65) ~[main/:?]
SHIRO.INI是:

# =======================
# Shiro INI configuration
# =======================


## Using Sha256 cryptography
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName=SHA-256
credentialsMatcher.hashIterations = 1024
credentialsMatcher.storedCredentialsHexEncoded = false
dbRealm = com.ws.user.realm.DataBaseRealm
dbRealm.credentialsMatcher = $credentialsMatcher

credentialsMatcherToken = com.ws.user.realm.CustomCredentialMatcherToken
credentialsMatcherToken.hashAlgorithmName=SHA-256
credentialsMatcherToken.hashIterations = 1024
credentialsMatcherToken.storedCredentialsHexEncoded = false

tokenRealm = com.ws.user.realm.DataBaseBearerRealm
tokenRealm.credentialsMatcher = $credentialsMatcherToken

securityManager.realms = $dbRealm, $tokenRealm

#redisManager
redisManager = com.ws.shiro.RedisManager
redisManager.host = <THERE IS A HOST HERE>
redisManager.port = 6379
redisManager.expire = 1000
redisManager.timeout = 0

#============redisSessionDAO=============
redisSessionDAO = com.ws.shiro.RedisSessionDAO
redisSessionDAO.redisManager = $redisManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionDAO = $redisSessionDAO
securityManager.sessionManager = $sessionManager

#============redisCacheManager===========
cacheManager = com.ws.shiro.RedisCacheManager
cacheManager.redisManager = $redisManager
securityManager.cacheManager = $cacheManager
这似乎是某种配置,因为在调试时,它只针对我试图验证的实际令牌,但在ModulerRealAuthorizer类中,方法hasRole,它被调用了两次,每个域调用一次,第一个域是ok的,然后在第二个域中,它抛出异常

问题解决了!我忘记在我的一个自定义域中重写getAuthorizationCacheKey方法