Java Spring security跳过保存SecurityContext，因为提交响应时保存已禁用_Java_Spring_Spring Mvc_Tomcat

Java Spring security跳过保存SecurityContext，因为提交响应时保存已禁用

java spring spring-mvc tomcat

Java Spring security跳过保存SecurityContext，因为提交响应时保存已禁用,java,spring,spring-mvc,tomcat,Java,Spring,Spring Mvc,Tomcat,我在Jersey有异步Web服务，带有Spring安全性，所有服务都运行在Tomcat容器中我有这个问题，当我启动Tomcat all works时，我可以调用我的API并得到响应。问题是当我没有调用任何东西时（例如1小时），在我尝试调用一个API后，我出现以下错误： (SaveContextOnUpdateOrErrorResponseWrapper.java:148) - Skip saving SecurityContext since saving on response commit

我在Jersey有异步Web服务，带有Spring安全性，所有服务都运行在Tomcat容器中

我有这个问题，当我启动Tomcat all works时，我可以调用我的API并得到响应。问题是当我没有调用任何东西时（例如1小时），在我尝试调用一个API后，我出现以下错误：

(SaveContextOnUpdateOrErrorResponseWrapper.java:148) - Skip saving SecurityContext since saving on response commited is disabled

为什么?？Tomcat配置有问题吗？还是Spring配置问题

我的Tomcat配置是：

<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

    <Connector SSLEnabled="true" 
    clientAuth="true" keystoreFile="/home/antonio/Documenti/keystore/server.jks" 
    keystorePass="secret" maxThreads="200" port="8443" 
    protocol="HTTP/1.1" scheme="https" secure="true" 
    sslProtocol="TLS" 
    truststoreFile="/home/antonio/Documenti/keystore/servertruststore.jks" 
    truststorePass="secret"/>

 <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
  http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- To allow public access by default and to set authentication mode to 
        basic login/password -->
    <security:global-method-security secured-annotations="enabled"/>


    <security:http auto-config="true" >
        <security:http-basic/>
        <security:intercept-url pattern="/**" access="ROLE_DUMMY" requires-channel="https"/>
    </security:http>

    <!-- To delegate authorization to method calls rather than to urls -->
    <!-- (Thus, we don't need to set any url-interceptor in this conf) 

    <security:global-method-security
        pre-post-annotations="enabled" />-->

    <!-- To create user/password with roles -->
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider>
            <security:user-service>
                <security:user authorities="ROLE_DUMMY" name="user"
                    password="pass" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

API示例：

@Path("/getA")
@POST
@ManagedAsync
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public void lists(RequestData  dataRequest,@Suspended final AsyncResponse response) throws JSONException {


    service = (ServicesSt) ctx.getAttribute(services);

    jdbcStudent =  (PersonJDBCTemplate) ctx.getAttribute(dbStudent);


    response.setTimeout(15, TimeUnit.SECONDS);

    ListenableFuture<Result<Exam>> listsEx = service
            .getTestsInterfaceAsync(dataRequest.getToken(),jdbcStudent);

    Futures.addCallback(listsEx, new FutureCallback<Result<Exam>>() {


        public void onSuccess(Result<Exam> tests) {
            response.resume(tests);
        }

@Path（“/getA”）
@职位
@ManagedAsync
@使用（MediaType.APPLICATION_JSON）
@产生（MediaType.APPLICATION_JSON）
公共无效列表（RequestData dataRequest，@Suspended final AsyncResponse响应）抛出JSONException{
服务=（ServicesSt）ctx.getAttribute（服务）；
jdbcStudent=（PersonJDBCTemplate）ctx.getAttribute（dbStudent）；
响应。设置超时（15，时间单位。秒）；
ListenableFuture listsEx=服务
.getTestsInterfaceAsync（dataRequest.getToken（），jdbcStudent）；
Futures.addCallback（listsEx，new FutureCallback（）{
成功时的公共无效（结果测试）{
回复。恢复（测试）；
}

我的安全配置是：

<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

    <Connector SSLEnabled="true" 
    clientAuth="true" keystoreFile="/home/antonio/Documenti/keystore/server.jks" 
    keystorePass="secret" maxThreads="200" port="8443" 
    protocol="HTTP/1.1" scheme="https" secure="true" 
    sslProtocol="TLS" 
    truststoreFile="/home/antonio/Documenti/keystore/servertruststore.jks" 
    truststorePass="secret"/>

 <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
  http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- To allow public access by default and to set authentication mode to 
        basic login/password -->
    <security:global-method-security secured-annotations="enabled"/>


    <security:http auto-config="true" >
        <security:http-basic/>
        <security:intercept-url pattern="/**" access="ROLE_DUMMY" requires-channel="https"/>
    </security:http>

    <!-- To delegate authorization to method calls rather than to urls -->
    <!-- (Thus, we don't need to set any url-interceptor in this conf) 

    <security:global-method-security
        pre-post-annotations="enabled" />-->

    <!-- To create user/password with roles -->
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider>
            <security:user-service>
                <security:user authorities="ROLE_DUMMY" name="user"
                    password="pass" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>