Java Spring security跳过保存SecurityContext,因为提交响应时保存已禁用
我在Jersey有异步Web服务,带有Spring安全性,所有服务都运行在Tomcat容器中 我有这个问题,当我启动Tomcat all works时,我可以调用我的API并得到响应。问题是当我没有调用任何东西时(例如1小时),在我尝试调用一个API后,我出现以下错误:Java Spring security跳过保存SecurityContext,因为提交响应时保存已禁用,java,spring,spring-mvc,tomcat,Java,Spring,Spring Mvc,Tomcat,我在Jersey有异步Web服务,带有Spring安全性,所有服务都运行在Tomcat容器中 我有这个问题,当我启动Tomcat all works时,我可以调用我的API并得到响应。问题是当我没有调用任何东西时(例如1小时),在我尝试调用一个API后,我出现以下错误: (SaveContextOnUpdateOrErrorResponseWrapper.java:148) - Skip saving SecurityContext since saving on response commit
(SaveContextOnUpdateOrErrorResponseWrapper.java:148) - Skip saving SecurityContext since saving on response commited is disabled
为什么??Tomcat配置有问题吗?还是Spring配置问题
我的Tomcat配置是:
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector SSLEnabled="true"
clientAuth="true" keystoreFile="/home/antonio/Documenti/keystore/server.jks"
keystorePass="secret" maxThreads="200" port="8443"
protocol="HTTP/1.1" scheme="https" secure="true"
sslProtocol="TLS"
truststoreFile="/home/antonio/Documenti/keystore/servertruststore.jks"
truststorePass="secret"/>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- To allow public access by default and to set authentication mode to
basic login/password -->
<security:global-method-security secured-annotations="enabled"/>
<security:http auto-config="true" >
<security:http-basic/>
<security:intercept-url pattern="/**" access="ROLE_DUMMY" requires-channel="https"/>
</security:http>
<!-- To delegate authorization to method calls rather than to urls -->
<!-- (Thus, we don't need to set any url-interceptor in this conf)
<security:global-method-security
pre-post-annotations="enabled" />-->
<!-- To create user/password with roles -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user authorities="ROLE_DUMMY" name="user"
password="pass" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
API示例:
@Path("/getA")
@POST
@ManagedAsync
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public void lists(RequestData dataRequest,@Suspended final AsyncResponse response) throws JSONException {
service = (ServicesSt) ctx.getAttribute(services);
jdbcStudent = (PersonJDBCTemplate) ctx.getAttribute(dbStudent);
response.setTimeout(15, TimeUnit.SECONDS);
ListenableFuture<Result<Exam>> listsEx = service
.getTestsInterfaceAsync(dataRequest.getToken(),jdbcStudent);
Futures.addCallback(listsEx, new FutureCallback<Result<Exam>>() {
public void onSuccess(Result<Exam> tests) {
response.resume(tests);
}
@Path(“/getA”)
@职位
@ManagedAsync
@使用(MediaType.APPLICATION_JSON)
@产生(MediaType.APPLICATION_JSON)
公共无效列表(RequestData dataRequest,@Suspended final AsyncResponse响应)抛出JSONException{
服务=(ServicesSt)ctx.getAttribute(服务);
jdbcStudent=(PersonJDBCTemplate)ctx.getAttribute(dbStudent);
响应。设置超时(15,时间单位。秒);
ListenableFuture listsEx=服务
.getTestsInterfaceAsync(dataRequest.getToken(),jdbcStudent);
Futures.addCallback(listsEx,new FutureCallback(){
成功时的公共无效(结果测试){
回复。恢复(测试);
}
我的安全配置是:
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector SSLEnabled="true"
clientAuth="true" keystoreFile="/home/antonio/Documenti/keystore/server.jks"
keystorePass="secret" maxThreads="200" port="8443"
protocol="HTTP/1.1" scheme="https" secure="true"
sslProtocol="TLS"
truststoreFile="/home/antonio/Documenti/keystore/servertruststore.jks"
truststorePass="secret"/>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- To allow public access by default and to set authentication mode to
basic login/password -->
<security:global-method-security secured-annotations="enabled"/>
<security:http auto-config="true" >
<security:http-basic/>
<security:intercept-url pattern="/**" access="ROLE_DUMMY" requires-channel="https"/>
</security:http>
<!-- To delegate authorization to method calls rather than to urls -->
<!-- (Thus, we don't need to set any url-interceptor in this conf)
<security:global-method-security
pre-post-annotations="enabled" />-->
<!-- To create user/password with roles -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user authorities="ROLE_DUMMY" name="user"
password="pass" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>