Spring忽略了ApacheShiro领域类中的@Transactional注释
我正在使用Spring进行IOC和事务管理,并计划使用ApacheShiro作为安全库 每当我想检查一个用户的权限时,我都会调用Spring忽略了ApacheShiro领域类中的@Transactional注释,spring,hibernate,shiro,Spring,Hibernate,Shiro,我正在使用Spring进行IOC和事务管理,并计划使用ApacheShiro作为安全库 每当我想检查一个用户的权限时,我都会调用subject.isPermitted(“right”),然后Shiro使用数据存储检查权限。在这些调用中,建立了数据库连接,我用@Transactional注释了该方法。但是,每当执行权限检查时,我总是收到一个错误,即没有绑定到线程的Hibernate会话 该方法位于领域类中。我定义了一个自定义Shiro领域类: @Component public class Mai
subject.isPermitted(“right”)@Transactional@Component
public class MainRealm extends AuthorizingRealm {
@Autowired
protected SysUserDao userDao;
@Transactional
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
...
final SysUser user = this.userDao.findByUsername(un);
...
return authInfo;
}
@Transactional
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
...
permissions = this.userDao.getAccessRights(un);
...
return authInfo;
}
}
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
MainRealm编辑2根据:“换句话说,如果我编写自己的BeanPostProcessor,并且该类直接引用上下文中的其他Bean,那么这些被引用的Bean将不符合自动代理的条件,并且会记录一条这样的消息。”我刚刚检查了ShiroFilterFactoryBean,它实际上是一个BeanPostProcessor。问题是它需要一个
SecurityManagerMainRealm@Transactional- 接口定义
- 接口方法
- 类定义
- 类的公共方法
您的方法受保护这一事实肯定是您出现问题的原因,并且您的服务方法可能被声明为
公共@Bean
@Autowired
public DefaultWebSecurityManager securityManager(MainRealm mainRealm) {
final HashedCredentialsMatcher hcm = new HashedCredentialsMatcher(shiroHash);
hcm.setHashIterations(shiroIter);
hcm.setStoredCredentialsHexEncoded(shiroHexEncoded);
mainRealm.setCredentialsMatcher(hcm);
final DefaultWebSecurityManager sm = new DefaultWebSecurityManager();
sm.setRealm(mainRealm);
return sm;
}
@Bean
public DefaultWebSecurityManager securityManager() {
final DefaultWebSecurityManager sm = new DefaultWebSecurityManager();
//sm.setRealm(mainRealm); -> set this AFTER Spring initialization so no dependencies
return sm;
}
@Bean
@Autowired
public DefaultWebSecurityManager securityManager(MainRealm mainRealm) {
final HashedCredentialsMatcher hcm = new HashedCredentialsMatcher(shiroHash);
hcm.setHashIterations(shiroIter);
hcm.setStoredCredentialsHexEncoded(shiroHexEncoded);
mainRealm.setCredentialsMatcher(hcm);
final DefaultWebSecurityManager sm = new DefaultWebSecurityManager();
sm.setRealm(mainRealm);
return sm;
}
@Bean
public DefaultWebSecurityManager securityManager() {
final DefaultWebSecurityManager sm = new DefaultWebSecurityManager();
//sm.setRealm(mainRealm); -> set this AFTER Spring initialization so no dependencies
return sm;
}
MainRealmSecurityManager@Override
public void contextInitialized(ServletContextEvent sce) {
try {
//Initialize realms
final MainRealm mainRealm = (MainRealm)ctx.getBean("mainRealm");
final DefaultWebSecurityManager sm = (DefaultWebSecurityManager)ctx.getBean("securityManager");
sm.setRealm(mainRealm);
} catch (Exception e) {
System.out.println("Error loading: " + e.getMessage());
throw new Error("Critical system error", e);
}
}
您可以尝试使用
@transactional@transactional(readOnly=true)将所有事务逻辑移动到某个UserService
MainRealm无hibernate会话绑定到线程的错误,并且它的@Transactional annotations似乎不再起作用。看起来我正在做一些事情在初始化Shiro对象时使用了g。谢谢你的提示。但是,我尝试了这个方法,但没有成功。我认为这可能与我用Spring错误配置Shiro对象有关。