我正在编写一个使用 Spring Security 插件的 grails 应用程序。我为 spring security 插件打开了以下属性
grails.plugins.springsecurity.useSessionFixationPrevention = true grails.plugins.springsecurity.SessionFixationPrevention.migrate = true grails.plugins.springsecurity.SessionFixationPrevention.alwaysCreateSession = true
我的 AuthenticationProvider 中有以下代码
def session = RequestContextHolder.currentRequestAttributes().getSession()
session.key = "一些价值"
现在,在身份验证之后,我的 RememberMeService 类的 loginSuccess 方法中的代码被调用,当我尝试获取放置的会话中的值时,出现此错误
j
ava.lang.IllegalStateException:getAttribute:会话已经在 org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:110) 的 org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1014) 失效org.codehaus.groovy.grails.web.servlet.mvc.GrailsHttpSession.getAttribute(GrailsHttpSession.java:45) 在 sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 在 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) 在 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 在 java.lang.reflect.Method.invoke(Method.java:597) 在 org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSiteNoUnwrapNoCoerce.invoke( PojoMetaMethodSite.java:229) 在 org.codehaus.groovy.runtime。callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:52) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:40) at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite. java:54) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:124) at org.codehaus.groovy.grails.plugins.web.ServletsGrailsPlugin$_closure1_closure2.doCall(ServletsGrailsPlugin.groovy:44)在 sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 在 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 在 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 在 java.lang.reflect.Method .invoke(Method.java:597) 在 org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:88) 在 org.codehaus.groovy.runtime.InvokerHelper.getProperty 的 groovy.lang.ExpandoMetaClass.getProperty(ExpandoMetaClass.java:1109) 的 org.codehaus.groovy.runtime.metaclass.ClosureMetaMethod.invoke(ClosureMetaMethod.java:80) (InvokerHelper.java:161) 在 org.codehaus.groovy.runtime.callsite.PojoMetaClassGetPropertySite.getProperty(PojoMetaClassGetPropertySite.java:33) 在 org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGetProperty(AbstractCallSite.java:235) 在com.teslagovernment.security.TabulaeRememberMeServices.loginSuccess(TabulaeRememberMeServices.groovy:59) 在 org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:294) 在 org.springframework.security.web.authentication。AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218) at org.codehaus.groovy.grails.plugins.springsecurity.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:40) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy. java:378) at org.codehaus.groovy.grails.plugins.springsecurity.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:79) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378) at org .springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:167) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy. java:167) 在 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 在 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 在 org.codehaus.groovy.grails .web.servlet.filter.GrailsReloadServletFilter.doFilterInternal(GrailsReloadServletFilter.java:104) 在 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) 在 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain .java:235) 在 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 在 org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:69) 在 org.springframework.web.filter。 OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org .codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:65) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain .internalDoFilter(ApplicationFilterChain.java:235) 在 org。apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter. java:76) 在 org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) 在 org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) 在 org.apache.catalina.core .ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 在 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 在 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) 在org.apache.catalina.core。StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org .apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 在 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) 在 org.apache.coyote.http11.Http11Processor.process(Http11Processor .java:849) 在 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) 在 org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org .apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) 在 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) 在 org.apache.tomcat.util.net.JIoEndpoint $Worker.run(JioEndpoint.java:454)ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org .apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) 在 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) 在 org.apache.tomcat.util.net.JIoEndpoint $Worker.run(JioEndpoint.java:454)org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) 上的 Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) 上的 Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
我的问题是为什么会发生这种情况,如何在我的 AuthenticationProvider 中设置可以在我的 RememberMeService 中访问的数据?
谢谢