我使用 Spring Security 进行身份验证。我修改了@Page定义哪种类型的用户可以访问页面的注释。
在那之后,在我的验收测试中,我开始出现以下错误:
public void login(@Named("email") String email, @Named("password") String password) {
fillUpLoginForm(email, password);
waitForElement(MosquitoElements.MainNavigationBar.LOGOUT);
securityService.login(email, password); // authenticates user in test environment too
}
我发现这里有问题:
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(email, password);
getSecurityContext().setAuthentication(authenticationManager.authenticate(token));
什么会导致问题?
错误:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.securityContext': Scope 'session' is not active for the current thread; consider defining a scoped proxy for this bean if you intend to refer to it from a singleton; nested exception is java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
注释的变化:
前
boolean requiresAdminPrivileges() default false;
后
Authorities[] requiredAuthorities();
在应用程序中一切正常,只有测试有问题。