1

使用带有异步支持的 Spring 3.2。安全上下文一旦在匿名Callable方法中丢失

@RequestMapping(value = "/home", method = RequestMethod.GET)
public Callable<String> home(final Model model) {
    return new Callable<String>() {
        @Override
        public String call() throws Exception {
            model.addAttribute("homeService", homeService.findId(1));
            return "home";
        }
    };
}

这是应用于 bean 内部的安全装饰器servlet-context.xml

<beans:bean id="homeService" class="example.service.HomeServiceImpl" scope="request">
    <security:intercept-methods>
        <security:protect access="ROLE_USER" method="find*"/>
    </security:intercept-methods>
</beans:bean>

这是错误,因为安全上下文不存在: org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext

4

1 回答 1

0

升级到Spring Security 3.2.0 RC1是解决方案。

本文提到 Spring Security 3.2 与 Servlet 3 Async Support 兼容。

将 SecurityContext 关联到 Callable
更从技术上讲,Spring Security 与 WebAsyncManager 集成。用于处理 Callable 的 SecurityContext 是在调用 startCallableProcessing 时存在于 SecurityContextHolder 上的 SecurityContext。

Maven依赖:

<dependencies>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.2.0.RC1</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.2.0.RC1</version>
    </dependency>
</dependencies>

<repositories>
    <repository>
        <id>spring-milestones</id>
        <name>Spring Milestones</name>
        <url>http://repo.spring.io/milestone</url>
        <snapshots>
            <enabled>false</enabled>
        </snapshots>
    </repository>
</repositories>
<repositories>
    <repository>
        <id>spring-milestones</id>
        <name>Spring Milestones</name>
        <url>http://repo.spring.io/milestone</url>
        <snapshots>
            <enabled>false</enabled>
        </snapshots>
    </repository>
</repositories>
于 2013-10-01T02:56:17.263 回答