我在 spring-boot 1.3.0.RC1、spring-session 和 redis 上遇到了类似的问题。
spring-boot 1.3.0.RC1:从会话中获取 oauth2 用户信息的 ClassCastException 在 Redis 中持续存在
如果您将过滤器顺序更改为
'requestContextFilter' < 'OAuth2ClientContextFilter' < 'springSessionRepositoryFilter'
@Bean
@ConditionalOnMissingBean(RequestContextFilter.class)
public RequestContextFilter requestContextFilter() {
return new RequestContextFilter();
}
@Bean
public FilterRegistrationBean requestContextFilterChainRegistration(
@Qualifier("requestContextFilter") Filter securityFilter) {
FilterRegistrationBean registration = new FilterRegistrationBean(securityFilter);
registration.setName("requestContextFilter");
// note : must previous order of oAuth2ClientContextFilter
registration.setOrder(SessionRepositoryFilter.DEFAULT_ORDER + 1);
return registration;
}
@Bean
public FilterRegistrationBean sessionRepositoryFilterRegistration(
SessionRepositoryFilter sessionRepositoryFilter) {
FilterRegistrationBean registration = new FilterRegistrationBean(sessionRepositoryFilter);
registration.setName("springSessionRepositoryFilter");
// note : must following order of oAuth2ClientContextFilter
registration.setOrder(Integer.MAX_VALUE - 1);
return registration;
}
您也可能需要删除依赖项org.springframework.boot:spring-boot-devtools
与https://github.com/spring-projects/spring-boot/issues/3805相关
后记:对于spring-boot 1.3.3.RELEASE
spring-session、redis、spring-security-oauth2 在过滤器顺序下工作。
# logs on bootRun task
Mapping filter: 'characterEncodingFilter' to: [/*]
Mapping filter: 'springSessionRepositoryFilter' to: [/*]
Mapping filter: 'requestContextFilter' to: [/*]
Mapping filter: 'OAuth2ClientContextFilter' to: [/*]
Mapping filter: 'springSecurityFilterChain' to: [/*]
Mapping servlet: 'dispatcherServlet' to [/]
当前所需的设置如下。
@Bean
@ConditionalOnMissingBean(RequestContextFilter.class)
public RequestContextFilter requestContextFilter() {
return new RequestContextFilter();
}
@Bean
public FilterRegistrationBean requestContextFilterChainRegistration(
@Qualifier("requestContextFilter") Filter securityFilter) {
FilterRegistrationBean registration =
new FilterRegistrationBean(securityFilter);
registration.setName("requestContextFilter");
// note : must to be following order of springSessionRepositoryFilter
registration.setOrder(SessionRepositoryFilter.DEFAULT_ORDER + 1);
return registration;
}