开发者社区> 问答> 正文

Spring+Shiro做权限配置时用注解配置的问题 : 配置报错 

Spring 零配置

@Configuration public class SecurityConfig { //此处省略部分代码,与xml配置相同,下面贴出出问题的主要代码 @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); }

@Bean @DependsOn(value = "lifecycleBeanPostProcessor") public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator(); creator.setProxyTargetClass(true); // it's false by default return creator; } @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager()); return authorizationAttributeSourceAdvisor; } }

主要是用了

authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager());
在shiro认证用户时就会报错
public class AuthenticationRealm extends AuthorizingRealm {

    private static final Logger logger = Logger.getLogger(AuthenticationRealm.class);

    @Inject
    private CaptchaService captchaService;

    @Inject
    private UserService userService;

    @Inject
    private PermissionService permissionService;

    /**
     * 获取认证信息
     *
     * @param token 令牌
     * @return 认证信息
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
        UsernamePasswordCaptchaToken usernamePasswordCaptchaToken = (UsernamePasswordCaptchaToken) token;
        // 获取登录信息
        String username = usernamePasswordCaptchaToken.getUsername();
        String password = new String(usernamePasswordCaptchaToken.getPassword());
        String captcha = usernamePasswordCaptchaToken.getCaptcha();
        String ip = usernamePasswordCaptchaToken.getHost();
        HttpSession session = usernamePasswordCaptchaToken.getSession();

        User user = userService.getUser(username);

        // 启用管理员登录验证码时,验证验证码
        if (!captchaService.verify(CaptchaType.adminLogin, captcha, session)) {
            // 异常:无效令牌
            throw new UnsupportedTokenException();
        }

        if (user != null /*&& doCaptchaValidate(token)*/) {
            byte[] salt = EncodeUtils.decodeHex(user.getSalt());
            ShiroUser shiroUser = new ShiroUser(user.getId(), user.getLoginName(), user.getName());
            session.setAttribute("user", user);
            return new SimpleAuthenticationInfo(shiroUser, user.getPassword(), ByteSource.Util.bytes(salt), getName());
        } else {
            // 异常:账户不存在
            throw new UnknownAccountException();
        }
    }
}

上面代码在 User user = userService.getUser(username);

会报错,提示:Could not obtain transaction-synchronized Session for current thread

展开
收起
kun坤 2020-06-03 16:13:42 556 0
1 条回答
写回答
取消 提交回答
  • ######搞了半天还是没大神来。。。。还好自己解决了 ######报什么错也没给出来,表示很茫然啊

    ######回复 @土豆不会飞 : 您是怎么解决的呢?我也遇见这个问题了。######就是报Could not obtain transaction-synchronized Session for current thread;估计有可能是多次代理造成的######配置了DefaultAdvisorAutoProxyCreator,结果在鉴权的时候会调用鉴权方法两次

    2020-06-05 13:24:39
    赞同 展开评论 打赏
问答排行榜
最热
最新

相关电子书

更多
云栖社区特邀专家徐雷Java Spring Boot开发实战系列课程(第20讲):经典面试题与阿里等名企内部招聘求职面试技巧 立即下载
微服务架构模式与原理Spring Cloud开发实战 立即下载
阿里特邀专家徐雷Java Spring Boot开发实战系列课程(第18讲):制作Java Docker镜像与推送到DockerHub和阿里云Docker仓库 立即下载

相关实验场景

更多