Spring+Shiro做权限配置时用注解配置的问题?报错
Spring 零配置
@Configuration public class SecurityConfig { //此处省略部分代码,与xml配置相同,下面贴出出问题的主要代码 @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); }
@Bean @DependsOn(value = "lifecycleBeanPostProcessor") public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator(); creator.setProxyTargetClass(true); // it's false by default return creator; } @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager()); return authorizationAttributeSourceAdvisor; } }
authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager());
在shiro认证用户时就会报错
public class AuthenticationRealm extends AuthorizingRealm {
private static final Logger logger = Logger.getLogger(AuthenticationRealm.class);
@Inject
private CaptchaService captchaService;
@Inject
private UserService userService;
@Inject
private PermissionService permissionService;
/**
* 获取认证信息
*
* @param token 令牌
* @return 认证信息
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
UsernamePasswordCaptchaToken usernamePasswordCaptchaToken = (UsernamePasswordCaptchaToken) token;
// 获取登录信息
String username = usernamePasswordCaptchaToken.getUsername();
String password = new String(usernamePasswordCaptchaToken.getPassword());
String captcha = usernamePasswordCaptchaToken.getCaptcha();
String ip = usernamePasswordCaptchaToken.getHost();
HttpSession session = usernamePasswordCaptchaToken.getSession();
User user = userService.getUser(username);
// 启用管理员登录验证码时,验证验证码
if (!captchaService.verify(CaptchaType.adminLogin, captcha, session)) {
// 异常:无效令牌
throw new UnsupportedTokenException();
}
if (user != null /*&& doCaptchaValidate(token)*/) {
byte[] salt = EncodeUtils.decodeHex(user.getSalt());
ShiroUser shiroUser = new ShiroUser(user.getId(), user.getLoginName(), user.getName());
session.setAttribute("user", user);
return new SimpleAuthenticationInfo(shiroUser, user.getPassword(), ByteSource.Util.bytes(salt), getName());
} else {
// 异常:账户不存在
throw new UnknownAccountException();
}
}
}
会报错,提示:Could not obtain transaction-synchronized Session for current thread
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
-
https://developer.aliyun.com/profile/5yerqm5bn5yqg?spm=a2c6h.12873639.0.0.6eae304abcjaIB
<imgsrc="http://www.oschina.net/js/ke/plugins/emoticons/images/7.gif"alt="">搞了半天还是没大神来。。。。还好自己解决了<imgsrc="http://www.oschina.net/js/ke/plugins/emoticons/images/13.gif"alt="">报什么错也没给出来,表示很茫然啊
回复<aclass='referer'target='_blank'>@土豆不会飞:您是怎么解决的呢?我也遇见这个问题了。就是报Couldnotobtaintransaction-synchronizedSessionforcurrentthread;估计有可能是多次代理造成的配置了DefaultAdvisorAutoProxyCreator,结果在鉴权的时候会调用鉴权方法两次
2020-06-12 11:16:17赞同 展开评论