Sti*_*ens 5 security spring taglib spring-security nullpointerexception
我一直在努力解决这个问题.找到几篇关于它的帖子但没有解决我的问题.它可能与SecurityContext对特定线程有关的事实有关,但即便如此我也不知道如何解决它:
请考虑使用以下代码来检索已登录的用户:
SecurityContextHolder.getContext().getAuthentication().getPrincipal()
在控制器中运行此代码将返回(正确)登录的用户.从taglib或jsp运行此代码会抛出NPE(authentication = null).还有弹簧标签 不起作用(大概是出于同样的原因).
从web.xml中提取:
<filter>
<filter-name>AcegiFilter</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>AcegiFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
从spring安全配置文件中提取:
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<bean id="filterSecurityInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="alwaysReauthenticate" value="true" />
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/myaccount.htm=ROLE_CUSTOMER
</value>
</property>
</bean>
解决
问题是由过滤器序列引起的.在Spring安全过滤器之前调用了PageFilter(sitemesh),因此jsp中尚未提供安全上下文.更改web.xml中的过滤器顺序(安全过滤器优先)修复了该问题.
| 归档时间: |
|
| 查看次数: |
5088 次 |
| 最近记录: |