java - 在 AuthenticationSuccessHandler 中设置 session 范围的对象

Question

(编辑澄清)我有一个 POJO (SessionStorage) 来存储 session 特定数据，我想在成功验证后填充这些数据。由于我将 Scope 设置为“session”，我期望 MainController 和 AuthenticationSuccesshandler 使用相同的对象实例。

当我运行 WebApp 时，主 Controller 启动一个实例(如预期的那样)，但是当我登录时，AuthenticationSuccesshandler 似乎没有 Autowiring SessionStorage 对象，因为它抛出 NullPointerException。

如何让它做我想做的事？以下是我的代码摘录:

@Component
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
public class SessionStorage implements Serializable{
    long id;
    public int getId() {
    return id;
    }

    public SessionStorage() {
        System.out.println("New Session Storage");
        id = System.currentTimeMillis();
    }
}

主 Controller 如下所示:

@Controller
@Scope("request")
@RequestMapping("/")
public class MainController {
    @Autowired
    private SessionStorage sessionStorage;

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public ModelAndView login(
            @RequestParam(value = "error", required = false) String error,
            @RequestParam(value = "logout", required = false) String logout) {

        System.out.println(sessionStorage.getId()); //Works fine

        ModelAndView model = new ModelAndView();
        if (error != null) {
            model.addObject("error", "Invalid username and     password!");
        }

        if (logout != null) {
            model.addObject("msg", "You've been logged out successfully.");
        }
        model.setViewName("login");
        return model;
    }
}

AuthentificationSuccesshandler(抛出错误的地方):

public class AuthentificationSuccessHandler implements AuthenticationSuccessHandler {

    @Autowired
    private SessionStorage sessionStorage;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest hsr, HttpServletResponse hsr1, Authentication a) throws IOException, ServletException {
        System.out.println("Authentication successful: " + a.getName());
        System.out.println(sessionStorage.getId()); //NullPointerException
    }
}

spring-security.xml相关部分:

<beans:bean id="authentificationFailureHandler" class="service.AuthentificationFailureHandler" />
    <beans:bean id="authentificationSuccessHandler" class="service.AuthentificationSuccessHandler" />
    <http auto-config="true" use-expressions="true">
        <intercept-url pattern="/secure/**" access="hasRole('USER')" />


        <form-login 
            login-page="/login" 
            default-target-url="/index"
            authentication-failure-handler-ref="authentificationFailureHandler"
            authentication-failure-url="/login?error" 
            authentication-success-handler-ref="authentificationSuccessHandler"
            username-parameter="username"
            password-parameter="password" />
        <logout logout-success-url="/login?logout" />
        <!-- enable csrf protection -->
        <csrf/>
    </http>

web-xml:

<listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

Answer 1

这个问题很旧，但在 Google 中显示为指向我的问题的第一个链接。

我发现最有效的修复方法是在自定义 AuthenticationSuccessHandler 上设置范围。

@Component
@Scope(value="session", proxyMode = ScopedProxyMode.TARGET_CLASS)

可在此处找到更多详细信息: https://tuhrig.de/making-a-spring-bean-session-scoped/