Java Future – Spring Authentication在AuditorAware中为null
作者:互联网
这是我的情景:
我的应用程序启用了Mongo审核,使用自定义AuditorAware从SecurityContext获取当前用户.这适用于同步方法,并且成功保存了当前审计员,但我无法使用@Async方法使其正常工作.
我有一个异步方法(CompletableFuture),它在我的Mongo数据库上进行了一些更新.调用AuditorAware.getCurrentAuditor()时,不存在身份验证信息,我无法获取当前审计员(SecurityContextHolder.getContext().getAuthentication()返回null).
@Override
public User getCurrentAuditor() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null || !authentication.isAuthenticated()
|| authentication instanceof AnonymousAuthenticationToken) {
log.error("Not authenticated");
return null;
}
[...]
}
我正在使用DelegatingSecurityContextAsyncTaskExecutor:
@Configuration
@EnableAsync
public class AsyncConfig implements AsyncConfigurer {
@Override
public Executor getAsyncExecutor() {
ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor();
executor.setCorePoolSize(20);
executor.setMaxPoolSize(100);
executor.setQueueCapacity(200);
executor.initialize();
return new DelegatingSecurityContextAsyncTaskExecutor(executor);
}
@Override
public AsyncUncaughtExceptionHandler getAsyncUncaughtExceptionHandler() {
return new ItacaExceptionHandler();
}
}
我怎样才能让它正常工作?
解决方法:
Spring安全上下文始终绑定到Threadlocal.
也可以为安全上下文另外设置MODE_INHERITABLETHREADLOCAL.
@Bean
public MethodInvokingFactoryBean methodInvokingFactoryBean() {
MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
methodInvokingFactoryBean.setTargetClass(SecurityContextHolder.class);
methodInvokingFactoryBean.setTargetMethod("setStrategyName");
methodInvokingFactoryBean.setArguments(new String[]{SecurityContextHolder.MODE_INHERITABLETHREADLOCAL});
return methodInvokingFactoryBean;
}
http://www.ogrigas.eu/spring/2010/04/inherit-spring-security-context-in-child-threads
How to set up Spring Security SecurityContextHolder strategy?
标签:completable-future,java,spring,mongodb,spring-security 来源: https://codeday.me/bug/20190724/1524171.html