堆栈内存溢出
  简体   繁体   English

Spring Security AbstractAuthenticationProcessingFilter扩展丢失实例变量值

[英]Spring Security AbstractAuthenticationProcessingFilter Extension Losing Instance Variable Value

 原文  2015-06-09 21:32:26       java/ spring/ spring-security

问题描述

Once again, I'm hoping I'm doing something really dumb here. 再一次,我希望我在这里做的事情真蠢。 :) :)

I have an extension of AbstractAuthenticationProcessingFilter in my Spring Security implementation, and in that extension, in the attemptAuthentication method, I access the passed-in HttpServletRequest object and pull out a header value, which I store in an instance variable. 我在Spring Security实现中具有AbstractAuthenticationProcessingFilter扩展,在该扩展中,在attemptAuthentication方法中,我访问了传入的HttpServletRequest对象,并提取了一个头值,该头值存储在实例变量中。

I'm noticing that, sometimes, during a call to another custom method in my project, the value of that instance variable is being null 'd out. 我注意到,有时,在我的项目中调用另一个自定义方法期间,该实例变量的值为null It isn't consistent, though. 但是,不一致。

I can't see any code in my custom method that would be responsible for overwriting the variable, so, I'm trying to narrow things down. 我在自定义方法中看不到任何负责覆盖变量的代码,因此,我试图缩小范围。 I'm hoping it's not something like thread safety that I've overlooked, or some kind of race condition. 我希望这不是我忽略的线程安全或某种竞争状况。

Has anyone come across anything like this before? 有人遇到过这样的事情吗?

I'm using Spring 4.1.1 and Spring Security 3.2.5 . 我正在使用Spring 4.1.1Spring Security 3.2.5

Thanks in advance for any assistance. 在此先感谢您的协助。

1 个解决方案

解决方案1
 0 已采纳  2015-06-09 22:22:03

The container will only create a single instance of the filter, so having any mutable instance variables is not thread safe. 容器只会创建过滤器的单个实例,因此拥有任何可变的实例变量都不是线程安全的。 Any concurrent request can cause inconsistent state for your instance variable. 任何并发请求都可能导致实例变量的状态不一致。 You should look into HttpSession . 您应该查看HttpSession

In response to comment: 回应评论:

It's not so much that you have to use HttpSession, just don't use instance variables in a servlet/filter as they are not thread safe. 您不必使用HttpSession太多了,只是不要在servlet /过滤器中使用实例变量,因为它们不是线程安全的。 If you need to maintain state, and you don't want to use sessions, then AFAIK, you'll need to pass client information with every request. 如果您需要维护状态,并且不想使用会话,那么AFAIK则需要在每个请求中传递客户信息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将 Spring Security AbstractAuthenticationProcessingFilter 迁移到 WebFlux - Migrating Spring Security AbstractAuthenticationProcessingFilter to WebFlux 使用HandlerInterceptor或AbstractAuthenticationProcessingFilter进行Spring身份验证 - Spring authentication with HandlerInterceptor or AbstractAuthenticationProcessingFilter 变量丢失值 - Losing value of variable 测试期间春季丢失安全上下文 - Spring Losing Security Context during Testing 使用 Spring 的 AbstractAuthenticationProcessingFilter 成功认证后解决 404 - Resolved 404 after successfulAuthentication using AbstractAuthenticationProcessingFilter of Spring Spring 安全 + 暂存 java 扩展 - Spring security + scratch java extension Spring Security,Kerberos扩展和AD - Spring Security, Kerberos extension and AD Spring框架4.0和Spring Security 3.2.4上的Spring Security SAML扩展 - Spring Security SAML extension on Spring framework 4.0 and Spring security 3.2.4 Spring bean实例变量可以保存动态值吗(每个请求) - Can a spring bean instance variable holds dynamic value ( per request) 失去春季安全性,重定向后请记住我子域Cookie - Losing spring security remember me subdomain cookie following redirect
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM