Spring 使用自定义用户对象时的会话 redis
Spring session redis while using custom user objects
我正在按照本教程将 spring 会话(通过 Redis)添加到我的应用程序。 http://www.baeldung.com/spring-session
我添加依赖项
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
</dependency>
和SessionConfig.javaclass
@Configuration
@EnableRedisHttpSession
public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
}
我已经在一个空白项目上完成了这项工作,而且效果很好。但是我当前的项目有一些带有自定义 UserDetailsService 的自定义用户对象,这就是问题所在。
Sat Apr 07 11:21:49 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Cannot serialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to serialize object using DefaultSerializer; nested exception is java.io.NotSerializableException: com.kreyzon.dollar.entity.User
现在,我环顾四周并找到了实施此方法的建议:
@Bean
public RedisTemplate<Object, Object> sessionRedisTemplate (
RedisConnectionFactory connectionFactory) {
RedisTemplate<Object, Object> template = new RedisTemplate<Object, Object>();
template.setKeySerializer(new StringRedisSerializer());
template.setHashKeySerializer(new StringRedisSerializer());
template.setDefaultSerializer(new GenericJackson2JsonRedisSerializer());
template.setConnectionFactory(connectionFactory);
return template;
}
那没有用(好像甚至没有被识别)。我也试过这个
@Bean(name = {"defaultRedisSerializer", "springSessionDefaultRedisSerializer"})
RedisSerializer<Object> defaultRedisSerializer() {
return new GenericJackson2JsonRedisSerializer();
}
现在,这实际上做了 一些事情,但仍然导致错误
Sat Apr 07 11:39:21 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Could not read JSON: Can not construct instance of org.springframework.security.authentication.UsernamePasswordAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: [B@4dc133; line: 1, column: 184] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"]); nested exception is com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of org.springframework.security.authentication.UsernamePasswordAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: [B@4dc133; line: 1, column: 184] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"])
我也探索了其他序列化程序,如 Jackson2JsonRedisSerializer 和 GenericJackson2JsonRedisSerializer,但得到了相同的错误..
感谢所有帮助,谢谢。
更新:
我也试过添加这个自定义序列化程序
public class CustomRedisSerializer implements RedisSerializer<Object> {
private Converter<Object, byte[]> serializer = new SerializingConverter();
private Converter<byte[], Object> deserializer = new DeserializingConverter();
static final byte[] EMPTY_ARRAY = new byte[0];
public Object deserialize(byte[] bytes) {
if (isEmpty(bytes)) {
return null;
}
try {
return deserializer.convert(bytes);
} catch (Exception ex) {
throw new SerializationException("Cannot deserialize", ex);
}
}
public byte[] serialize(Object object) {
if (object == null) {
return EMPTY_ARRAY;
}
try {
return serializer.convert(object);
} catch (Exception ex) {
return EMPTY_ARRAY;
//TODO add logic here to only return EMPTY_ARRAY for known conditions
// else throw the SerializationException
// throw new SerializationException("Cannot serialize", ex);
}
}
private boolean isEmpty(byte[] data) {
return (data == null || data.length == 0);
}
}
第二次更新:
所以我将 implements Serializable 添加到我所有的自定义对象中。那行得通,去看看吧! (出于某种原因,我在该主题上发现没有一个 post 建议)
现在,我的最后一个问题仍然存在。我正在使用 LDAP 进行身份验证,如果身份验证失败,它 returns 一个不可序列化的对象 LdapCtx 并抛出错误
Sat Apr 07 12:35:14 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Cannot serialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to serialize object using DefaultSerializer; nested exception is java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx
有什么方法可以强制这个 class 是可序列化的吗?
更新(10/22/2018):
此问题已解决
https://github.com/spring-projects/spring-security/issues/5378
如果您使用的序列化机制依赖于标准 Java 序列化,例如 JdkSerializationRedisSerializer,您必须确保存储在会话中的所有内容都实现 Serializable。正如您自己所经历的那样,这对于作为您项目一部分的 类 来说相当简单,但对于第 3 方 类.
来说可能是一个挑战
我建议您仔细研究基于 JSON 的序列化,即 Jackson2JsonRedisSerializer。有一个 sample app with the Spring Session 代码库演示了这种方法。
此特定示例使用 SecurityJackson2Modules 序列化 Spring 安全对象。为了能够使用基于 Jackson 的 JSON 序列化来序列化您的第 3 方 类,您应该做一些类似于 Spring Security 提供的事情。
我正在按照本教程将 spring 会话(通过 Redis)添加到我的应用程序。 http://www.baeldung.com/spring-session
我添加依赖项
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
</dependency>
和SessionConfig.javaclass
@Configuration
@EnableRedisHttpSession
public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
}
我已经在一个空白项目上完成了这项工作,而且效果很好。但是我当前的项目有一些带有自定义 UserDetailsService 的自定义用户对象,这就是问题所在。
Sat Apr 07 11:21:49 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Cannot serialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to serialize object using DefaultSerializer; nested exception is java.io.NotSerializableException: com.kreyzon.dollar.entity.User
现在,我环顾四周并找到了实施此方法的建议:
@Bean
public RedisTemplate<Object, Object> sessionRedisTemplate (
RedisConnectionFactory connectionFactory) {
RedisTemplate<Object, Object> template = new RedisTemplate<Object, Object>();
template.setKeySerializer(new StringRedisSerializer());
template.setHashKeySerializer(new StringRedisSerializer());
template.setDefaultSerializer(new GenericJackson2JsonRedisSerializer());
template.setConnectionFactory(connectionFactory);
return template;
}
那没有用(好像甚至没有被识别)。我也试过这个
@Bean(name = {"defaultRedisSerializer", "springSessionDefaultRedisSerializer"})
RedisSerializer<Object> defaultRedisSerializer() {
return new GenericJackson2JsonRedisSerializer();
}
现在,这实际上做了 一些事情,但仍然导致错误
Sat Apr 07 11:39:21 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Could not read JSON: Can not construct instance of org.springframework.security.authentication.UsernamePasswordAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: [B@4dc133; line: 1, column: 184] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"]); nested exception is com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of org.springframework.security.authentication.UsernamePasswordAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: [B@4dc133; line: 1, column: 184] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"])
我也探索了其他序列化程序,如 Jackson2JsonRedisSerializer 和 GenericJackson2JsonRedisSerializer,但得到了相同的错误..
感谢所有帮助,谢谢。
更新:
我也试过添加这个自定义序列化程序
public class CustomRedisSerializer implements RedisSerializer<Object> {
private Converter<Object, byte[]> serializer = new SerializingConverter();
private Converter<byte[], Object> deserializer = new DeserializingConverter();
static final byte[] EMPTY_ARRAY = new byte[0];
public Object deserialize(byte[] bytes) {
if (isEmpty(bytes)) {
return null;
}
try {
return deserializer.convert(bytes);
} catch (Exception ex) {
throw new SerializationException("Cannot deserialize", ex);
}
}
public byte[] serialize(Object object) {
if (object == null) {
return EMPTY_ARRAY;
}
try {
return serializer.convert(object);
} catch (Exception ex) {
return EMPTY_ARRAY;
//TODO add logic here to only return EMPTY_ARRAY for known conditions
// else throw the SerializationException
// throw new SerializationException("Cannot serialize", ex);
}
}
private boolean isEmpty(byte[] data) {
return (data == null || data.length == 0);
}
}
第二次更新:
所以我将 implements Serializable 添加到我所有的自定义对象中。那行得通,去看看吧! (出于某种原因,我在该主题上发现没有一个 post 建议)
现在,我的最后一个问题仍然存在。我正在使用 LDAP 进行身份验证,如果身份验证失败,它 returns 一个不可序列化的对象 LdapCtx 并抛出错误
Sat Apr 07 12:35:14 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Cannot serialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to serialize object using DefaultSerializer; nested exception is java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx
有什么方法可以强制这个 class 是可序列化的吗?
更新(10/22/2018):
此问题已解决 https://github.com/spring-projects/spring-security/issues/5378
如果您使用的序列化机制依赖于标准 Java 序列化,例如 JdkSerializationRedisSerializer,您必须确保存储在会话中的所有内容都实现 Serializable。正如您自己所经历的那样,这对于作为您项目一部分的 类 来说相当简单,但对于第 3 方 类.
我建议您仔细研究基于 JSON 的序列化,即 Jackson2JsonRedisSerializer。有一个 sample app with the Spring Session 代码库演示了这种方法。
此特定示例使用 SecurityJackson2Modules 序列化 Spring 安全对象。为了能够使用基于 Jackson 的 JSON 序列化来序列化您的第 3 方 类,您应该做一些类似于 Spring Security 提供的事情。