使用自定义用户对象时的Spring会话redis

时间:2018-04-07 15:43:57

标签: java spring spring-boot redis spring-session

我正在按照本教程将spring会话(通过redis)添加到我的应用程序中。 http://www.baeldung.com/spring-session

我添加了依赖项

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.session</groupId>
    <artifactId>spring-session</artifactId>
</dependency>

和SessionConfig.java类

@Configuration
@EnableRedisHttpSession
public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
}

我在一个空白项目上完成了这项工作,事情很有效。但是我当前的项目有一些带有自定义UserDetailsS​​ervice的自定义用户对象,这就是出错的地方。

Sat Apr 07 11:21:49 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Cannot serialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to serialize object using DefaultSerializer; nested exception is java.io.NotSerializableException: com.kreyzon.dollar.entity.User

现在,我环顾四周,找到了实施此建议的建议:

@Bean
public RedisTemplate<Object, Object> sessionRedisTemplate (
        RedisConnectionFactory connectionFactory) {
    RedisTemplate<Object, Object> template = new RedisTemplate<Object, Object>();
    template.setKeySerializer(new StringRedisSerializer());
    template.setHashKeySerializer(new StringRedisSerializer());

    template.setDefaultSerializer(new GenericJackson2JsonRedisSerializer());

    template.setConnectionFactory(connectionFactory);
    return template;
}

那不起作用(好像甚至没有被认出来)。我也试过这个

@Bean(name = {"defaultRedisSerializer", "springSessionDefaultRedisSerializer"})
RedisSerializer<Object> defaultRedisSerializer() {
    return new GenericJackson2JsonRedisSerializer();
}

现在,这实际上是某事但仍然导致错误

Sat Apr 07 11:39:21 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Could not read JSON: Can not construct instance of org.springframework.security.authentication.UsernamePasswordAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: [B@4dc133; line: 1, column: 184] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"]); nested exception is com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of org.springframework.security.authentication.UsernamePasswordAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: [B@4dc133; line: 1, column: 184] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"])

我还研究了其他序列化工具,例如Jackson2JsonRedisSerializerGenericJackson2JsonRedisSerializer,但却遇到了相同的错误..

所有帮助表示感谢,谢谢。

更新

我也尝试添加这个自定义序列化程序

public class CustomRedisSerializer implements RedisSerializer<Object> {

    private Converter<Object, byte[]> serializer = new SerializingConverter();
    private Converter<byte[], Object> deserializer = new DeserializingConverter();

    static final byte[] EMPTY_ARRAY = new byte[0];

    public Object deserialize(byte[] bytes) {
        if (isEmpty(bytes)) {
            return null;
        }

        try {
            return deserializer.convert(bytes);
        } catch (Exception ex) {
            throw new SerializationException("Cannot deserialize", ex);
        }
    }

    public byte[] serialize(Object object) {
        if (object == null) {
            return EMPTY_ARRAY;
        }

        try {
            return serializer.convert(object);
        } catch (Exception ex) {
            return EMPTY_ARRAY;
            //TODO add logic here to only return EMPTY_ARRAY for known conditions
            // else throw the SerializationException
            // throw new SerializationException("Cannot serialize", ex);
        }
    }

    private boolean isEmpty(byte[] data) {
        return (data == null || data.length == 0);
    }
}

第二次更新:

所以我将implements Serializable添加到我的所有自定义对象中。这很有效,去吧! (由于某种原因,我没有在这个主题上找到一篇文章建议)

现在,我的上一期仍然存在。我正在使用LDAP进行身份验证,如果身份验证失败,则返回一个对象LdapCtx,该对象不可序列化并抛出错误

Sat Apr 07 12:35:14 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Cannot serialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to serialize object using DefaultSerializer; nested exception is java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx

有没有办法强制这个类可以序列化?

更新(10/22/2018):

此问题已得到解决 https://github.com/spring-projects/spring-security/issues/5378

1 个答案:

答案 0 :(得分:2)

如果您正在使用依赖于标准Java序列化的序列化机制,例如JdkSerializationRedisSerializer,则必须确保存储在会话中的所有内容都实现Serializable。正如您自己所经历的那样,对于属于您项目的课程来说,这是相当简单的,但对第三方课程来说可能是一个挑战。

我建议您仔细研究基于JSON的序列化,即Jackson2JsonRedisSerializer。有一个sample app有一个Spring Session代码库来演示这种方法。

此特定示例使用SecurityJackson2Modules来序列化Spring Security的对象。为了能够使用基于Jackson的JSON序列化序列化您的第三方类,您应该执行与Spring Security提供的类似的操作。

相关问题
最新问题