Buon pomeriggio,
sono una studentessa di informatica e sto cercando di imparare Spring Security per un piccolo sistema di login.
Purtroppo ho un problema che non riesco a risolvere.
all'interno del mio progetto ho due classi SpringSecurityContext e UserSession che vengono utilizzate dalle classi LoginService e LoginController per effettuare tutte le operazioni di login.
la classe SpringSecurity è:
Codice:
public class SpringSecurityContext
{ public static UserSession getUser(final HttpSession httpSession)
{
SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT");
if (securityContext != null)
{
return (UserSession) securityContext.getAuthentication().getPrincipal(); }
else { securityContext = SecurityContextHolder.getContext();
return (UserSession)securityContext.getAuthentication().getPrincipal(); }
} public static void removeUser(final HttpSession httpSession) { final SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT"); if (securityContext != null) { securityContext.setAuthentication(null); } else { SecurityContextHolder.getContext().setAuthentication(null); } } public static void setDefaultUser(final HttpSession httpSession) { final UserSession userSession = new UserSession(); final UsernamePasswordAuthenticationToken authenticate = new UsernamePasswordAuthenticationToken(userSession, userSession.getPassword()); SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT"); if (securityContext != null) { securityContext.setAuthentication(authenticate); } else { securityContext = SecurityContextHolder.getContext(); securityContext.setAuthentication(authenticate); httpSession.setAttribute("SPRING_SECURITY_CONTEXT", securityContext); } } public static void setUser(final HttpSession httpSession, final User user) { final UsernamePasswordAuthenticationToken authenticate = new UsernamePasswordAuthenticationToken(user, user.getPassword()); SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT"); if (securityContext != null) { securityContext.setAuthentication(authenticate); } else { securityContext = SecurityContextHolder.getContext(); securityContext.setAuthentication(authenticate); httpSession.setAttribute("SPRING_SECURITY_CONTEXT", securityContext); } } }
la classe User Session è:
Codice:
public class UserSession extends User implements Serializable {
private static final long serialVersionUID = 1L; /** * campi di User * * l'username dell’utente * la sua password * (booleano) utente abilitato * (booleano) account non scaduto * (booleano) credenziali non scadute * (booleano) account non bloccato * Lista di permessi di tipi GrantedAuthorities */ public static enum Stato {VISITATORE, REGISTRATO, CONFERMATO, LOGGED}; public static enum Errors {ERROR_USER_PASSWORD, ERROR_INVALID_STATE, ERROR_EXIST_MAIL}; private boolean complete; private Stato stato; private String nome; private Errors error; private Long id; public UserSession() { super("username", "password", false, false, false, false, new HashSet<GrantedAuthority>()); stato = Stato.VISITATORE; } public UserSession(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<GrantedAuthority> authorities) { super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); // TODO Auto-generated constructor stub } public UserSession(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<GrantedAuthority> authorities, String nome, Errors error, Long id) { super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); this.stato = stato; this.nome = nome; this.error = error; this.id = id; } public Stato getStato() { return stato; } public void setStato(Stato stato) { this.stato = stato; } public String getNome() { return nome; } public void setNome(String nome) { this.nome = nome; } public Errors getError() { return error; } public void setError(Errors error) { this.error = error; } public Long getId() { return id; } public void setId(Long id) { this.id = id; } public boolean isComplete() { return complete; } public void setComplete(boolean complete) { this.complete = complete; } }
l'errore all'esecuzione è:
SEVERE: Servlet.service() for servlet [dispatcher] in context with path [/UtenteVoli] threw exception [Request processing failed; nested exception is java.lang.ClassCastException: java.lang.String cannot be cast to esempio.service.UserSession] with root cause
java.lang.ClassCastException: java.lang.String cannot be cast to esempio.service.UserSession
at esempio.service.SpringSecurityContext.getUser(Spri ngSecurityContext.java:26)
at esempio.service.LoginService.service(LoginService. java:1
at esempio.web.LoginController.login(LoginController. java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.springframework.web.bind.annotation.support.Ha ndlerMethodInvoker.doInvokeMethod(HandlerMethodInv oker.java:710)
at org.springframework.web.bind.annotation.support.Ha ndlerMethodInvoker.invokeHandlerMethod(HandlerMeth odInvoker.java:167)
at org.springframework.web.servlet.mvc.annotation.Ann otationMethodHandlerAdapter.invokeHandlerMethod(An notationMethodHandlerAdapter.java:414)
at org.springframework.web.servlet.mvc.annotation.Ann otationMethodHandlerAdapter.handle(AnnotationMetho dHandlerAdapter.java:402)
at org.springframework.web.servlet.DispatcherServlet. doDispatch(DispatcherServlet.java:771)
at org.springframework.web.servlet.DispatcherServlet. doService(DispatcherServlet.java:716)
at org.springframework.web.servlet.FrameworkServlet.p rocessRequest(FrameworkServlet.java:647)
at org.springframework.web.servlet.FrameworkServlet.d oGet(FrameworkServlet.java:552)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:72
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 343)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.invoke(FilterSecurityInt erceptor.java:109)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.doFilter(FilterSecurityI nterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.access.ExceptionT ranslationFilter.doFilter(ExceptionTranslationFilt er.java:97)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.session.SessionMa nagementFilter.doFilter(SessionManagementFilter.ja va:100)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.authentication.An onymousAuthenticationFilter.doFilter(AnonymousAuth enticationFilter.java:7
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.servletapi.Securi tyContextHolderAwareRequestFilter.doFilter(Securit yContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.savedrequest.Requ estCacheAwareFilter.doFilter(RequestCacheAwareFilt er.java:35)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.authentication.Ab stractAuthenticationProcessingFilter.doFilter(Abst ractAuthenticationProcessingFilter.java:18
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.authentication.lo gout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.context.SecurityC ontextPersistenceFilter.doFilter(SecurityContextPe rsistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.FilterChainProxy. doFilter(FilterChainProxy.java:149)
at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:936)
at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:11
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.p rocess(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnect ionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProce ssor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
Qualcuno può essermi di aiuto?????...
in pratica mi dice che il cast (UserSession)securityContext.getAuthentication().g etPrincipal();
non può essere fatto...
ma perchè???
come posso risolere???
vi ringrazio in anticipo!!!!