我正在按照本教程将春季会话(通过 redis )添加到我的应用程序中。 http://www.baeldung.com/spring-session
我添加依赖项
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
</dependency>
和 SessionConfig.java 类
@Configuration
@EnableRedisHttpSession
public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
}
我在一个空白项目上完成了这项工作,事情做得很好。但是我当前的项目有一些带有自定义用户详细信息服务的自定义用户对象,这就是出现问题的地方。
Sat Apr 07 11:21:49 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Cannot serialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to serialize object using DefaultSerializer; nested exception is java.io.NotSerializableException: com.kreyzon.dollar.entity.User
现在,我环顾四周,找到了实现此建议的建议:
@Bean
public RedisTemplate<Object, Object> sessionRedisTemplate (
RedisConnectionFactory connectionFactory) {
RedisTemplate<Object, Object> template = new RedisTemplate<Object, Object>();
template.setKeySerializer(new StringRedisSerializer());
template.setHashKeySerializer(new StringRedisSerializer());
template.setDefaultSerializer(new GenericJackson2JsonRedisSerializer());
template.setConnectionFactory(connectionFactory);
return template;
}
这不起作用(就像似乎没有被识别一样)。我也试过这个
@Bean(name = {"defaultRedisSerializer", "springSessionDefaultRedisSerializer"})
RedisSerializer<Object> defaultRedisSerializer() {
return new GenericJackson2JsonRedisSerializer();
}
现在,这实际上做了一些事情,但仍然导致错误
Sat Apr 07 11:39:21 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Could not read JSON: Can not construct instance of org.springframework.security.authentication.UsernamePasswordAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: [B@4dc133; line: 1, column: 184] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"]); nested exception is com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of org.springframework.security.authentication.UsernamePasswordAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: [B@4dc133; line: 1, column: 184] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"])
我还探索了其他序列化程序,如Jackson2JsonRedisSerializer和GenericJackson2JsonRedisSerializer,但得到相同的错误。
感谢所有的帮助,谢谢。
更新:
我也尝试添加这个自定义序列化程序
public class CustomRedisSerializer implements RedisSerializer<Object> {
private Converter<Object, byte[]> serializer = new SerializingConverter();
private Converter<byte[], Object> deserializer = new DeserializingConverter();
static final byte[] EMPTY_ARRAY = new byte[0];
public Object deserialize(byte[] bytes) {
if (isEmpty(bytes)) {
return null;
}
try {
return deserializer.convert(bytes);
} catch (Exception ex) {
throw new SerializationException("Cannot deserialize", ex);
}
}
public byte[] serialize(Object object) {
if (object == null) {
return EMPTY_ARRAY;
}
try {
return serializer.convert(object);
} catch (Exception ex) {
return EMPTY_ARRAY;
//TODO add logic here to only return EMPTY_ARRAY for known conditions
// else throw the SerializationException
// throw new SerializationException("Cannot serialize", ex);
}
}
private boolean isEmpty(byte[] data) {
return (data == null || data.length == 0);
}
}
第二次更新:
所以我implements Serializable添加到我所有的自定义对象中。那行得通了,去想办法!(出于某种原因,我没有找到一个关于这个主题的帖子表明这一点)
现在,我的最后一个问题仍然存在。我正在使用LDAP进行身份验证,如果身份验证失败,它将返回一个不可序列化的对象LdapCtx并引发错误
Sat Apr 07 12:35:14 EDT 2018
There was an unexpected error (type=Internal Server Error, status=500).
Cannot serialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to serialize object using DefaultSerializer; nested exception is java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx
有没有办法强制这个类是可序列化的?
更新(10/22/2018):
此问题已解决 https://github.com/spring-projects/spring-security/issues/5378
如果您使用的是依赖于标准 Java 序列化的序列化机制,例如JdkSerializationRedisSerializer,则必须确保存储在会话中的所有内容都实现Serializable。正如您自己所经历的那样,这对于作为项目一部分的课程来说相当简单,但对于第三方课程来说可能是一个挑战。
我建议您仔细研究基于 JSON 的序列化,即Jackson2JsonRedisSerializer.有一个包含 Spring 会话代码库的示例应用程序演示了此方法。
此特定示例使用SecurityJackson2Modules来序列化 Spring 安全性的对象。为了能够使用基于 Jackson 的 JSON 序列化序列化您的第三方类,您应该执行类似于 Spring Security 提供的操作。