Spring Security+hibernate

**matyB87** · 27-03-2013, 16:51

Buon pomeriggio,
sono una studentessa di informatica e sto cercando di imparare Spring Security per un piccolo sistema di login.
Purtroppo ho un problema che non riesco a risolvere.

all'interno del mio progetto ho due classi SpringSecurityContext e UserSession che vengono utilizzate dalle classi LoginService e LoginController per effettuare tutte le operazioni di login.

la classe SpringSecurity è:

codice:

public class SpringSecurityContext
{

    public static UserSession getUser(final HttpSession httpSession)
    {
        SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT");

        if (securityContext != null)
        {
            return (UserSession) securityContext.getAuthentication().getPrincipal();
        }
        else
        {
            securityContext = SecurityContextHolder.getContext();

            return (UserSession)securityContext.getAuthentication().getPrincipal();
        }

    }

    public static void removeUser(final HttpSession httpSession)
    {
        final SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT");

        if (securityContext != null)
        {
            securityContext.setAuthentication(null);
        }
        else
        {
            SecurityContextHolder.getContext().setAuthentication(null);
        }
    }

    public static void setDefaultUser(final HttpSession httpSession)
    {
        final UserSession userSession = new UserSession();

        final UsernamePasswordAuthenticationToken authenticate = new UsernamePasswordAuthenticationToken(userSession,
                userSession.getPassword());

        SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT");

        if (securityContext != null)
        {
            securityContext.setAuthentication(authenticate);
        }
        else
        {
            securityContext = SecurityContextHolder.getContext();
            securityContext.setAuthentication(authenticate);
            httpSession.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
        }
    }

    public static void setUser(final HttpSession httpSession, final User user)
    {
        final UsernamePasswordAuthenticationToken authenticate = new UsernamePasswordAuthenticationToken(user, user.getPassword());

        SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT");

        if (securityContext != null)
        {
            securityContext.setAuthentication(authenticate);
        }
        else
        {
            securityContext = SecurityContextHolder.getContext();
            securityContext.setAuthentication(authenticate);
            httpSession.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
        }
    }
}

la classe User Session è:

codice:


public class UserSession extends User implements Serializable {

	private static final long serialVersionUID = 1L;
	
	/**    
	 * campi di User
	 * 
	 * l'username dellâ€™utente
	 * la sua password
	 * (booleano) utente abilitato
	 * (booleano) account non scaduto
	 *  (booleano) credenziali non scadute
	 *  (booleano) account non bloccato
	 *   Lista di permessi di tipi GrantedAuthorities   
	 */
	
	public static enum Stato {VISITATORE, REGISTRATO, CONFERMATO, LOGGED};
	public static enum Errors {ERROR_USER_PASSWORD, ERROR_INVALID_STATE, ERROR_EXIST_MAIL};

	private boolean complete;
	private Stato stato;
	private String nome;
	private Errors error;
	private Long id;
	
	public UserSession()
	{
		super("username", "password", false, false, false, false, new HashSet<GrantedAuthority>());
		
		stato = Stato.VISITATORE;
	}
	public UserSession(String username, String password, boolean enabled,
			boolean accountNonExpired, boolean credentialsNonExpired,
			boolean accountNonLocked, Collection<GrantedAuthority> authorities) 
	{
		super(username, password, enabled, accountNonExpired, credentialsNonExpired,
				accountNonLocked, authorities);
		// TODO Auto-generated constructor stub
	}

	public UserSession(String username, String password, boolean enabled,
			boolean accountNonExpired, boolean credentialsNonExpired,
			boolean accountNonLocked, Collection<GrantedAuthority> authorities,
			String nome, Errors error, Long id) 
	{
		super(username, password, enabled, accountNonExpired, credentialsNonExpired,
				accountNonLocked, authorities);
		this.stato = stato;
		this.nome = nome;
		this.error = error;
		this.id = id;
	}

	public Stato getStato() {
		return stato;
	}

	public void setStato(Stato stato) {
		this.stato = stato;
	}

	
	public String getNome() {
		return nome;
	}

	public void setNome(String nome) {
		this.nome = nome;
	}

	public Errors getError() {
		return error;
	}

	public void setError(Errors error) {
		this.error = error;
	}

	public Long getId() {
		return id;
	}

	public void setId(Long id) {
		this.id = id;
	}
	public boolean isComplete() {
		return complete;
	}
	public void setComplete(boolean complete) {
		this.complete = complete;
	}
	
}

l'errore all'esecuzione è:

SEVERE: Servlet.service() for servlet [dispatcher] in context with path [/UtenteVoli] threw exception [Request processing failed; nested exception is java.lang.ClassCastException: java.lang.String cannot be cast to esempio.service.UserSession] with root cause
java.lang.ClassCastException: java.lang.String cannot be cast to esempio.service.UserSession
at esempio.service.SpringSecurityContext.getUser(Spri ngSecurityContext.java:26)
at esempio.service.LoginService.service(LoginService. java:18)
at esempio.web.LoginController.login(LoginController. java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.springframework.web.bind.annotation.support.Ha ndlerMethodInvoker.doInvokeMethod(HandlerMethodInv oker.java:710)
at org.springframework.web.bind.annotation.support.Ha ndlerMethodInvoker.invokeHandlerMethod(HandlerMeth odInvoker.java:167)
at org.springframework.web.servlet.mvc.annotation.Ann otationMethodHandlerAdapter.invokeHandlerMethod(An notationMethodHandlerAdapter.java:414)
at org.springframework.web.servlet.mvc.annotation.Ann otationMethodHandlerAdapter.handle(AnnotationMetho dHandlerAdapter.java:402)
at org.springframework.web.servlet.DispatcherServlet. doDispatch(DispatcherServlet.java:771)
at org.springframework.web.servlet.DispatcherServlet. doService(DispatcherServlet.java:716)
at org.springframework.web.servlet.FrameworkServlet.p rocessRequest(FrameworkServlet.java:647)
at org.springframework.web.servlet.FrameworkServlet.d oGet(FrameworkServlet.java:552)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:728)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 343)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.invoke(FilterSecurityInt erceptor.java:109)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.doFilter(FilterSecurityI nterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.access.ExceptionT ranslationFilter.doFilter(ExceptionTranslationFilt er.java:97)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.session.SessionMa nagementFilter.doFilter(SessionManagementFilter.ja va:100)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.authentication.An onymousAuthenticationFilter.doFilter(AnonymousAuth enticationFilter.java:78)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.servletapi.Securi tyContextHolderAwareRequestFilter.doFilter(Securit yContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.savedrequest.Requ estCacheAwareFilter.doFilter(RequestCacheAwareFilt er.java:35)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.authentication.Ab stractAuthenticationProcessingFilter.doFilter(Abst ractAuthenticationProcessingFilter.java:188)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.authentication.lo gout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.context.SecurityC ontextPersistenceFilter.doFilter(SecurityContextPe rsistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 355)
at org.springframework.security.web.FilterChainProxy. doFilter(FilterChainProxy.java:149)
at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:936)
at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.p rocess(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnect ionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProce ssor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)

Qualcuno può essermi di aiuto?????...
in pratica mi dice che il cast (UserSession)securityContext.getAuthentication().g etPrincipal();
non può essere fatto...
ma perchè???
come posso risolere???

vi ringrazio in anticipo!!!!

**matyB87** · 27-03-2013, 22:31

per puntualizzare,
la funzione GetPrincipal()
restituisce un Object
e poi faccio il cast a UserSession
come si può vedere nell'immagine

Discussione: Spring Security+hibernate

Strumenti discussione

Ricerca discussione

Visualizza

Spring Security+hibernate

Permessi di invio