如何在UserDetailsService中使用Grails3进行会话？

Question

我有一个Grails 2.5应用程序，我正在尝试使用Spring Security Core插件(3.2.0.M1)将其升级到3.3，并使用Siteminder进行preauth设置。在我的UserDetailsService中，我得到的会话如下：

UserDetails loadUserByUsername(String userId, boolean loadRoles) throws UsernameNotFoundException, DataAccessException {
    org.grails.web.util.WebUtils.retrieveGrailsWebRequest().getCurrentRequest().getSession()

我需要获得的不仅仅是传递到应用程序中的单个头文件，当在本地运行应用程序时，这是预期的，但当在weblogic 12.2.1上运行war时，我收到以下错误：

No thread-bound request found: Are you referring to request attributes outside of an 
actual web request, or processing a request outside of the originally receiving thread? 
If you are actually operating within a web request and still receive this message, your code
is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use 
RequestContextListener or RequestContextFilter to expose the current request.

我也尝试过：

((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();

但在getRequest()上遇到了NPE。当在带有Spring Sec Core plugin2.0-rc6的Grails2.5中运行时，RequestContextHolder方式工作正常。有没有不同的方法来抓取报头？或者，有没有可能是我从之前的Config.groovy文件中拖入到application.groovy中的某些属性导致了问题？

resources.groovy：

beans = {

userDetailsService(com.myapp.security.MyUserDetailsService)

userDetailsServiceWrapper(org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper) {
        userDetailsService = ref('userDetailsService')
}

preauthAuthProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider) {
        preAuthenticatedUserDetailsService = ref('userDetailsServiceWrapper')
}

requestHeaderAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter){
    principalRequestHeader='smauthid'
    checkForPrincipalChanges = false
    invalidateSessionOnPrincipalChange = false
    continueFilterChainOnUnsuccessfulAuthentication = true
    authenticationManager = ref('authenticationManager')
}

}

Bootstrap.groovy

    SpringSecurityUtils.clientRegisterFilter('requestHeaderAuthenticationFilter', SecurityFilterPosition.PRE_AUTH_FILTER)

application.groovy

    grails.plugin.springsecurity.filterChain.chainMap = [
        [pattern: '/assets/**',      filters: 'none'],
        [pattern: '/**/js/**',       filters: 'none'],
        [pattern: '/**/css/**',      filters: 'none'],
        [pattern: '/**/images/**',   filters: 'none'],
        [pattern: '/**/favicon.ico', filters: 'none'],
        [pattern: '/index/nouser',   filters: 'none'],
        [pattern: '/nouser',         filters: 'none'],
        [pattern: '/**',             filters: 'JOINED_FILTERS']
    ]
    grails.plugin.springsecurity.providerNames = ['preauthAuthProvider']

Answer 1

我不确定在UserDetailsService中获取会话是否有什么不同，但我通过以下方式获取会话：

session["task"]=object 

你可以在这里阅读更多关于session的内容：Grails 3 latest Session documentation。

编辑1个

def show(Project project) {
        respond project
        def object = project //params of the Task "task"
        session["task"]=object 
}