解决方案是不获取实现中的
User记录
AuditorAware。这会触发所描述的循环,因为选择查询会触发刷新(这种情况是因为Hibernate /
JPA希望在执行选择之前将数据写入数据库以提交事务),从而触发对的调用
AuditorAware#getCurrentAuditor。
解决方案是将
User记录存储在
UserDetails提供给Spring Security的文件中。因此,我创建了自己的实现:
public class UserAwareUserDetails implements UserDetails { private final User user; private final Collection<? extends GrantedAuthority> grantedAuthorities; public UserAwareUserDetails(User user) { this(user, new ArrayList<GrantedAuthority>()); } public UserAwareUserDetails(User user, Collection<? extends GrantedAuthority> grantedAuthorities) { this.user = user; this.grantedAuthorities = grantedAuthorities; } @Override public Collection<? extends GrantedAuthority> getAuthorities() { return grantedAuthorities; } @Override public String getPassword() { return user.getSaltedPassword(); } @Override public String getUsername() { return user.getUsername(); } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return true; } public User getUser() { return user; }}此外,我更改
UserDetailsService了加载
User并创建
UserAwareUserDetails。现在可以
User通过以下方式访问实例
SercurityContextHolder:
@Overridepublic User getCurrentAuditor() { return ((UserAwareUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUser();}
