在SecurityContext中找不到認證對象 - 帶異步支持的Servlet 3

Question

使用Spring 3.2和異步支持。安全上下文匿名Callable方法

@RequestMapping(value = "/home", method = RequestMethod.GET) 
public Callable<String> home(final Model model) { 
    return new Callable<String>() { 
     @Override 
     public String call() throws Exception { 
      model.addAttribute("homeService", homeService.findId(1)); 
      return "home"; 
     } 
    }; 
} 

內輸了一次這是適用於一個bean servlet-context.xml

<beans:bean id="homeService" class="example.service.HomeServiceImpl" scope="request"> 
    <security:intercept-methods> 
     <security:protect access="ROLE_USER" method="find*"/> 
    </security:intercept-methods> 
</beans:bean> 

這裏面的安全性裝飾是錯誤，因爲安全上下文不存在： org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext

Answer 1

升級到Spring Security 3.2.0 RC1是解決方案。

This article提到Spring Security 3.2與Servlet 3異步支持兼容。

關聯的SecurityContext爲Callable的
更從技術上來講， 春季安全與WebAsyncManager集成。用於處理Callable的SecurityContext 是 在調用startCallableProcessing時的SecurityContextHolder上存在的SecurityContext。

Maven的依賴性：

<dependencies> 
    <dependency> 
     <groupId>org.springframework.security</groupId> 
     <artifactId>spring-security-web</artifactId> 
     <version>3.2.0.RC1</version> 
    </dependency> 
    <dependency> 
     <groupId>org.springframework.security</groupId> 
     <artifactId>spring-security-config</artifactId> 
     <version>3.2.0.RC1</version> 
    </dependency> 
</dependencies> 

<repositories> 
    <repository> 
     <id>spring-milestones</id> 
     <name>Spring Milestones</name> 
     <url>http://repo.spring.io/milestone</url> 
     <snapshots> 
      <enabled>false</enabled> 
     </snapshots> 
    </repository> 
</repositories> 
<repositories> 
    <repository> 
     <id>spring-milestones</id> 
     <name>Spring Milestones</name> 
     <url>http://repo.spring.io/milestone</url> 
     <snapshots> 
      <enabled>false</enabled> 
     </snapshots> 
    </repository> 
</repositories>