Spring Security + CDI + Hibernatefilter

Asked

Viewed 126 times

1

good afternoon!

I am in a system with Primefaces, Hibernate, CDI and am implementing security with Spring-Security and control transactions with Hibernatefilter, declared on web.xml. I did all the tests with authentication in memory and it was right td, but when I try to create the Userdetails the application runs, it displays the login screen but when I click on the login button an error occurs. Follow below the error and my classes.

18-Jan-2017 17:35:05.197 SEVERE [http-nio-8084-exec-18] com.sistemaac.springsecurity.SACUserDetailsService.loadUserByUsername Problemas com a tentativa de conexão!
org.hibernate.HibernateException: createCriteria is not valid without active transaction
at org.hibernate.context.internal.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:352)
at com.sun.proxy.$Proxy145.createCriteria(Unknown Source)
at com.sistemaac.config.dao.GenericDaoImpl.iniciarCriteria(GenericDaoImpl.java:58)
at com.sistemaac.ti.seguranca.dao.UsuarioDao.findByUserName(UsuarioDao.java:113)
at com.sistemaac.ti.seguranca.business.UsuarioBusiness.findByUserName(UsuarioBusiness.java:73)
at com.sistemaac.ti.seguranca.business.UsuarioBusiness$Proxy$_$$_WeldClientProxy.findByUserName(Unknown Source)
at com.sistemaac.springsecurity.SACUserDetailsService.buscarUsuario(SACUserDetailsService.java:64)
at com.sistemaac.springsecurity.SACUserDetailsService.loadUserByUsername(SACUserDetailsService.java:49)
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:114)
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:144)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:217)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

Sacuserdetailsservice class:

public class SACUserDetailsService implements UserDetailsService {

    private static final Logger logger = Logger.getLogger(SACUserDetailsService.class.getSimpleName());

    private final UsuarioBusiness usuarioBusiness = CDIServiceLocator.getBean(UsuarioBusiness.class);

    private final GrupoPermissaoBusiness grupoPermissaoBusiness = CDIServiceLocator.getBean(GrupoPermissaoBusiness.class);

    public SACUserDetailsService() {

    }

    @Override
    public UserDetails loadUserByUsername(String login) throws UsernameNotFoundException {

        try {

                    SACUserDetails userDetails = buscarUsuario(login);

                    Collection<GrantedAuthority> permissoesPorUsuario = buscarPermissoes(login);

                    userDetails.getAuthorities().addAll(permissoesPorUsuario);

                    return userDetails;
        } catch (Exception e) {
            logger.log(Level.SEVERE, "Problemas com a tentativa de conexão!", e);
            throw new UsernameNotFoundException("Problemas com a tentativa de conexão!", e);
        } 
    }

    public SACUserDetails buscarUsuario(String login) throws SQLException {

            Usuario usuario = usuarioBusiness.findByUserName(login);
            String nome;
            String password;
            boolean ativo;

            if(usuario !=null){
                throw new UsernameNotFoundException("Usuário " + login + " não encontrado!");
            }else{
        nome = usuario.getLogin();
        password = usuario.getSenha();
        ativo = usuario.getAtivo();
            }

            return new SACUserDetails(nome, login, password, ativo);
    }


    public Collection<GrantedAuthority> buscarPermissoes(String login) throws SQLException {
            List<GrantedAuthority> permissoes = new ArrayList<>();

            Usuario usuario = usuarioBusiness.findByUserName(login);

            for(Iterator<GrupoPermissao> iter = usuario.getGrupoPermissaoUsuarios().iterator(); 
             iter.hasNext();) {
                permissoes.add(new SimpleGrantedAuthority(grupoPermissaoBusiness.preparaPermissao(iter.next()).getGrupoPermissao()));
            }

            return permissoes;
    }
}

User class:

@RequestScoped
@Getter
@Setter
public class UsuarioBusiness implements Serializable{

    private static final long serialVersionUID = 1L;

    private UsuarioLazyDataModel usuarios;

    @Inject
    private GrupoPermissaoBusiness grupoPermissaoBusiness;

    private UsuarioDao usuarioDao = CDIServiceLocator.getBean(UsuarioDao.class);

    public Usuario findByUserName(String login){
        return usuarioDao.findByUserName(login);
    }
}

User Class:

@Dependent
public class UsuarioDao extends FiltroGenericDao<Usuario> implements Serializable{

    public UsuarioDao() {
        super(Usuario.class);
    }


     //Filtro usado no Lazy loading
    public List<Usuario> filtrados(UsuarioFiltro filtro){

        Criteria criteria = criarCriteriaFiltro(filtro);

        criteria.setFirstResult(filtro.getPrimeiroRegistro());
        criteria.setMaxResults(filtro.getQuantidadeRegistro());

        if(filtro.isAscendente() && filtro.getPropriedadeOrdenacao() != null){
            criteria.addOrder(Order.asc(filtro.getPropriedadeOrdenacao()));
        }else if(filtro.getPropriedadeOrdenacao() != null){
            criteria.addOrder(Order.desc(filtro.getPropriedadeOrdenacao()));
        }

        return criteria.list();
    }


    //Retorna a quantidade de Acessos filtrados
    public int quantidadeFiltrado(UsuarioFiltro filtro){

        Criteria criteria = criarCriteriaFiltro(filtro);

        //Faz o count dos registros
        criteria.setProjection(Projections.rowCount());

        //Como o resultado do rowcount é um único registro retorna uniqueResult
        return ((Number) criteria.uniqueResult()).intValue();
    }

    @Override
    public Criteria criarCriteriaFiltro(IFiltro filtro) {
        Criteria criteria = iniciarCriteria(null);
        UsuarioFiltro auxFiltro = (UsuarioFiltro) filtro;
        if(auxFiltro.getUsuario()!=null && !auxFiltro.getUsuario().trim().isEmpty()){
            criteria.add(Restrictions.ilike("login", auxFiltro.getUsuario().trim(), MatchMode.ANYWHERE));
        }
        return criteria;
    }

    public Boolean loginExiste(Usuario usuario) {
        Criteria criteria = iniciarCriteria(null);
        Criteria results = criteria.add(Restrictions.like("login", usuario.getLogin().trim(), MatchMode.EXACT));
        if(results.uniqueResult() != null){
            return true;
        }else{
            return false;
        }
    }

    public Boolean emailExiste(Usuario usuario) {
        Criteria criteria = iniciarCriteria(null);
        Criteria results = criteria.add(Restrictions.like("email", usuario.getEmail().trim(), MatchMode.EXACT));
        if(results.uniqueResult() != null){
            return true;
        }else{
            return false;
        }
    }
    public Boolean emailExisteByLogin(Usuario usuario) {
        Criteria criteria = iniciarCriteria(null);
        Criteria results = criteria.add(Restrictions.like("email", usuario.getEmail().trim(), MatchMode.EXACT));
        criteria.add(Restrictions.like("login", usuario.getLogin().trim(), MatchMode.EXACT));
        if(results.uniqueResult() != null){
            return true;
        }else{
            return false;
        }
    }
    public Boolean cpfExiste(Usuario usuario) {
        Criteria criteria = iniciarCriteria(null);
        Criteria results = criteria.add(Restrictions.like("cpf", usuario.getCpf(), MatchMode.EXACT));
        if(results.uniqueResult() != null){
            return true;
        }else{
            return false;
        }
    }

    public Usuario findByUserName(String login) {
        Criteria criteria = iniciarCriteria(null);
        Criteria results = criteria.add(Restrictions.like("login", login.trim(), MatchMode.EXACT));

        return (Usuario) results.uniqueResult();
    }

    public Usuario findByCpf (String cpf) {
        Criteria criteria = iniciarCriteria(null);
        Criteria results = criteria.add(Restrictions.like("cpf", cpf.trim(),         MatchMode.EXACT));

        return (Usuario) results.uniqueResult();
    }

}
  • The second line points to the error: createCriteria is not Valid without active transaction. You need to open a transaction to use the criteria.

  • This is @adelmo00, dear, only my transactions are in Hibernatefilter, every operation calls the filter and executes the transactions. It’s like spring security won’t accept the filter.

  • Take out the annotation: @Dependent, and try again. If an error requires a transaction, then put @Transactional

  • can also write down your dao with: @Repository, so it will always open a transaction

  • or at the mercy, you can open the transaction in hand.. I don’t see how something very elegant: https://stackoverflow.com/a/20296980/935330

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.