Can't get session scope bean in Spring Security

[KH9l3b]

Hi. I have session scope bean "userOptions" in my applicationContext.

Code:

<bean id="userOptions" class="by.gsu.schedule.security.UserOptions" scope="session">
        <aop:scoped-proxy/>
</bean>

I wrote my userDetailsService. And now I want to set some parameters to "userOptions" in the method "loadUserByUsername".

Code:

    
<security:bean id="userDetailsService" class="by.gsu.schedule.security.UserDetailsService">
        <security:property name="usersService" ref="usersService"/>
        <security:property name="userOptions" ref="userOptions"/>
</security:bean>

Code:

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
        User user = null;
        try {
            user = usersService.getUserByName(username);
            userOptions.someMethod(); //Adding info here;
        } catch (NoSuchUserException e) {
            throw new UsernameNotFoundException(username, e);
        }
        return user;
    }

But when I was trying to execute this method, I saw the exception:

Code:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.userOptions': Scope 'session' is not active for the current thread; consider defining a scoped proxy for this bean if you intend to refer to it from a singleton; nested exception is java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request? If you are actually operating within a web request and still receive this message,your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
	org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:299)
	org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
	org.springframework.aop.target.SimpleBeanTargetSource.getTarget(SimpleBeanTargetSource.java:33)
	org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.getTarget(Cglib2AopProxy.java:662)
	org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:612)
	by.gsu.schedule.security.UserOptions$$EnhancerByCGLIB$$34bf0ef8.addLink(<generated>)
	by.gsu.schedule.security.UserDetailsService.loadUserByUsername(UserDetailsService.java:55)
	org.springframework.security.providers.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:83)
	org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:121)
	org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:188)
	org.springframework.security.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:46)
	org.springframework.security.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:82)
	org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:258)
	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

So I added RequestContextListener to my web.xml file

Code:

<listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

And now I have exception not in Spring Security method, but in my Controller method....

Code:

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException
	org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:488)
	org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
	org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
	org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
...
java.lang.NullPointerException
	by.gsu.schedule.security.UserOptions.getLinkTarget(UserOptions.java:73)
	by.gsu.schedule.security.UserOptions$$FastClassByCGLIB$$9a9c6380.invoke(<generated>)
	net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
	org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:696)
	org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refle
...

I don't know what to do... First idea was to place this options to the UserDetails bean and then get them from
Authentication auth = SecurityContextHolder.getContext().getAuthenticati on();
User user = (User)auth.getPrincipal();
But I need this data before the authorization too....

[KH9l3b]

Stupid mistake with listener. Fixed to
[CODE]
<listener>
<listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
<listener-class>org.springframework.web.context.request.Requ estContextListener</listener-class>
</listener>
[CODE]
But this fix didn't solve the problem

[KH9l3b]

Problem is solved.

[kauton]

I wonder how exactly did you resolve the problem?

[boz]

Yes. Please tell us how you solved this. I've seen something similar but don't know the sollution yet.

pretty please