我想出了解决这个问题的方法。我愿意提出任何改善答案的建议。
解决方案并不完整,因为
com.sun.jndi.ldap.LdapCtx当序列化失败时,我需要专门寻找
类型,因此我可以处理该特定情况,并将
SerializationException所有其他情况都扔掉。但是我认为总体思路可能对任何对此有所阻碍的人有用。
现在,当使用无效的凭据(例如,错误的用户名或错误的密码)时,应用程序将返回登录页面,而不是爆炸:)
我添加了一些
RedisConfiguration替换
RedisTemplateSpring Session正在使用的方法。
import com.gateway.utils.LdapFailAwareRedisObjectSerializer;@Configurationpublic class RedisConfiguration { @Primary @Bean public RedisTemplate<String,ExpiringSession> redisTemplate(RedisConnectionFactory connectionFactory) { RedisTemplate<String, ExpiringSession> template = new RedisTemplate<String, ExpiringSession>(); template.setKeySerializer(new StringRedisSerializer()); template.setHashKeySerializer(new StringRedisSerializer()); template.setHashValueSerializer(new LdapFailAwareRedisObjectSerializer()); template.setConnectionFactory(connectionFactory); return template; }}这是我的实现
RedisSerializer<Object>(
LdapFailAwareRedisObjectSerializer从此处获得)
public class LdapFailAwareRedisObjectSerializer implements RedisSerializer<Object> { private Converter<Object, byte[]> serializer = new SerializingConverter(); private Converter<byte[], Object> deserializer = new DeserializingConverter(); static final byte[] EMPTY_ARRAY = new byte[0]; public Object deserialize(byte[] bytes) { if (isEmpty(bytes)) { return null; } try { return deserializer.convert(bytes); } catch (Exception ex) { throw new SerializationException("Cannot deserialize", ex); } } public byte[] serialize(Object object) { if (object == null) { return EMPTY_ARRAY; } try { return serializer.convert(object); } catch (Exception ex) { return EMPTY_ARRAY; //TODO add logic here to only return EMPTY_ARRAY for known conditions // else throw the SerializationException // throw new SerializationException("Cannot serialize", ex); } } private boolean isEmpty(byte[] data) { return (data == null || data.length == 0); }}欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)