I have a request filter that sits in front of a controller. This filter retrieves a user profile and sets the properties on a userProfile
Component with Request Scope and then passes on to the next filter.
When trying to access the userProfile
from inside the filter, the property has not been successfully autowired.
I see the following exception when trying to autowire the userProfile
from inside the filter:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.userProfile': Scope 'request' is not active for the current thread; consider defining a scoped proxy for this bean if you intend to refer to it from a singleton; nested exception is java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
When trying to access the userProfile
from inside the controller however, the property has been successfully autowired.
How can I successfully autowire the userProfile
Component inside the filter?
Request filter:
@Component
public class JwtAuthenticationFilter extends GenericFilterBean implements Filter {
@Autowired
public UserProfile userProfile;
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain next) throws IOException, ServletException {
....
userProfile
.username(authorizedUser.username())
.email(authorizedUser.email())
.firstName(authorizedUser.firstName())
.lastName(authorizedUser.lastName());
}
}
Controller:
@CrossOrigin
@RestController
@RequestMapping("/users")
public class UsersController {
@Autowired
public UserProfile userProfile;
@GetMapping(
path = "/current",
produces = MediaType.APPLICATION_JSON_VALUE
)
@ResponseStatus(HttpStatus.OK)
public String currentUser() throws ResponseFormatterException {
System.out.println(userProfile.email());
}
}
User Profile:
@Component
@RequestScope
public class UserProfile {
@Getter @Setter
@Accessors(fluent = true)
@JsonProperty("username")
private String username;
@Getter @Setter
@Accessors(fluent = true)
@JsonProperty("email")
private String email;
@Getter @Setter
@Accessors(fluent = true)
@JsonProperty("firstName")
private String firstName;
@Getter @Setter
@Accessors(fluent = true)
@JsonProperty("lastName")
private String lastName;
}
Security Config:
@Configuration
@EnableWebSecurity
public class SecurityConfigurator extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticatingFilter jwtAuthenticatingFilter;
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(getAuthenticator());
}
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/actuator/**")
.antMatchers("/favicon.ico");
}
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/actuator/**").permitAll()
.antMatchers("/favicon.ico").permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(getFilter(), SessionManagementFilter.class)
.authenticationProvider(getAuthenticator())
.exceptionHandling()
.authenticationEntryPoint(new HttpAuthenticationEntryPoint());
}
protected AbstractAuthenticator getAuthenticator() {
return new JwtAuthenticator();
}
protected AuthenticatingFilter getFilter() {
return jwtAuthenticatingFilter;
}
}
2.1.4.RELEASE
. I'm not messing with threads and have nohystrix
commands. I am looking around to see if there is something that may be affecting the DI but nothing jumps out. – Andy Jenkinsnew JwtAuthenticationFilter()
and@Async
, make sure no one does that. – Shadovnew JwtAuthenticationFilter()
anywhere. When I remove those annotations, my Authentication Filter doesn't get hit at all. Don't know if that helps? – Andy Jenkins