Databases
StackOverflow2013
Postsdbo
POorg.hibernate.LazyInitializationException using Spring Security and Session Registry
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POorg.hibernate.LazyInitializationException using Spring Security and Session Registry
    text
    copied!<p>I need to know which users are online on the website and for this reason I'm using the session registry provided by Spring Security (<code>org.springframework.security.core.session.SessionRegistryImpl</code>). Here is my Spring Security configuration:</p> <pre><code>&lt;beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"&gt; &lt;beans:bean id="authenticationManager" class="my.package.security.AuthenticationManager" /&gt; &lt;http disable-url-rewriting="true" authentication-manager-ref="authenticationManager"&gt; &lt;intercept-url pattern="/login*" access="ROLE_ANONYMOUS" /&gt; &lt;intercept-url pattern="/*" access="ROLE_USER" /&gt; &lt;form-login login-processing-url="/authorize" login-page="/login" authentication-failure-url="/login-failed" /&gt; &lt;logout logout-url="/logout" logout-success-url="/login" /&gt; &lt;session-management session-authentication-strategy-ref="sas" invalid-session-url="/invalid-session" /&gt; &lt;/http&gt; &lt;beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/&gt; &lt;beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"&gt; &lt;beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /&gt; &lt;beans:property name="maximumSessions" value="1" /&gt; &lt;/beans:bean&gt; &lt;/beans:beans&gt; </code></pre> <p>As you can see, I'm using a custom authentication manager (my.package.security.AuthenticationManager):</p> <pre><code>public class AuthenticationManager implements org.springframework.security.authentication.AuthenticationManager { @Autowired UserJpaDao userDao; public Authentication authenticate(Authentication authentication) throws AuthenticationException { User loggedInUser = null; Collection&lt;? extends GrantedAuthority&gt; grantedAuthorities = null; ... loggedInUser = loggedInUser = userDao.findByAlias(authentication.getName()); if(loggedInUser != null) { // Check password etc. grantedAuthorities = loggedInUser.getAuthorities(); } else { throw new BadCredentialsException("Unknown username"); } return new UsernamePasswordAuthenticationToken(loggedInUser, authentication.getCredentials(), grantedAuthorities); } } </code></pre> <p>Because of this, <code>sessionRegistry.getAllPrincipals()</code> will return a list of <code>User</code>s (<code>List&lt;Object&gt;</code> "castable" to <code>List&lt;User&gt;</code>). I would like to mantain this because it's exactly what I need.</p> <p>Now, the problem is that <code>User</code> is my own class and contains ManyToMany and OneToMany relationships. For this reason, I get a <code>org.hibernate.LazyInitializationException</code> when calling <code>sessionRegistry.getAllPrincipals()</code>. I guess that it happens because this method is not called inside a Transaction, but how can I prevent this exception to happen?</p> <p>Thank you.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload