错误代码:
org.springframework
.dao
.InvalidDataAccessApiUsageException
: Write operations are not allowed in read-only mode (
FlushMode.NEVER
)
- turn your Session into FlushMode.AUTO
or remove 'readOnly'
marker from transaction definition
错误原因:
OpenSessionInViewFilter在getSession的时候,会把获取回来的session的flush mode
设为FlushMode.NEVER。然后把该sessionFactory绑定到
TransactionSynchronizationManager,使request的整个过程都使用同一个session,在请求过后再解除该
sessionFactory的绑定,最后closeSessionIfNecessary
根
据该session是否已和transaction绑定来决定是否关闭session。在这个过程中,若HibernateTemplate
发现自当前session有不是readOnly的transaction,就会获取到FlushMode.AUTO
Session,使方法拥有写权限。
也即是,如果有不是readOnly的transaction就可以由Flush.NEVER转为Flush.AUTO,拥有
insert,update,delete操作权限,如果没有transaction,并且没有另外人为地设flush
model的话,则doFilter的整个过程都是Flush.NEVER。所以受transaction保护的方法有写权限,没受保护的则没有。
参考文章:
http://calvin.blog.javascud.org/post/46.htm
解决办法:
采用spring的事务声明,使方法受transaction控制
<bean id="baseTransaction"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean"
abstract="true">
<property name="transactionManager" ref="transactionManager"/>
<property name="proxyTargetClass" value="true"/>
<property name="transactionAttributes">
<props>
<prop key="get*">PROPAGATION_REQUIRED,readOnly</prop>
<prop key="find*">PROPAGATION_REQUIRED,readOnly</prop>
<prop key="load*">PROPAGATION_REQUIRED,readOnly</prop>
<prop key="save*">PROPAGATION_REQUIRED</prop>
<prop key="add*">PROPAGATION_REQUIRED</prop>
<prop key="update*">PROPAGATION_REQUIRED</prop>
<prop key="remove*">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
<bean id="userService" parent="baseTransaction">
<property name="target">
<bean class="com.phopesoft.security.service.impl.UserServiceImpl"/>
</property>
</bean>
分享到:
相关推荐
### 使用Spring引起的错误:Write operations are not allowed in read-only mode (FlushMode.NEVER) #### 问题背景 在使用Spring框架时,特别是在与Hibernate结合的情况下,可能会遇到“Write operations are not...
<param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS</param-...
<param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE...
allowed.headers=Content-Type, Authorization, X-Requested-With allow.credentials=true exposed.headers=X-Total-Count, X-Custom-Header ``` 这里,`allowed.origins`指定了允许跨域的源,`allowed.methods...
String allowedOrigins = props.getProperty("cors.allowed.origins"); ``` 总结: Spring框架提供了多种解决跨域问题的方法,包括注解和过滤器。`cors-filter-1.7.jar`是一个非Spring的CORS过滤器,可以单独或与...
<param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <!-- 更多配置选项,如:允许的HTTP方法、允许的头部、是否允许证书等 --> <filter-mapping> <filter-name>...
Prerequisites: Java VM 1.8 Open a command shell/window, browse to where you ...Using the --help option will show the allowed command line arguments. 更多查看: https://github.com/WebGoat/WebGoat
**405 Method Not Allowed** - 请求行中指定的方法不被允许使用于请求相应的资源。 **406 Not Acceptable** - 服务器生成的响应没有满足客户端的MIME类型需求。 **407 Proxy Authentication Required** - 和401...
"allowed_methods": cloudfront.AllowedMethods.ALLOW_ALL, "cached_methods": cloudfront.CachedMethods.CACHE_GET_HEAD_OPTIONS, "default_ttl": core.Duration.minutes(5), }, ) ``` 在上面的例子中,我们...
4. **config.h.in** - 配置头文件模板,用于编译时生成`config.h`。 5. **Makefile.am** - Automake配置文件,用于构建过程。 6. **configure** - 自动配置脚本,帮助用户为特定环境设置编译选项。 7. **scripts** -...
2015-01-16: Version 8.039.01: Changed driver code to not use IP checksum hardware offload (caused various issues with networking in VMs) 2015-01-05: Version 8.039.00: Original version
在线封装和离线封装驱动 ... Description ...Adds the blacklisted ESXi 5.1 built-in ...Requires MaintMode Live Install Allowed Live Remove Allowed Stateless Ready Overlay Yes No No Yes No
Requires MaintMode Live Install Allowed Live Remove Allowed Stateless Ready Overlay Yes No No Yes No Additional links Related VMware Forum's post Package updated to include missing device IDs 1502...
xml/ns/javaee":deferred-syntax-allowed-as-literal, "http://java.sun.com/xml/ns/javaee":trim-directive-whitespaces, "http://java.sun.com/xml/ns/javaee":default-content-type, ...
NOTE: Windows executables in SDK are not signed so you may encounter security warnings on W8 and W10. On MacOS you may need to run SDK executables directly from console as they are not signed too.
- `cors.allowed.headers`:允许的请求头部,默认为Accept、Accept-Language、Content-Type、Last-Event-ID。 - `cors.exposed.headers`:服务器可以向浏览器暴露的响应头部。 - `cors.support.credentials`:是否...
Requires MaintMode Live Install Allowed Live Remove Allowed Stateless Ready Overlay Yes No No Yes No Additional links VMware Communities thread about running VMware ESXi inside Hyper-V Build ...
NOTE: sciter.dlls, sciter.exe and notes.exe Windows executables in SDK are digitally signed now. On MacOS you may need to run SDK executables directly from console as they are not signed too.
<param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <!-- 更多配置参数,例如允许的HTTP方法、头部、暴露头部等 --> <filter-mapping> <filter-name>CORS</filter-...
is_allowed = authorize(user, 'read', 'document_id') if is_allowed: # 执行受保护的操作 else: # 处理权限不足的情况 ``` 总的来说,VWS_Auth_Tools库为Python开发者提供了一套高效、安全的认证和授权解决...