I'm new to Spring and GAE, and I assume this is easy, so don't overlook the simple answer.
In spring I understand that I need to create an implementation of UserDetailsService which populates UserDetails for the security framework on authentication.
After doing this I got a NotSerializableException on my SpringUserDetailsService bean, if I serialize it (as shown) I get a NotSerializableException on the DAO eventually. GAE stores the session in a data store, and as far as I understand from reading Spring Web Security framework uses the session.
If I add @Scope("session) to my service I got the following exception that I don't understand really. Also it doesn't seem to make sense to make a separate copy of this class for each session, they should all just reference the singleton.
BeanCreationException: Error creating bean with name 'testService': Scope 'session' is not active for the current thread; consider defining a scoped proxy for this bean if you intend to refer to it from a singleton; nested exception is java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
@Service("springUserDetailsService")
public class SpringUserDetailsService implements UserDetailsService, Serializable {
@Resource(name="userDao")
private IUserDao userDao;
@Override
public UserDetails loadUserByUsername(String username){...}
}
For an easy task like form login, this is kicking my butt, can anyone help untangle my brain?