项目场景:
公司系统一个大方法内使用了 @Async注解进行异步调用,发布生产后第三天出现问题。
问题描述
系统将一个数据处理的方法进行了异步调用,测试环境测试均为正常,在发布正常的第二天出现了系统异常,观察一天后发现此异常在方法调用时必然出现。
出现问题的代码如下:
String userName= UserUtil.getCurrentUser().getUsername();
两天抛出的异常如下:
org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated
java.lang.IllegalArgumentException: HttpSession constructor argument cannot be null.
原因分析:
程序中对Aync配置如下:
@EnableAsync(proxyTargetClass = true)
@Configuration
public class AsycTaskExecutorConfig {
@Bean
public TaskExecutor taskExecutor() {
ThreadPoolTaskExecutor taskExecutor = new ThreadPoolTaskExecutor();
taskExecutor.setCorePoolSize(50);
taskExecutor.setMaxPoolSize(100);
return taskExecutor;
}
}
保持线程最小存活数为50,可以创建的最大线程数为100。
在调用@Async注解的方法时,UserUtil.getCurrentUser()获取的并不一定为当前登录或操作用户,其获取的可能是已经失效的用户Session,验证如下:
@Async
@Override
public void test(String user){
String username = UserUtil.getCurrentUser().getUsername();
try {
Thread.sleep(30000);
} catch (InterruptedException e) {
e.printStackTrace();
}
System.out.println(user+"==============================================================:"+username);
}
通过不同的登录用户,循环异步调用该方法,最终控制台输出如下,
验证结果:
dongyajun==============================================================:dongyajun
dongyajun==============================================================:dongyajun
dongyajun==============================================================:dongyajun
admin==============================================================:dongyajun
admin==============================================================:dongyajun
admin==============================================================:dongyajun
chenguilan==============================================================:dongyajun
chenguilan==============================================================:dongyajun
chenguilan==============================================================:dongyajun
2022-05-06 15:45:18.598 ERROR 138396 --- [ taskExecutor-1] .a.i.SimpleAsyncUncaughtExceptionHandler : Unexpected error occurred invoking async method 'public void com.zw.admin.server.service.impl.InteractiveRemindInfoServiceImpl.test(java.lang.String)'.
org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated
at org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:148)
at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at com.zw.admin.server.utils.UserUtil.getCurrentUser(UserUtil.java:16)
at com.zw.admin.server.service.impl.InteractiveRemindInfoServiceImpl.test(InteractiveRemindInfoServiceImpl.java:151)
at com.zw.admin.server.service.impl.InteractiveRemindInfoServiceImpl$$FastClassBySpringCGLIB$$f725c8d.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.aop.interceptor.AsyncExecutionInterceptor$1.call(AsyncExecutionInterceptor.java:115)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalStateException: getAttribute: Session already invalidated
at org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1179)
at org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:103)
at org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:146)
... 14 more
所以在系统刚开始上线时,功能调用正常同时已经登录用户的session也未失效。在上线当天及第二天为出现Session获取异常等问题。
解决方案:
本次问题,通过传入调用用户username进行解决的,或者是取消UserUtil.getCurrentUser().getUsername()方法的使用,可以通过具体业务需求进行选择。