当前位置: 首页 > ai >正文

ThreadLocal线程本地变量在dubbo服务使用时候遇到的一个坑

ai 2025/8/14 17:09:14

我昨天遇到一个问题,就是我springboot项目里面有一个提供代办服务审核的dubbo接口,这个接口给房源项目调用,但是碰到一个问题就是,房源项目每天凌晨5点会查询满足条件过期的数据,然后调用我这边的代办审核dubbo接口,将这个代办任务变成自动拒绝

@Override
@Transactional
public WorkListDataResult auditWorkList(WorkListAuditCmd workListAuditCmd, WorkListLoginUserVo loginUserVo) {log.info("auditWorkList WorkListAuditCmd={},WorkListLoginUserVo={}", JSON.toJSONString(workListAuditCmd), JSON.toJSONString(loginUserVo));LoginUserUtil.setCurrentUser(loginUserVo);WorkListAuditAdapterCmd workListAuditAdapterCmd = AutoMapper.transform(WorkListAuditAdapterCmd.class, workListAuditCmd);workListAuditAdapterCmd.setAuditComments(AuditStatusEnum.PASS.getCode().equals(workListAuditCmd.getAuditStatus()) || AuditStatusEnum.PENDING_REEVALUATION.getCode().equals(workListAuditCmd.getAuditStatus()) ? "系统通过" : "系统拒绝");workListAuditAdapterCmd.setExtAuditComments(workListAuditAdapterCmd.getAuditComments());auditWorkListInternal(workListAuditAdapterCmd);WorkListAuditReq workListAuditReq = AutoMapper.transform(WorkListAuditReq.class, workListAuditCmd);Boolean needCallback = workListAuditAdapterCmd.getNeedCallback();if (needCallback != null && needCallback) {//如果dubbo接口里面参数需要回调则回调// 注册事务同步器,在事务提交后执行异步任务TransactionSynchronizationManager.registerSynchronization(new TransactionSynchronizationAdapter() {@Overridepublic void afterCommit() {// 确保数据提交后执行异步任务CompletableFuture.runAsync(() -> pushAuditResultToBusiness(workListAuditReq), threadPoolExecutor);}});}return new WorkListDataResult();
}

这个定时任务调用这个rpc接口时候,第二个参数WorkListLoginUserVo是传的null,这里到后面审核的时候会根据这个 LoginUserUtil.getCurrentUser 判断不为空,就不会进入权限校验的逻辑

protected void auditMultiProcessWorkTaskInternal(WorkListAuditAdapterCmd workListAuditAdapterCmd) {log.info("auditMultiProcessWorkTaskInternal WorkListAuditAdapterCmd={}",JSON.toJSONString(workListAuditAdapterCmd));//校验是否有审核的WorkListRespVo workListInfo = workListQueryService.getWorkListInfoByKeyId(workListAuditAdapterCmd.getWorkListKeyId());setAuditInfo(workListAuditAdapterCmd);Integer auditStatus = workListInfo.getAuditStatus();LoginUser currentUser = Identify.getCurrentUser();if(AuditStatusEnum.PENDING_REVIEW.getCode().equals(auditStatus)){workListAuditAdapterCmd.setFirstAuditDeptKeyId(currentUser == null ? workListAuditAdapterCmd.getAuditDeptKeyId() : currentUser.getDepartmentKeyId());workListAuditAdapterCmd.setFirstAuditUserKeyId(currentUser == null ? workListAuditAdapterCmd.getAuditUserKeyId() : currentUser.getUserKeyId());workListAuditAdapterCmd.setAuditStatus(AuditStatusEnum.PASS.getCode().equals(workListAuditAdapterCmd.getAuditStatus()) || AuditStatusEnum.PENDING_REEVALUATION.getCode().equals(workListAuditAdapterCmd.getAuditStatus()) ? AuditStatusEnum.PENDING_REEVALUATION.getCode() : AuditStatusEnum.REFUSE.getCode());workListAuditAdapterCmd.setFirstAuditTime(LocalDateTime.now());}else {workListAuditAdapterCmd.setSecondAuditUserKeyId(currentUser == null ? workListAuditAdapterCmd.getAuditUserKeyId() : currentUser.getUserKeyId());workListAuditAdapterCmd.setSecondAuditDeptKeyId(currentUser == null ? workListAuditAdapterCmd.getAuditDeptKeyId() : currentUser.getDepartmentKeyId());workListAuditAdapterCmd.setSecondAuditTime(LocalDateTime.now());workListAuditAdapterCmd.setFirstAuditTime(null);workListAuditAdapterCmd.setFirstAuditDeptKeyId(null);workListAuditAdapterCmd.setFirstAuditUserKeyId(null);}log.info("auditMultiProcessWorkTaskInternal WorkListAuditAdapterCmd={},WorkListRespVo={}",JSON.toJSONString(workListAuditAdapterCmd),JSON.toJSONString(workListInfo));// 获取权限代码setPermissionCode(workListAuditAdapterCmd, workListInfo);//校验是否有审核权限,排除房源定时Job调用的情况if(currentUser != null && StringUtils.isNotBlank(currentUser.getUserKeyId()) && StringUtils.isNotBlank(currentUser.getRoleKeyId())){checkAuditPermission(currentUser,workListAuditAdapterCmd,workListInfo);}//更新代办任务数据updateWorkList(workListAuditAdapterCmd);
}

生产上面却发现了一个问题,就是有一定概率会有些数据进行了权限校验,也就是currentUser不为空了,后面跟踪房源那边代码才发现,那边调用这个审核的dubbo接口,会调用另外一个查询的rpc接口,

public WorkListDataResult<List<WorkListRespDto>> getWorkListStatusByCondion(WorkListStatusReq req, WorkListLoginUserVo loginUserVo) {log.info("getWorkListStatusByCondion WorkListStatusReq={},WorkListLoginUserVo={}", JSON.toJSONString(req), JSON.toJSONString(loginUserVo));LoginUserUtil.setCurrentUser(loginUserVo);WorkListDataResult<List<WorkListRespDto>> result = new WorkListDataResult<>();if (StringUtils.isBlank(req.getApplyType())) {result.setFlag(false);result.setErrorMessage("待办类型不能为空!");return result;}if (StringUtils.isBlank(req.getPropertyKeyId())) {result.setFlag(false);result.setErrorMessage("房源ID不能为空!");return result;}List<WorkListRespDto> listResps = new ArrayList<>();List<UserByIdOrNumberRpcDto> userList = new ArrayList<>();//用于存放用户ID的集合List<String> userKeyIdList = new ArrayList<>();List<DepartmentByIdOrNoRpcDto> deptList = new ArrayList<>();//用于存放部门ID的集合List<String> deptIdList = new ArrayList<>();//将空值置为nullSpringBeanUtil.convertEmptyToNull(req);WorkListSearchVo workListSearchVo = AutoMapper.transform(WorkListSearchVo.class, req);log.info("getWorkListStatusByCondion WorkListSearchVo={}", JSON.toJSONString(workListSearchVo));List<WorkListRespVo> list = workListQueryService.getWorkListStatusByCondion(workListSearchVo);log.info("getWorkListStatusByCondion list.total=" + list.size());if (list != null && list.size() > 0) {for (WorkListRespVo viewResp : list) {if (viewResp != null) {//设置userId和deptId集合setDeptOrUserList(viewResp, userKeyIdList, deptIdList);}}if (userKeyIdList != null && userKeyIdList.size() > 0) {//批量查询用户信息userList = userAndDeptDubboService.queryUserByIdOrNumber(userKeyIdList);log.info("getWorkListStatusByCondion userList={}", userList.toString());}if (deptIdList != null && deptIdList.size() > 0) {//批量查询部门信息deptList = userAndDeptDubboService.queryByKeyIdOrNo(deptIdList);log.info("getWorkListStatusByCondion deptList={}", deptList.toString());}for (WorkListRespVo viewResp : list) {//设置枚举描述setWorkListVoDesc(viewResp);//设置待办对象用户和部门信息setWorkListRespVoDeptOrUser(viewResp, userList, deptList);WorkListRespDto workListRespVo = AutoMapper.transform(WorkListRespDto.class, viewResp);listResps.add(workListRespVo);}}result.setFlag(true);result.setData(listResps);return result;
}

这个查询的接口也进行了LoginUserUtil.setCurrentUser(loginUserVo),这段代码会放到ThreadLocal 的线程本地变量里面

而整个这个查询和审核的接口都没有进行这个ThreadLocal线程变量的清除,因为dubbo提供的rpc接口,本质上是使用了线程池技术,会复用一些线程,比如说19号先执行了这个查询代办任务的rpc接口,这个时候设置了currentUser,然后后面调用这个代办审核的接口时候,又刚好拿到了这个19号线程,这个时候通过getCuurentUser拿到的用户就不为空,然后就进入了权限校验的逻辑,解决办法通过自定义dubbo的过滤器,在过滤器里面完成资源的清除

http://www.xdnf.cn/news/8066.html

相关文章:

  • Docker Compose`down`和`stop`命令的区别
  • 【RocketMQ 生产者和消费者】- 生产者启动源码-上报生产者和消费者心跳信息到 broker(3)
  • Modelsim的入门使用和Verilog编写
  • 【电流探头】LOTO电流探头线性度测量
  • Docker-mongodb
  • JavaWeb Web基础
  • 零碳办会新范式!第十届国际贸易发展论坛——生物能源和可持续发展专场,在京举办
  • 前端性能优化方案
  • 亚马逊英国站海关新规深度解读与合规指南
  • 中级统计师-统计学基础知识-第六章 回归分析
  • 快速部起一个Openwhisk平台,使用telego k8s服务部署能力内网部署
  • 中小制造企业网络安全防护指南
  • Linux Docker下安装tomcat
  • Spring3+Vue3项目中的知识点——跨域与解决方案
  • Gartner《如果有效评估Generative AI项目的投资回报》学习心得
  • DeepSeek快速搭建个人网页
  • vue3基本介绍
  • 220V转1.25V-12V输出电路Multisim仿真
  • 【设计模式】责任链+模板+工程模式使用模板
  • indicator-sysmonitor 在Ubuntu 右上角实时显示CPU/MEM/NET的利用率
  • C#对集合进行分组IGroupingout TKey, out TElement>
  • 01. Qt介绍及Qt开发环境搭建(2025.05最新官网下载方式)
  • C++初阶-list的使用2
  • AI编程: OpenAI Codex vs Google Jules vs GitHub Copilot++
  • 5G 核心网切换机制全解析:XN、N2 与移动性注册对比
  • 初步尝试AI应用开发平台——Dify的本地部署和应用开发
  • 精益数据分析(77/126):问题-解决方案画布——创业团队的周度聚焦与迭代利器
  • GuzzleHttp和DomCrawler的具体用途?
  • HJ33 整数与IP地址间的转换【牛客网】
  • Flutter生物识别认证之Flutter指纹认证Flutter人脸认证