个人中心
文章发布
退出
作者热门文章
- iOS/Objective-C 元类和类别
- objective-c - -1001 错误,当 NSURLSession 通过 httpproxy 和/etc/hosts
- java - 使用网络类获取 url 地址
- ios - 推送通知中不播放声音
25
4
我正在尝试使用带有自定义 AuthenticationProvider 的 spring security 实现表单登录。
我正在使用: Spring - 4.1.1.RELEASE Spring 安全 - 3.2.5.RELEASE Tomcat 7
安全上下文.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- <http create-session="stateless" authentication-manager-ref="authenticationManager"
entry-point-ref="reportsAuthenticationEntryPoint" disable-url-rewriting="true"
use-expressions="true" pattern="/report/**"> <intercept-url pattern="/report/**"
/> </http> -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/reports/**" access="isAuthenticated()" />
</http>
<beans:bean id="reportsAuthenticationEntryPoint" class="com.test.reporting.web.security.ReportsAuthenticationEntryPoint" />
<beans:bean id="reportsAuthenticationProvider" class="com.test.reporting.web.security.ReportsAuthenticationProvider" />
<authentication-manager erase-credentials="true" alias="authenticationManager">
<authentication-provider ref="reportsAuthenticationProvider" />
</authentication-manager>
</beans:beans>
我正在实现我的自定义 AuthenticationProvider:
public class ReportsAuthenticationProvider implements AuthenticationProvider
{
private static final Logger logger = LoggerFactory.getLogger(ReportsAuthenticationProvider.class);
@Inject
private ProviderDao providerDao;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
String providerName = (String) authentication.getName();
String password = (String) authentication.getCredentials();
Provider provider = providerDao.findByProviderName(providerName);
if (provider == null)
{
logger.error("authenticate() - unknown provider name " + providerName);
throw new BadCredentialsException("invalid provider");
}
else
{
if (StringUtils.isEmpty(password))
{
logger.error("authenticate() - no password provider for provider " + providerName);
throw new InsufficientAuthenticationException("No password for user");
}
else
{
if (password.equals(provider.getPassword()))
{
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(providerName, password);
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
return authenticationToken;
}
else
{
logger.error("authenticate() - invalid password for provider " + providerName + " [" + password + "]");
throw new BadCredentialsException("invalid credentials");
}
}
}
}
@Override
public boolean supports(Class<?> authentication)
{
return UsernamePasswordAuthenticationToken.class.equals(authentication);
}
}
自定义 AuthenticationEntryPoint 实现:
public class ReportsAuthenticationEntryPoint implements AuthenticationEntryPoint
{
private static final Logger logger = LoggerFactory.getLogger(ReportsAuthenticationEntryPoint.class);
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException
{
logger.error("commence() - authentication failed due to: " + authException.getMessage(), authException);
if (logger.isDebugEnabled())
{
logger.debug("commence() - authentication failed", authException);
}
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
}
出于某种原因,当我转到我的页面时: http://localhost:8080/reporting-ui/reports/view/sport
我被重定向到 http://localhost:8080/reporting-ui/spring_security_login;jsessionid=74C6120F66A978DF57A4EB764DE3B313
然后我得到了 spring 的默认登录表单,我输入了我的凭据,它在我的自定义 AuthenticationProvider 处停止并且运行良好,但由于某种原因在服务器上仅再次调用方法 authenticate 但这次使用空白密码(身份验证.getCredentials()) 失败。
这是日志:
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [HttpSessionRequestCache] - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/reporting-ui/reports/view/sport]
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [ExceptionTranslationFilter] - Calling Authentication entry point.
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/spring_security_login;jsessionid=48A25BDE619D1C801136C134C9CFAFBB'
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - HttpSession returned null object for SPRING_SECURITY_CONTEXT
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fd0bd. A new one will be created.
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,082 DEBUG [FilterChainProxy] - /j_spring_security_check at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [HttpSessionSecurityContextRepository] - HttpSession returned null object for SPRING_SECURITY_CONTEXT
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fd0bd. A new one will be created.
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [UsernamePasswordAuthenticationFilter] - Request is to process authentication
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,084 DEBUG [ProviderManager] - Authentication attempt using com.test.reporting.web.security.ReportsAuthenticationProvider
coll[http-bio-8080-exec-7] 2015-03-16 12:20:47,965 DEBUG [SharedEntityManagerCreator$SharedEntityManagerInvocationHandler] - Creating new EntityManager for shared EntityManager invocation
Hibernate: select provider0_.id as id1_0_, provider0_.application_provider_id as applicat2_0_, provider0_.domain as domain3_0_, provider0_.ga_profile_id as ga_profi4_0_, provider0_.logo_url as logo_url5_0_, provider0_.name as name6_0_, provider0_.password as password7_0_, provider0_.start_date as start_da8_0_ from providers provider0_ where provider0_.name=?
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [EntityManagerFactoryUtils] - Closing JPA EntityManager
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [CompositeSessionAuthenticationStrategy] - Delegating to org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy@468a28b0
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [SessionFixationProtectionStrategy] - Invalidating session with Id '48A25BDE619D1C801136C134C9CFAFBB' and migrating attributes.
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SessionFixationProtectionStrategy] - Started new session: C312B1A7F928D7995C55DA0882EB0A37
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [UsernamePasswordAuthenticationFilter] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SavedRequestAwareAuthenticationSuccessHandler] - Redirecting to DefaultSavedRequest Url: http://localhost:8080/reporting-ui/reports/view/sport
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/reports/view/sport'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@fffc1f62: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [FilterChainProxy] - /reports/view/sport at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [HttpSessionSecurityContextRepository] - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@fffc1f62: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [FilterChainProxy] - /reports/view/sport at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - pathInfo: both null (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - queryString: both null (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - requestURI: arg1=/reporting-ui/reports/view/sport; arg2=/reporting-ui/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - serverPort: arg1=8080; arg2=8080 (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - requestURL: arg1=http://localhost:8080/reporting-ui/reports/view/sport; arg2=http://localhost:8080/reporting-ui/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - scheme: arg1=http; arg2=http (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - serverName: arg1=localhost; arg2=localhost (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - contextPath: arg1=/reporting-ui; arg2=/reporting-ui (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - servletPath: arg1=/reports/view/sport; arg2=/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [HttpSessionRequestCache] - Removing DefaultSavedRequest from session if present
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [AnonymousAuthenticationFilter] - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [AntPathRequestMatcher] - Checking match of request : '/reports/view/sport'; against '/reports/**'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterSecurityInterceptor] - Secure object: FilterInvocation: URL: /reports/view/sport; Attributes: [ROLE_REPORT]
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [ProviderManager] - Authentication attempt using com.test.reporting.web.security.ReportsAuthenticationProvider
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,365 DEBUG [SharedEntityManagerCreator$SharedEntityManagerInvocationHandler] - Creating new EntityManager for shared EntityManager invocation
Hibernate: select provider0_.id as id1_0_, provider0_.application_provider_id as applicat2_0_, provider0_.domain as domain3_0_, provider0_.ga_profile_id as ga_profi4_0_, provider0_.logo_url as logo_url5_0_, provider0_.name as name6_0_, provider0_.password as password7_0_, provider0_.start_date as start_da8_0_ from providers provider0_ where provider0_.name=?
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,450 DEBUG [EntityManagerFactoryUtils] - Closing JPA EntityManager
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,450 ERROR [ReportsAuthenticationProvider] - authenticate() - no password provider for provider sport
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [DefaultAuthenticationEventPublisher] - No event was found for the exception org.springframework.security.authentication.InsufficientAuthenticationException
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [ExceptionTranslationFilter] - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.authentication.InsufficientAuthenticationException: No password for user
at com.test.reporting.web.security.ReportsAuthenticationProvider.authenticate(ReportsAuthenticationProvider.java:50)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:316)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:202)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:155)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [HttpSessionRequestCache] - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/reporting-ui/reports/view/sport]
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [ExceptionTranslationFilter] - Calling Authentication entry point.
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/spring_security_login'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [HttpSessionSecurityContextRepository] - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
您是否知道导致错误行为的原因?
谢谢
最佳答案
通过添加角色使您的身份验证受信任:
if (password.equals(provider.getPassword()))
{
Collection<? extends GrantedAuthority> authorities = Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"));
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(providerName, password, authorities);
return authenticationToken;
}
通过使用 3 参数构造函数,isAuthenticated() 将返回 true。
关于java - spring security 自定义 AuthenticationProvider 被调用两次并失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29073834/
25
4
0
为了让我的代码几乎完全用 Jquery 编写,我想用 Jquery 重写 AJAX 调用。 这是从网页到 Tomcat servlet 的调用。 我目前情况的类似代码: var http = new
我想使用 JNI 从 Java 调用 C 函数。在 C 函数中,我想创建一个 JVM 并调用一些 Java 对象。当我尝试创建 JVM 时,JNI_CreateJavaVM 返回 -1。 所以,我想知
环顾四周,我发现从 HTML 调用 Javascript 函数的最佳方法是将函数本身放在 HTML 中,而不是外部 Javascript 文件。所以我一直在网上四处寻找,找到了一些简短的教程,我可以根
我有这个组件: import {Component} from 'angular2/core'; import {UserServices} from '../services/UserService
我正在尝试用 C 实现一个简单的 OpenSSL 客户端/服务器模型,并且对 BIO_* 调用的使用感到好奇,与原始 SSL_* 调用相比,它允许一些不错的功能。 我对此比较陌生,所以我可能会完全错误
我正在处理有关异步调用的难题: 一个 JQuery 函数在用户点击时执行,然后调用一个 php 文件来检查用户输入是否与数据库中已有的信息重叠。如果是这样,则应提示用户确认是否要继续或取消,如果他单击
我有以下类(class)。 public Task { public static Task getInstance(String taskName) { return new
嘿,我正在构建一个小游戏,我正在通过制作一个数字 vector 来创建关卡,该数字 vector 通过枚举与 1-4 种颜色相关联。问题是循环(在 Simon::loadChallenge 中)我将颜
我有一个java spring boot api(数据接收器),客户端调用它来保存一些数据。一旦我完成了数据的持久化,我想进行另一个 api 调用(应该处理持久化的数据 - 数据聚合器),它应该自行异
首先,这涉及桌面应用程序而不是 ASP .Net 应用程序。 我已经为我的项目添加了一个 Web 引用,并构建了各种数据对象,例如 PayerInfo、Address 和 CreditCard。但问题
我如何告诉 FAKE 编译 .fs文件使用 fsc ? 解释如何传递参数的奖励积分,如 -a和 -target:dll . 编辑:我应该澄清一下,我正在尝试在没有 MSBuild/xbuild/.sl
我使用下划线模板配置了一个简单的主干模型和 View 。两个单独的 API 使用完全相同的配置。 API 1 按预期工作。 要重现该问题,请注释掉 API 1 的 URL,并取消注释 API 2 的
我不确定什么是更好的做法或更现实的做法。我希望从头开始创建目录系统,但不确定最佳方法是什么。 我想我在需要显示信息时使用对象,例如 info.php?id=100。有这样的代码用于显示 Game.cl
from datetime import timedelta class A: def __abs__(self): return -self class B1(A):
我在操作此生命游戏示例代码中的数组时遇到问题。 情况: “生命游戏”是约翰·康威发明的一种细胞自动化技术。它由一个细胞网格组成,这些细胞可以根据数学规则生存/死亡/繁殖。该网格中的活细胞和死细胞通过
如果我像这样调用 read() 来读取文件: unsigned char buf[512]; memset(buf, 0, sizeof(unsigned char) * 512); int fd;
我用 C 编写了一个简单的服务器,并希望调用它的功能与调用其他 C 守护程序的功能相同(例如使用 ./ftpd start 调用它并使用 ./ftpd stop 关闭该实例)。显然我遇到的问题是我不知
在 dos 中,当我粘贴此命令时它会起作用: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://google.
在 dos 中,当我粘贴此命令时它会起作用: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://google.
我希望能够从 cmd 在我的 Windows 10 计算机上调用 python3。 我已重新安装 Python3.7 以确保选择“添加到路径”选项,但仍无法调用 python3 并使 CMD 启动 P
我是一名优秀的程序员,十分优秀!