个人中心
文章发布
退出
作者热门文章
- iOS/Objective-C 元类和类别
- objective-c - -1001 错误,当 NSURLSession 通过 httpproxy 和/etc/hosts
- java - 使用网络类获取 url 地址
- ios - 推送通知中不播放声音
25
4
我正在尝试使用带有自定义 AuthenticationProvider 的 spring security 实现表单登录。
我正在使用: Spring - 4.1.1.RELEASE Spring 安全 - 3.2.5.RELEASE Tomcat 7
安全上下文.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- <http create-session="stateless" authentication-manager-ref="authenticationManager"
entry-point-ref="reportsAuthenticationEntryPoint" disable-url-rewriting="true"
use-expressions="true" pattern="/report/**"> <intercept-url pattern="/report/**"
/> </http> -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/reports/**" access="isAuthenticated()" />
</http>
<beans:bean id="reportsAuthenticationEntryPoint" class="com.test.reporting.web.security.ReportsAuthenticationEntryPoint" />
<beans:bean id="reportsAuthenticationProvider" class="com.test.reporting.web.security.ReportsAuthenticationProvider" />
<authentication-manager erase-credentials="true" alias="authenticationManager">
<authentication-provider ref="reportsAuthenticationProvider" />
</authentication-manager>
</beans:beans>
我正在实现我的自定义 AuthenticationProvider:
public class ReportsAuthenticationProvider implements AuthenticationProvider
{
private static final Logger logger = LoggerFactory.getLogger(ReportsAuthenticationProvider.class);
@Inject
private ProviderDao providerDao;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
String providerName = (String) authentication.getName();
String password = (String) authentication.getCredentials();
Provider provider = providerDao.findByProviderName(providerName);
if (provider == null)
{
logger.error("authenticate() - unknown provider name " + providerName);
throw new BadCredentialsException("invalid provider");
}
else
{
if (StringUtils.isEmpty(password))
{
logger.error("authenticate() - no password provider for provider " + providerName);
throw new InsufficientAuthenticationException("No password for user");
}
else
{
if (password.equals(provider.getPassword()))
{
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(providerName, password);
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
return authenticationToken;
}
else
{
logger.error("authenticate() - invalid password for provider " + providerName + " [" + password + "]");
throw new BadCredentialsException("invalid credentials");
}
}
}
}
@Override
public boolean supports(Class<?> authentication)
{
return UsernamePasswordAuthenticationToken.class.equals(authentication);
}
}
自定义 AuthenticationEntryPoint 实现:
public class ReportsAuthenticationEntryPoint implements AuthenticationEntryPoint
{
private static final Logger logger = LoggerFactory.getLogger(ReportsAuthenticationEntryPoint.class);
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException
{
logger.error("commence() - authentication failed due to: " + authException.getMessage(), authException);
if (logger.isDebugEnabled())
{
logger.debug("commence() - authentication failed", authException);
}
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
}
出于某种原因,当我转到我的页面时: http://localhost:8080/reporting-ui/reports/view/sport
我被重定向到 http://localhost:8080/reporting-ui/spring_security_login;jsessionid=74C6120F66A978DF57A4EB764DE3B313
然后我得到了 spring 的默认登录表单,我输入了我的凭据,它在我的自定义 AuthenticationProvider 处停止并且运行良好,但由于某种原因在服务器上仅再次调用方法 authenticate 但这次使用空白密码(身份验证.getCredentials()) 失败。
这是日志:
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [HttpSessionRequestCache] - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/reporting-ui/reports/view/sport]
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [ExceptionTranslationFilter] - Calling Authentication entry point.
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/spring_security_login;jsessionid=48A25BDE619D1C801136C134C9CFAFBB'
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - HttpSession returned null object for SPRING_SECURITY_CONTEXT
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fd0bd. A new one will be created.
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,082 DEBUG [FilterChainProxy] - /j_spring_security_check at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [HttpSessionSecurityContextRepository] - HttpSession returned null object for SPRING_SECURITY_CONTEXT
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fd0bd. A new one will be created.
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [UsernamePasswordAuthenticationFilter] - Request is to process authentication
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,084 DEBUG [ProviderManager] - Authentication attempt using com.test.reporting.web.security.ReportsAuthenticationProvider
coll[http-bio-8080-exec-7] 2015-03-16 12:20:47,965 DEBUG [SharedEntityManagerCreator$SharedEntityManagerInvocationHandler] - Creating new EntityManager for shared EntityManager invocation
Hibernate: select provider0_.id as id1_0_, provider0_.application_provider_id as applicat2_0_, provider0_.domain as domain3_0_, provider0_.ga_profile_id as ga_profi4_0_, provider0_.logo_url as logo_url5_0_, provider0_.name as name6_0_, provider0_.password as password7_0_, provider0_.start_date as start_da8_0_ from providers provider0_ where provider0_.name=?
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [EntityManagerFactoryUtils] - Closing JPA EntityManager
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [CompositeSessionAuthenticationStrategy] - Delegating to org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy@468a28b0
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [SessionFixationProtectionStrategy] - Invalidating session with Id '48A25BDE619D1C801136C134C9CFAFBB' and migrating attributes.
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SessionFixationProtectionStrategy] - Started new session: C312B1A7F928D7995C55DA0882EB0A37
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [UsernamePasswordAuthenticationFilter] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SavedRequestAwareAuthenticationSuccessHandler] - Redirecting to DefaultSavedRequest Url: http://localhost:8080/reporting-ui/reports/view/sport
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/reports/view/sport'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@fffc1f62: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [FilterChainProxy] - /reports/view/sport at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [HttpSessionSecurityContextRepository] - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@fffc1f62: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [FilterChainProxy] - /reports/view/sport at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - pathInfo: both null (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - queryString: both null (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - requestURI: arg1=/reporting-ui/reports/view/sport; arg2=/reporting-ui/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - serverPort: arg1=8080; arg2=8080 (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - requestURL: arg1=http://localhost:8080/reporting-ui/reports/view/sport; arg2=http://localhost:8080/reporting-ui/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - scheme: arg1=http; arg2=http (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - serverName: arg1=localhost; arg2=localhost (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - contextPath: arg1=/reporting-ui; arg2=/reporting-ui (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - servletPath: arg1=/reports/view/sport; arg2=/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [HttpSessionRequestCache] - Removing DefaultSavedRequest from session if present
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [AnonymousAuthenticationFilter] - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [AntPathRequestMatcher] - Checking match of request : '/reports/view/sport'; against '/reports/**'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterSecurityInterceptor] - Secure object: FilterInvocation: URL: /reports/view/sport; Attributes: [ROLE_REPORT]
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [ProviderManager] - Authentication attempt using com.test.reporting.web.security.ReportsAuthenticationProvider
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,365 DEBUG [SharedEntityManagerCreator$SharedEntityManagerInvocationHandler] - Creating new EntityManager for shared EntityManager invocation
Hibernate: select provider0_.id as id1_0_, provider0_.application_provider_id as applicat2_0_, provider0_.domain as domain3_0_, provider0_.ga_profile_id as ga_profi4_0_, provider0_.logo_url as logo_url5_0_, provider0_.name as name6_0_, provider0_.password as password7_0_, provider0_.start_date as start_da8_0_ from providers provider0_ where provider0_.name=?
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,450 DEBUG [EntityManagerFactoryUtils] - Closing JPA EntityManager
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,450 ERROR [ReportsAuthenticationProvider] - authenticate() - no password provider for provider sport
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [DefaultAuthenticationEventPublisher] - No event was found for the exception org.springframework.security.authentication.InsufficientAuthenticationException
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [ExceptionTranslationFilter] - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.authentication.InsufficientAuthenticationException: No password for user
at com.test.reporting.web.security.ReportsAuthenticationProvider.authenticate(ReportsAuthenticationProvider.java:50)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:316)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:202)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:155)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [HttpSessionRequestCache] - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/reporting-ui/reports/view/sport]
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [ExceptionTranslationFilter] - Calling Authentication entry point.
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/spring_security_login'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [HttpSessionSecurityContextRepository] - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
您是否知道导致错误行为的原因?
谢谢
最佳答案
通过添加角色使您的身份验证受信任:
if (password.equals(provider.getPassword()))
{
Collection<? extends GrantedAuthority> authorities = Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"));
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(providerName, password, authorities);
return authenticationToken;
}
通过使用 3 参数构造函数,isAuthenticated() 将返回 true。
关于java - spring security 自定义 AuthenticationProvider 被调用两次并失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29073834/
25
4
0
我在使用以下代码时遇到问题: function http_file_exists($url){ $f=fopen($url,"r"); if($f){ fclose($f); retu
我已经通过 Git 部署到 Azure 几个月了,没有出现重大问题,但现在我似乎遇到了一个无法克服的错误。 我创建了一个新的 Azure 网站,为正在开发的项目创建单独的预览链接。我在新站点上设置了
我已经通过flutter创建了一个App并完成了它,我想在flutter文档中阅读时进行部署。 我收到此错误: FAILURE: Build failed with an exception. * W
我在Windows 10中使用一些简单的Powershell代码遇到了这个奇怪的问题,我认为这可能是我做错了,但我不是Powershell的天才。 我有这个: $ix = [System.Net.Dn
我正在尝试使用 RapidJSON 解析从服务器接收到的数据。以下是收到的确切字符串: [ { "Node": "9478149a08f9", "Address": "172.17
我尝试为 ios 编译 OpenCV。我总是收到这些错误。我用不同版本的opencv试了一下,结果都是一样的。 我运行这个:python 平台/ios/build_framework.py ios_o
我在一台机器上做基本的发布/订阅,我的客户端是 StackExchange-Redis 的 C# 客户端,我在同一台机器上运行基于 Windows 的 Redis 服务器(服务器版本 2.8.4) 当
我有这段代码,但无法执行,请帮我解决这个问题 连接 connect_error) { die ("connection failed: " . $terhubung->connect_erro
我在 tomcat 上运行并由 maven 编译的 Web 应用程序给出了以下警告和错误。我可以在本地存储库中看到所有 JAR,但有人可以帮忙吗。 WARNING: Failed to scan JA
我正在 Windows 8 上使用 Android Studio 开发一个 android 应用程序,我正在使用一些 native 代码。突然间我无法编译我的 C 文件。当我运行 ndk-build
下面的代码对类和结构的成员进行序列化和反序列化。序列化工作正常,但我在尝试使用 oarch >> BOOST_SERIALIZATION_NVP(outObj); 反序列化时遇到了以下错误; 代码中是
如果我运行此命令“rspec ./spec/requests/api/v1/password_reset_request_spec.rb”,此文件中的所有测试都会通过。 但是,当我运行“rspec”时
我在尝试执行测试以使用 Protractor 上传文件时出错,我的代码是这个 it('it should be possible to upload a file', function() {
System.loadLibrary("nativefaceswap"); 当我运行我的应用程序时,我在 Android Studio 中发现了此类错误。在logcat中显示: java.lang.U
我希望有人能帮助我!使用任何方法或命令行的任何 SSL/HTTPS 调用均无效。 我在 Windows 10 中使用 Ubuntu Server 18.04 作为子系统。我的问题是昨天才开始出现的,因
通过删除这两个值将日期字段从 null=True 和 Blank=True 更改为 required 时,使用 db.alter 命令时遇到问题。 当以下行被注释掉时,迁移运行不会出现问题。
我第一次使用 Heroku 尝试创建应用程序(使用 SendGrid 的 Inbound Parse Webhook"和 Twilio SMS 通过电子邮件发送和接收 SMS 消息)。通过 Virtu
我正在将我的 swift 项目更新到 Xcode 7 上的 Swift 2.0。xcode 在构建项目时报告了以下错误: 命令/Applications/Xcode.app/Contents/Deve
在我的代码中,SSL 库函数 SSL_library_init() 没有按预期返回 1。我如何才能看到它返回了什么错误? 我在 SSL_library_init() 之后调用了 SSL_load_er
我正在尝试运行在以下链接中找到的答案: Asynchronously Load the Contents of a Div 但是当我这样做时,我会遇到我不太理解的错误。 我的代码: $(documen
我是一名优秀的程序员,十分优秀!