gpt4 book ai didi

java - 身份验证成功后,spring security HttpSession 为 null

转载 作者:太空宇宙 更新时间:2023-11-04 06:28:56 27 4
gpt4 key购买 nike

我正在使用 spring security 3.0.5.RELEASE。身份验证成功后,用户未经过身份验证,而是在日志中显示此消息

16/10/2014 00:08:17 [http-bio-8080-exec-5] (AbstractAuthenticationProcessingFilter.java:289) DEBUG - Authentication success...

16/10/2014 00:08:17 [http-bio-8080-exec-5] (HttpSessionSecurityContextRepository.java:360) DEBUG - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@57920877: ... 16/10/2014 00:08:17 [http-bio-8080-exec-5] (SecurityContextPersistenceFilter.java:89) DEBUG - SecurityContextHolder now cleared, as request processing completed...

16/10/2014 00:08:18 [http-bio-8080-exec-6] (HttpSessionSecurityContextRepository.java:130) DEBUG - No HttpSession currently exists 16/10/2014 00:08:18 [http-bio-8080-exec-6] (HttpSessionSecurityContextRepository.java:88) DEBUG - No SecurityContext was available from the HttpSession: null. A new one will be created.

这是我的 session web.xml:

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

安全.xml

<security:http auto-config="true" use-expressions="true" access-denied-page="/denied.htm">
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/user/login" access="permitAll" />
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<security:form-login login-page="/user/login.htm" authentication-failure-url="/user/login.htm?error=true" default-target-url="/" />
<security:logout invalidate-session="true" logout-success-url="/index.htm" logout-url="/logout.htm" />

<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>

<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the
database -->
<bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder" />

<bean id="userDaoService" class="com.example.dao.jdbc.JdbcUserDao">
<property name="dataSource" ref="dataSource" />
</bean>

<bean id="userDetailsService" class="com.cercle.core.services.impl.UserServiceImpl">
</bean>

<bean id="userDetails" class="com.example.model.User">
</bean>

最佳答案

我发现了问题。 Springconf没问题,但是我的tomcat在apache2后面运行,我忘记通知apache2保存cookie(使用命令ProxyPassReverseCookiePath)

关于java - 身份验证成功后,spring security HttpSession 为 null,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26393864/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com