个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
28
4
我有 webapp,它实现了 Java 安全来区分用户和管理员。在前端,我使用 Wicket 为我的页面实现不同的操作和 View 。整个登录系统运行良好,除了一件事。如果我将我的应用程序部署到远程 Tomcat(与本地环境中的版本相同)并尝试使用相同的用户名/密码组合照常登录,spring security 将重定向到我的登录页面。我尝试检查日志,正如我所观察到的,在远程 Tomcat 端我的身份验证方法工作正常,Spring 成功识别了我的凭据,并以适当的权限授权我作为“ROLE_USER”,但不知何故 session ID 或对象,或者某些东西丢失了,Spring 创建了一个具有匿名权限的新的,然后重定向回登录。正如我所注意到的,当我请求提交表单时,本地主机中的 JSessionID 是相同的,然后是/user/home 页面,并且在远程中,两个请求的 ID 是不同的。这是否意味着 Tomcat 或 Apache 不支持某些 Spring 安全功能,或者我在我的应用程序中遗漏了一些配置标签?
更新
在我认识到的谷歌开发者控制台中,首先在表单提交后将请求发送到服务器。应用程序成功验证了用户,发送回一个带有 http 302 状态代码的 JSessionID cookie。此后,浏览器向正确的/user/home url 发送了一个 GET 请求,但 header 中没有任何 cookie,这就是 spring security 创建一个新请求并发送回/login 页面的原因?
解决方案
问题出在域请求转发上。我的域例如。 test.com 将我的请求转发到 test.com/myapp,然后它使用正确的 cookie 发送回响应,但路径为:“/myapp”。然后浏览器无法识别请求的 URL,并且不会将其发送回服务器。 Spring Security没有找到合适的JSessionID,然后创建了一个新的,无法从SecurityContextHolder获取。Zildyan 的回答是解决问题的最佳方法,所以我会接受。
我的 Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<display-name>GAReporter</display-name>
<session-config>
<session-timeout>5000</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml,/WEB-INF/spring-security.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<filter-name>wicket.wicket-spring</filter-name>
<filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
<init-param>
<param-name>applicationClassName</param-name>
<param-value>com.carusselgroup.application.GAApplication</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>wicket.wicket-spring</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
</web-app>
Spring 安全
<?xml version="1.0" encoding="windows-1252"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xml
ns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd">
<http auto-config="true" use-expressions="true" create-session="ifRequired">
<access-denied-handler error-page="/403" />
<form-login login-page="/login" log
in-processing-url="/j_spring_security_check" />
<intercept-url pattern="/user**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<csrf disabled="true" />
</ht
tp>
<authentication-manager alias="
authenticationManager ">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT username,password ,user_role.enabled
FROM public.user
INNER JOIN user_role
ON public.user.user_id=user_role.user_id
where public.user.username=?"
authorities-by-username-query="SELECT username,user_role.role
FROM public.user
INNER JOIN user_role
ON public.user.user_id=user_role.user_id
where public.user.username=?" />
</authentication-provider>
</authentication-manager>
</beans:beans>
登录页面.java:
public class LoginPage extends WebPage
{
private static final long serialVersionUID = 6820791987770181938L;
private String username;
private String password;
private static final Logger logger = LoggerFactory.getLogger(HomePage.class);
@Override
protected void onInitialize()
{
super.onInitialize();
FeedbackPanel fbPanel = new FeedbackPanel("feedback");
add(fbPanel);
StatelessForm<Void> form = new StatelessForm<Void>("form")
{
private static final long serialVersionUID = -8390180201075042069L;
@Override
protected void onSubmit()
{
SpringWicketWebSession session = SpringWicketWebSession.getSpringWicketWebSession();
logger.info("Trying to login with: " + username + "\\" + password);
if (session.signIn(username, password))
{
logger.info("Login username/password authentication success: " + username + "\\" + password);
setResponsePage(HomePage.class);
} else
{
logger.info("Login username/password authentication failed: " + username + "\\" + password);
error("Sign in failed, Incorrect username or password");
}
}
};
form.setDefaultModel(new CompoundPropertyModel(this));
form.add(new TextField<String>("username").setRequired(true));
form.add(new PasswordTextField("password").setRequired(true));
add(form);
}
}
AuthenticatedWebSession 类:
public class SpringWicketWebSession extends AuthenticatedWebSession
{
private static final long serialVersionUID = 779910029564267643L;
private static final Logger logger = Logger.getLogger(SpringWicketWebSession.class);
@SpringBean(name = "authenticationManager")
private AuthenticationManager authenticationManager;
private HttpSession httpSession;
Authentication authentication = null;
public SpringWicketWebSession(Request request)
{
super(request);
Injector.get().inject(this);
ensureDependenciesNotNull();
}
public static SpringWicketWebSession getSpringWicketWebSession()
{
return (SpringWicketWebSession) Session.get();
}
private void ensureDependenciesNotNull()
{
if (authenticationManager == null)
{
throw new IllegalStateException("Requires an authentication");
}
}
@Override
public boolean authenticate(String username, String password)
{
logger.info("authentication starting...");
boolean authenticated = false;
try
{
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
SecurityContextHolder.getContext().setAuthentication(authentication);
authenticated = authentication.isAuthenticated();
} catch (AuthenticationException e)
{
logger.error("Authentication failed with");
logger.error("Exception: " + e);
authenticated = false;
}
return authenticated;
}
@Override
public Roles getRoles()
{
Roles roles = new Roles();
getRolesIfSignedIn(roles);
return roles;
}
private void getRolesIfSignedIn(Roles roles)
{
if (isSignedIn())
{
addRolesFromAuthentication(roles, authentication);
}
}
private void addRolesFromAuthentication(Roles roles, Authentication authentication)
{
for (GrantedAuthority authority : authentication.getAuthorities())
{
roles.add(authority.getAuthority());
}
}
}
和 tomcat-spring 日志:
2016-10-20 15:45:38,352 9380 [http-nio-10467-exec-3] INFO com.carusselgroup.page.HomePage - Trying to login with: test\test
2016-10-20 15:45:38,352 9380 [http-nio-10467-exec-3] INFO c.c.config.SpringWicketWebSession - authentication starting...
2016-10-20 15:45:38,352 9380 [http-nio-10467-exec-3] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
2016-10-20 15:45:38,352 9380 [http-nio-10467-exec-3] DEBUG o.s.s.a.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2016-10-20 15:45:38,358 9386 [http-nio-10467-exec-3] DEBUG o.s.jdbc.core.JdbcTemplate - Executing prepared SQL query
2016-10-20 15:45:38,359 9387 [http-nio-10467-exec-3] DEBUG o.s.jdbc.core.JdbcTemplate - Executing prepared SQL statement [SELECT username,password ,user_role.enabled FROM public.user INNER JOIN user_role ON public.user.user_id=user_role.user_id where public.user.username=?]
2016-10-20 15:45:38,360 9388 [http-nio-10467-exec-3] DEBUG o.s.jdbc.datasource.DataSourceUtils - Fetching JDBC Connection from DataSource
2016-10-20 15:45:38,360 9388 [http-nio-10467-exec-3] DEBUG o.s.j.d.DriverManagerDataSource - Creating new JDBC DriverManager Connection to [jdbc:postgresql://localhost:5432/common__gareporter]
2016-10-20 15:45:38,375 9403 [http-nio-10467-exec-3] DEBUG o.s.jdbc.datasource.DataSourceUtils - Returning JDBC Connection to DataSource
2016-10-20 15:45:38,376 9404 [http-nio-10467-exec-3] DEBUG o.s.jdbc.core.JdbcTemplate - Executing prepared SQL query
2016-10-20 15:45:38,376 9404 [http-nio-10467-exec-3] DEBUG o.s.jdbc.core.JdbcTemplate - Executing prepared SQL statement [SELECT username,user_role.role FROM public.user INNER JOIN user_role ON public.user.user_id=user_role.user_id where public.user.username=?]
2016-10-20 15:45:38,376 9404 [http-nio-10467-exec-3] DEBUG o.s.jdbc.datasource.DataSourceUtils - Fetching JDBC Connection from DataSource
2016-10-20 15:45:38,376 9404 [http-nio-10467-exec-3] DEBUG o.s.j.d.DriverManagerDataSource - Creating new JDBC DriverManager Connection to [jdbc:postgresql://localhost:5432/common__gareporter]
2016-10-20 15:45:38,383 9411 [http-nio-10467-exec-3] DEBUG o.s.jdbc.datasource.DataSourceUtils - Returning JDBC Connection to DataSource
2016-10-20 15:45:38,390 9418 [http-nio-10467-exec-3] INFO com.carusselgroup.page.HomePage - Login username/password authentication success: test\test
2016-10-20 15:45:38,391 9419 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,393 9421 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,394 9422 [http-nio-10467-exec-3] DEBUG org.apache.wicket.Page - ending request for page [Page class = com.carusselgroup.page.LoginPage, id = 0, render count = 0], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@4fcc406b
2016-10-20 15:45:38,394 9422 [http-nio-10467-exec-3] DEBUG o.a.w.page.PageAccessSynchronizer - 'http-nio-10467-exec-3' released lock to page with id '0'
2016-10-20 15:45:38,394 9422 [http-nio-10467-exec-3] DEBUG o.a.w.page.PageAccessSynchronizer - 'http-nio-10467-exec-3' notifying blocked threads
2016-10-20 15:45:38,395 9423 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,395 9423 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,395 9423 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,395 9423 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,396 9424 [http-nio-10467-exec-3] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@5776b12c
2016-10-20 15:45:38,396 9424 [http-nio-10467-exec-3] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@442b46a2: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@442b46a2: Principal: org.springframework.security.core.userdetails.User@364492: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@3af765a
2016-10-20 15:45:38,396 9424 [http-nio-10467-exec-3] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
2016-10-20 15:45:38,397 9425 [http-nio-10467-exec-3] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/user/home'; against '/logout'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /user/home' doesn't match 'POST /j_spring_security_check
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2016-10-20 15:45:38,408 9436 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-10-20 15:45:38,408 9436 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa93c2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 10.1.0.45; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/user/home'; against '/user**'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/user/home'; against '/admin**'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Public object - authentication not attempted
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home reached end of additional filter chain; proceeding with original chain
2016-10-20 15:45:38,413 9441 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,413 9441 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,413 9441 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,413 9441 [http-nio-10467-exec-4] DEBUG o.a.w.r.m.CompoundRequestMapper - One compatible mapper found for URL 'user/home' -> 'Mapper: org.apache.wicket.core.request.mapper.MountedMapper; Score: 4'
2016-10-20 15:45:38,413 9441 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,422 9450 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,423 9451 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,423 9451 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,423 9451 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,423 9451 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,424 9452 [http-nio-10467-exec-4] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@5776b12c
2016-10-20 15:45:38,424 9452 [http-nio-10467-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-10-20 15:45:38,424 9452 [http-nio-10467-exec-4] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
2016-10-20 15:45:38,424 9452 [http-nio-10467-exec-4] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2016-10-20 15:45:38,440 9468 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-10-20 15:45:38,440 9468 [http-nio-10467-exec-5] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
2016-10-20 15:45:38,440 9468 [http-nio-10467-exec-5] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/logout'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /j_spring_security_check
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa93c2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 10.1.0.45; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/user**'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/admin**'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Public object - authentication not attempted
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login reached end of additional filter chain; proceeding with original chain
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.a.w.r.m.CompoundRequestMapper - One compatible mapper found for URL 'login' -> 'Mapper: org.apache.wicket.core.request.mapper.MountedMapper; Score: 2'
2016-10-20 15:45:38,443 9471 [http-nio-10467-exec-5] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,444 9472 [http-nio-10467-exec-5] DEBUG o.a.w.page.PageAccessSynchronizer - 'http-nio-10467-exec-5' attempting to acquire lock to page with id '0'
2016-10-20 15:45:38,444 9472 [http-nio-10467-exec-5] DEBUG o.a.w.page.PageAccessSynchronizer - http-nio-10467-exec-5 acquired lock to page 0
最佳答案
我正面临这个问题。问题是我的 cookie 只能通过 https 发送。
下一个案例是我在系统重启/重新部署后尝试重新建立用户 session 。 Tomcat 序列化所有 Activity 用户 session 并写下所有属性,并在系统重新启动时反序列化它们,并将 jsessionid 与 cookie 中的进行比较,但我缺少 secureAuthId 因为 tomcat 不记得它。
关于java - Spring Security 和 Tomcat 8 JSessionId 响应不匹配,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40158351/
28
4
0
请帮助我的建议。 我需要通过 xml 文件中的某个变量在我的应用程序上禁用/启用 spring 安全性。 我的 spring-security.xml 文件
我做了很多研究,对我来说一切看起来都是正确的......但我无法让它发挥作用!有人有什么想法吗? 无论我做什么,相关映射仍然对任何人公开(匿名或登录,无论他们具有什么角色)。 理想情况下,我希望所有请
我们正在考虑为我们网站的一部分启用 SSL,但某些页面包含来自第三方供应商(如 Google AdSense)的广告。 我认为这会给我们的用户带来一个恼人的问题,因为他们在查看带有广告的页面时会看到类
我正在开发一个休息服务,它将通过浏览器提供 浏览器单页应用程序和移动应用程序。目前我的服务正在运行 根本没有 Spring 。 oauth2 客户端是在过滤器内部实现的,所以可以说是“手动”。 我正在
我正在为我公司的网站添加 Content-Security-Policy-Report-Only 标题。在我研究它时,我发现一些页面已经设置了 Content-Security-Policy head
在 XML 配置中,我可以使用 security 命名空间来启用对安全性的支持,例如: 我尝试使用没有 XML 的 Spring,只有 @Configuration 类。与上述 XM
我正在使用 Spring Security 3.0.2,但找不到从数据库加载匿名用户角色的方法(我有动态角色,可以将角色分配给每个人)。 我尝试使用自定义的anonymousAuthenticatio
我有那个代码。但是当我在浏览器中进入 app_dev.php/login浏览器说:该页面进行了太多重定向 安全.yml安全: 编码器: Symfony\Component\Security\Core\
我正在使用SSH Secure Shell客户端,这是一个连接服务器的好工具。 但是,我想知道是否可以记录通过SSH Secure Shell客户端运行的程序中所有即将出现的消息。例如:./ test
我有那个代码。但是当我在浏览器中进入 app_dev.php/login浏览器说:该页面进行了太多重定向 安全.yml安全: 编码器: Symfony\Component\Security\Core\
如何为表单例份验证提供程序设置 success_handler(和 failure_handler)? Silex 使用此配置忽略我: register(new Silex\Provider\Secu
新手问题...我已成功实现自定义处理程序和服务(自定义用户详细信息服务、身份验证成功、身份验证失败)并且一切正常。我现在还实现了如果 3 次并发身份验证失败将锁定帐户(一定时间)的功能。 我现在继续处
我正在使用 Spring security java 配置,我想知道一种实现多个 url 注销的方法。即 logout().logoutRequestMatcher(new AntPathReques
我正在为我的 SP 使用 Spring Security SAML 扩展。用户通过 IDP 身份验证后,SP 使用某种方法允许后续调用不必通过 IDP 重新进行身份验证。这是如何在 Spring Se
spring security 有没有办法防止下面的最后一点?我正在使用 3.0.5 - 用户登录我的网站 - 用户转到网站中的任何页面并单击注销 -注销链接使用户 session 无效并将它们发送到
要么我迟到了,要么我做错了什么。我正在使用 Visual Studio 2013,但是我试图使用 Membership 类,using System.Web.Security;我的程序集中不存在命名空
我有一个具有依赖性的oauth2客户端spring-boot应用程序: - Spring 靴1.2.0.RC1 -spring-security-oauth2 2.0.4.RELEASE - Spri
我想在控制台应用程序中生成 HashPasswordForStoringInConfigFile。 它是在 Web 应用程序中使用以下类完成的 System.Web.Security.FormsAut
我需要有多个 PRE_AUTH Spring 安全过滤器。特别是我需要使用 PRE_AUTH除了配置为 PRE_AUTH 的两个过滤器之外的过滤器在 Spring Security 3.0 的 SAM
我猜这里没有答案,但我想知道是否有办法创建这样的自定义注释: @Documented @Inherited @Retention(RetentionPolicy.RUNTIME) @Target({E
我是一名优秀的程序员,十分优秀!