Spring安全性与Tomcat 8 JSessionId响应失配
Spring安全性与Tomcat 8 JSessionId响应失配
提问于 2016-10-20 15:15:34
我有webapp,它实现了Java来区分用户和管理员。在前端,我使用Wicket为我的页面实现不同的操作和视图。除了一件事外,整个登录系统都很好用。如果我将我的应用程序部署到远程Tomcat (与本地环境中相同的版本),并尝试像往常一样使用相同的用户名/密码组合登录,spring安全性将重定向到我的登录页面。我试着检查日志,正如我观察到的,在远程Tomcat端,我的身份验证方法工作得很好,Spring成功地识别了我的凭据,并以适当的权限将我授权为"ROLE_USER",但不知怎么的会话ID或对象,或者什么东西丢失了,Spring创建了一个具有匿名权限的新的,然后重定向回登录。正如我注意到的,当我请求表单提交时,本地主机中的JSessionID是相同的,然后是/user/主页,而在远程,两个请求的ID是不同的。这是否意味着Tomcat或Apache不支持Spring安全的某些功能,或者我在我的应用程序中遗漏了一些配置标记?
更新
在google控制台中,我认识到,首先在表单之后提交发送给服务器的请求。应用程序成功地对用户进行身份验证,并发送带有http 302状态代码的JSessionID cookie。此后,浏览器向适当的/user/home url发送GET请求,但头中没有任何cookie,这就是为什么spring安全创建了一个新的安全机制,并将其发送回/login页面?
溶液
问题在于域请求转发。我的领域如。test.com将我的请求转发到test.com/myapp,然后用适当的cookie发送响应,但是使用路径:"/myapp“。然后浏览器无法识别请求的URL,也不会将其发送回服务器。security没有找到批准的JSessionID,然后它创建了一个新的,它无法从SecurityContextHolder获得。Zildyan的回答是最好的解决方案,所以我会接受的。
我的Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<display-name>GAReporter</display-name>
<session-config>
<session-timeout>5000</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml,/WEB-INF/spring-security.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<filter-name>wicket.wicket-spring</filter-name>
<filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
<init-param>
<param-name>applicationClassName</param-name>
<param-value>com.carusselgroup.application.GAApplication</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>wicket.wicket-spring</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
</web-app>弹簧安全
<?xml version="1.0" encoding="windows-1252"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xml
ns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd">
<http auto-config="true" use-expressions="true" create-session="ifRequired">
<access-denied-handler error-page="/403" />
<form-login login-page="/login" log
in-processing-url="/j_spring_security_check" />
<intercept-url pattern="/user**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<csrf disabled="true" />
</ht
tp>
<authentication-manager alias="
authenticationManager ">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT username,password ,user_role.enabled
FROM public.user
INNER JOIN user_role
ON public.user.user_id=user_role.user_id
where public.user.username=?"
authorities-by-username-query="SELECT username,user_role.role
FROM public.user
INNER JOIN user_role
ON public.user.user_id=user_role.user_id
where public.user.username=?" />
</authentication-provider>
</authentication-manager>
</beans:beans>LoginPage.java:
public class LoginPage extends WebPage
{
private static final long serialVersionUID = 6820791987770181938L;
private String username;
private String password;
private static final Logger logger = LoggerFactory.getLogger(HomePage.class);
@Override
protected void onInitialize()
{
super.onInitialize();
FeedbackPanel fbPanel = new FeedbackPanel("feedback");
add(fbPanel);
StatelessForm<Void> form = new StatelessForm<Void>("form")
{
private static final long serialVersionUID = -8390180201075042069L;
@Override
protected void onSubmit()
{
SpringWicketWebSession session = SpringWicketWebSession.getSpringWicketWebSession();
logger.info("Trying to login with: " + username + "\\" + password);
if (session.signIn(username, password))
{
logger.info("Login username/password authentication success: " + username + "\\" + password);
setResponsePage(HomePage.class);
} else
{
logger.info("Login username/password authentication failed: " + username + "\\" + password);
error("Sign in failed, Incorrect username or password");
}
}
};
form.setDefaultModel(new CompoundPropertyModel(this));
form.add(new TextField<String>("username").setRequired(true));
form.add(new PasswordTextField("password").setRequired(true));
add(form);
}
}AuthenticatedWebSession类:
public class SpringWicketWebSession extends AuthenticatedWebSession
{
private static final long serialVersionUID = 779910029564267643L;
private static final Logger logger = Logger.getLogger(SpringWicketWebSession.class);
@SpringBean(name = "authenticationManager")
private AuthenticationManager authenticationManager;
private HttpSession httpSession;
Authentication authentication = null;
public SpringWicketWebSession(Request request)
{
super(request);
Injector.get().inject(this);
ensureDependenciesNotNull();
}
public static SpringWicketWebSession getSpringWicketWebSession()
{
return (SpringWicketWebSession) Session.get();
}
private void ensureDependenciesNotNull()
{
if (authenticationManager == null)
{
throw new IllegalStateException("Requires an authentication");
}
}
@Override
public boolean authenticate(String username, String password)
{
logger.info("authentication starting...");
boolean authenticated = false;
try
{
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
SecurityContextHolder.getContext().setAuthentication(authentication);
authenticated = authentication.isAuthenticated();
} catch (AuthenticationException e)
{
logger.error("Authentication failed with");
logger.error("Exception: " + e);
authenticated = false;
}
return authenticated;
}
@Override
public Roles getRoles()
{
Roles roles = new Roles();
getRolesIfSignedIn(roles);
return roles;
}
private void getRolesIfSignedIn(Roles roles)
{
if (isSignedIn())
{
addRolesFromAuthentication(roles, authentication);
}
}
private void addRolesFromAuthentication(Roles roles, Authentication authentication)
{
for (GrantedAuthority authority : authentication.getAuthorities())
{
roles.add(authority.getAuthority());
}
}
}和猫弹簧的原木:
2016-10-20 15:45:38,352 9380 [http-nio-10467-exec-3] INFO com.carusselgroup.page.HomePage - Trying to login with: test\test
2016-10-20 15:45:38,352 9380 [http-nio-10467-exec-3] INFO c.c.config.SpringWicketWebSession - authentication starting...
2016-10-20 15:45:38,352 9380 [http-nio-10467-exec-3] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
2016-10-20 15:45:38,352 9380 [http-nio-10467-exec-3] DEBUG o.s.s.a.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2016-10-20 15:45:38,358 9386 [http-nio-10467-exec-3] DEBUG o.s.jdbc.core.JdbcTemplate - Executing prepared SQL query
2016-10-20 15:45:38,359 9387 [http-nio-10467-exec-3] DEBUG o.s.jdbc.core.JdbcTemplate - Executing prepared SQL statement [SELECT username,password ,user_role.enabled FROM public.user INNER JOIN user_role ON public.user.user_id=user_role.user_id where public.user.username=?]
2016-10-20 15:45:38,360 9388 [http-nio-10467-exec-3] DEBUG o.s.jdbc.datasource.DataSourceUtils - Fetching JDBC Connection from DataSource
2016-10-20 15:45:38,360 9388 [http-nio-10467-exec-3] DEBUG o.s.j.d.DriverManagerDataSource - Creating new JDBC DriverManager Connection to [jdbc:postgresql://localhost:5432/common__gareporter]
2016-10-20 15:45:38,375 9403 [http-nio-10467-exec-3] DEBUG o.s.jdbc.datasource.DataSourceUtils - Returning JDBC Connection to DataSource
2016-10-20 15:45:38,376 9404 [http-nio-10467-exec-3] DEBUG o.s.jdbc.core.JdbcTemplate - Executing prepared SQL query
2016-10-20 15:45:38,376 9404 [http-nio-10467-exec-3] DEBUG o.s.jdbc.core.JdbcTemplate - Executing prepared SQL statement [SELECT username,user_role.role FROM public.user INNER JOIN user_role ON public.user.user_id=user_role.user_id where public.user.username=?]
2016-10-20 15:45:38,376 9404 [http-nio-10467-exec-3] DEBUG o.s.jdbc.datasource.DataSourceUtils - Fetching JDBC Connection from DataSource
2016-10-20 15:45:38,376 9404 [http-nio-10467-exec-3] DEBUG o.s.j.d.DriverManagerDataSource - Creating new JDBC DriverManager Connection to [jdbc:postgresql://localhost:5432/common__gareporter]
2016-10-20 15:45:38,383 9411 [http-nio-10467-exec-3] DEBUG o.s.jdbc.datasource.DataSourceUtils - Returning JDBC Connection to DataSource
2016-10-20 15:45:38,390 9418 [http-nio-10467-exec-3] INFO com.carusselgroup.page.HomePage - Login username/password authentication success: test\test
2016-10-20 15:45:38,391 9419 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,393 9421 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,394 9422 [http-nio-10467-exec-3] DEBUG org.apache.wicket.Page - ending request for page [Page class = com.carusselgroup.page.LoginPage, id = 0, render count = 0], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@4fcc406b
2016-10-20 15:45:38,394 9422 [http-nio-10467-exec-3] DEBUG o.a.w.page.PageAccessSynchronizer - 'http-nio-10467-exec-3' released lock to page with id '0'
2016-10-20 15:45:38,394 9422 [http-nio-10467-exec-3] DEBUG o.a.w.page.PageAccessSynchronizer - 'http-nio-10467-exec-3' notifying blocked threads
2016-10-20 15:45:38,395 9423 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,395 9423 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,395 9423 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,395 9423 [http-nio-10467-exec-3] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,396 9424 [http-nio-10467-exec-3] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@5776b12c
2016-10-20 15:45:38,396 9424 [http-nio-10467-exec-3] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@442b46a2: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@442b46a2: Principal: org.springframework.security.core.userdetails.User@364492: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@3af765a
2016-10-20 15:45:38,396 9424 [http-nio-10467-exec-3] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
2016-10-20 15:45:38,397 9425 [http-nio-10467-exec-3] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/user/home'; against '/logout'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /user/home' doesn't match 'POST /j_spring_security_check
2016-10-20 15:45:38,407 9435 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2016-10-20 15:45:38,408 9436 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-10-20 15:45:38,408 9436 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa93c2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 10.1.0.45; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/user/home'; against '/user**'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/user/home'; against '/admin**'
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Public object - authentication not attempted
2016-10-20 15:45:38,412 9440 [http-nio-10467-exec-4] DEBUG o.s.security.web.FilterChainProxy - /user/home reached end of additional filter chain; proceeding with original chain
2016-10-20 15:45:38,413 9441 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,413 9441 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,413 9441 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,413 9441 [http-nio-10467-exec-4] DEBUG o.a.w.r.m.CompoundRequestMapper - One compatible mapper found for URL 'user/home' -> 'Mapper: org.apache.wicket.core.request.mapper.MountedMapper; Score: 4'
2016-10-20 15:45:38,413 9441 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,422 9450 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,423 9451 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,423 9451 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,423 9451 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,423 9451 [http-nio-10467-exec-4] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/user/home'
2016-10-20 15:45:38,424 9452 [http-nio-10467-exec-4] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@5776b12c
2016-10-20 15:45:38,424 9452 [http-nio-10467-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-10-20 15:45:38,424 9452 [http-nio-10467-exec-4] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
2016-10-20 15:45:38,424 9452 [http-nio-10467-exec-4] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2016-10-20 15:45:38,440 9468 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-10-20 15:45:38,440 9468 [http-nio-10467-exec-5] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
2016-10-20 15:45:38,440 9468 [http-nio-10467-exec-5] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/logout'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /j_spring_security_check
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa93c2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 10.1.0.45; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-10-20 15:45:38,441 9469 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/user**'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/admin**'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Public object - authentication not attempted
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.s.security.web.FilterChainProxy - /login reached end of additional filter chain; proceeding with original chain
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,442 9470 [http-nio-10467-exec-5] DEBUG o.a.w.r.m.CompoundRequestMapper - One compatible mapper found for URL 'login' -> 'Mapper: org.apache.wicket.core.request.mapper.MountedMapper; Score: 2'
2016-10-20 15:45:38,443 9471 [http-nio-10467-exec-5] DEBUG o.a.w.p.h.servlet.ServletWebRequest - Calculating context relative path from: context path '/GAReporter-1.0', filterPrefix '', uri '/GAReporter-1.0/login'
2016-10-20 15:45:38,444 9472 [http-nio-10467-exec-5] DEBUG o.a.w.page.PageAccessSynchronizer - 'http-nio-10467-exec-5' attempting to acquire lock to page with id '0'
2016-10-20 15:45:38,444 9472 [http-nio-10467-exec-5] DEBUG o.a.w.page.PageAccessSynchronizer - http-nio-10467-exec-5 acquired lock to page 0回答 1
Stack Overflow用户
回答已采纳
发布于 2016-10-21 17:39:21
- 我正面临着这个问题。问题是,在我的情况下,cookie只能通过https发送。
- 下一个情况是,在系统重新启动/重新部署之后,我试图重新建立用户会话。Tomcat序列化所有活动用户会话并写入所有属性测试,并在系统重新启动时反序列化它们,并将jsessionid与cookie中的会话进行比较,但我没有使用secureAuthId,因为tomcat不记得它。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/40158351
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号