我正在使用https频道开发soap web服务。用户凭据和角色在属性文件中定义。
<security:http authentication-manager-ref="basicauthenticationManager" pattern="/webservice" entry-point-ref="basicAuthEntryPoint" access-denied-page="/WEB-INF/views/ws404.html" use-expressions="true">
<security:intercept-url pattern="/webservice/*" access="hasAnyRole('ROLE_USER')" requires-channel="https"/>
<security:intercept-url pattern="/webservice" access="hasAnyRole('ROLE_USER')" requires-channel="https"/>
<security:custom-filter ref="basicAuthenticationFilter" after="BASIC_AUTH_FILTER" />
</security:http>
<security:authentication-manager id="basicauthenticationManager">
<security:authentication-provider >
<security:user-service properties="classpath:users.properties">
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
当我只调用Web服务一次时,我没有收到任何DEBUG错误消息但是在循环中调用时会出现以下错误
11:53:13,721 DEBUG [FilterSecurityInterceptor]以前经过身份验证:org.springframework.security.authenti cation.AnonymousAuthenticationToken@90556c3e:Principal:anonymousUser;证书:[保护];认证 d:是的;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@1de6:RemoteIpAddre ss:10.11.160.39; SessionId:null;授权机构:ROLE_ANONYMOUS 11:53:13,722 DEBUG [AffirmativeBased]选民:org.springframework.security.web.access.expression.WebExpressionV oter @ 19c0b5c,返回:-1 11:53:13,723 DEBUG [ExceptionTranslationFilter]访问被拒绝(用户是匿名的);重定向到真实 进入点 org.springframework.security.access.AccessDeniedException:访问被拒绝 在org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) 在org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(摘要) SecurityInterceptor.java:205)
服务器成功处理请求,如何禁止或避免此DEBUG消息。
答案 0 :(得分:1)
如Spring Security FAQ中所述,这不是错误,它是在调试级别记录的。
如果要禁止它,只需禁用Spring Security包的调试级别日志记录。例如,如果您使用logback进行日志记录(在Spring Security示例应用程序中使用,请将DEBUG更改为this line上的INFO。