我使用Spring 2.5.2和相同版本的spring security。 问题是,我通过应用程序登录并清除我的浏览器cookie并刷新页面应用程序被重定向到登录页面,但在后面它会抛出异常
DEBUG ExceptionTranslationFilter - 发生身份验证异常;重定向到身份验证入口点 org.springframework.security.AuthenticationCredentialsNotFoundException:在SecurityContext中找不到Authentication对象 at org.springframework.security.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:342) 在org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254) 在org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) 在org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) 在org.springframework.security.util.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:390) 在org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:52) 在org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) 在org.springframework.security.util.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:390)
继续直至at java.lang.Thread.run(Unknown Source)
此异常后应用程序被重定向到登录页面&输入登录凭据后 我必须单击两次登录按钮才能进入应用程序。 第一次单击控制台显示后
DEBUG CptLogger - com.capgent.cpt.server.services.auth.LoginAuthenticationProvider调用方法:additionalAuthenticationChecks是否已经过身份验证? :假 DEBUG XmlWebApplicationContext - 在上下文中发布事件[org.springframework.web.context.support.XmlWebApplicationContext@1d0d124]:org.springframework.security.event.authentication.AuthenticationSuccessEvent [source=org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal :com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN] DEBUG AuthenticationProcessingFilter - 身份验证成功:org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal:com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN DEBUG AuthenticationProcessingFilter - 更新了SecurityContextHolder以包含以下身份验证:' org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal:com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN' DEBUG SessionUtils - 使用Id' 6693D3BCE880D6339D9D149F44637952'使会话无效。和迁移属性。 DEBUG SessionUtils - 新会议开始:E772A0D1441C079B2ACD3698F68AF63C DEBUG AuthenticationProcessingFilter - 从HTTP会话(或默认)重定向到目标URL:
http://localhost:8090/resources/com.capgent.cpt.Main/Main.jspDEBUG omTokenBasedRemembermeServices - 没有发送remember-me cookie(校长没有设置参数' _spring_security_remember_me') DEBUG omTokenBasedRemembermeServices - 记住 - 我没有请求登录。 DEBUG XmlWebApplicationContext - 在上下文中发布事件[org.springframework.web.context.support.XmlWebApplicationContext@1d0d124]:org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent [source=org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal :com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN] DEBUG essionContextIntegrationFilter - 存储到HttpSession的SecurityContext:' org.springframework.security.context.SecurityContextImpl@862413dc:身份验证:org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal:com.capgent.cpt.server.services。 auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN' DEBUG essionContextIntegrationFilter - SecurityContextHolder现已清除,请求处理完成 DEBUG RequestContextFilter - 清除线程绑定请求上下文:org.apache.catalina.connector.RequestFacade@1d03700 DEBUG nsactionSynchronizationManager - 从线程[http-8090-Processor25]中删除密钥[org.hibernate.impl.SessionFactoryImpl@42c282]的值[org.springframework.orm.hibernate3.SessionHolder@1c9dea3] DEBUG OpenSessionInViewFilter - 在OpenSessionInViewFilter中关闭单个Hibernate会话 DEBUG SessionFactoryUtils - 关闭Hibernate会话 DEBUG ConnectionManager - 释放JDBC连接[(打开PreparedStatements:0,全局:0)(打开ResultSet:0,全局:0)] DEBUG ConnectionManager - 在on_close连接释放模式的会话中完成事务;一定要关闭会话以释放JDBC资源! DEBUG OpenSessionInViewFilter - 使用SessionFactory' cptSessionFactory'对于OpenSessionInViewFilter DEBUG DefaultListableBeanFactory - 返回单例bean的缓存实例' cptSessionFactory' DEBUG OpenSessionInViewFilter - 在OpenSessionInViewFilter中打开单个Hibernate会话 DEBUG SessionFactoryUtils - 打开Hibernate会话 DEBUG SessionImpl - 在时间戳打开的会话:13938439638 DEBUG nsactionSynchronizationManager - 绑定值[org.springframework.orm.hibernate3.SessionHolder@862557]用于密钥[org.hibernate.impl.SessionFactoryImpl@42c282]到线程[http-8090-Processor25] DEBUG RequestContextFilter - 绑定到线程的请求上下文:org.apache.catalina.connector.RequestFacade@1d03700 DEBUG FilterChainProxy - 将URL转换为小写,来自:' /com.capgent.cpt.main/main.jsp' ;; to:' /com.capgent.cpt.main/main.jsp' DEBUG FilterChainProxy - 候选人是:' /com.capgent.cpt.main/main.jsp' ;; pattern是/ssoerror.html*;匹配=假 DEBUG FilterChainProxy - 将URL转换为小写,来自:' /com.capgent.cpt.main/main.jsp' ;; to:' /com.capgent.cpt.main/main.jsp' DEBUG FilterChainProxy - 候选人是:' /com.capgent.cpt.main/main.jsp' ;; pattern是/ ;匹配=真 DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在附加过滤器链的第1位10;触发过滤器:' org.springframework.security.context.HttpSessionContextIntegrationFilter [order = 200; ]' DEBUG essionContextIntegrationFilter - 从SPRING_SECURITY_CONTEXT获取有效的SecurityContext以与SecurityContextHolder关联:' org.springframework.security.context.SecurityContextImpl@862413dc:身份验证:org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal:com.capgent。 cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN' DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第2位的10位附加过滤链中;过滤:' com.capgent.cpt.server.services.auth.CantrexSsoProcessingFilter [order = 600; ]' DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp位于附加过滤器链中的第3位的10位;触发过滤器:' com.capgent.cpt.server.services.auth.DnbiSsoProcessingFilter [order = 600; ]' DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第4位的10位附加过滤链中;触发过滤器:' com.capgent.cpt.server.services.auth.OpenIdAuthenticationProcessingFilter [order = 800; ]' DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第5位的10位附加过滤链中;过滤:' org.springframework.security.ui.webapp.AuthenticationProcessingFilter [order = 700; ]' DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第6位的10位附加过滤器链;过滤:' org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter [order = 1100; ]' DEBUG SavedRequest - pathInfo:均为null(属性等于) DEBUG SavedRequest - queryString:都为null(属性等于) DEBUG SavedRequest - requestURI:arg1 = / resources / com.capgent.cpt.Main / Main.jsp; arg2 = / resources / com.capgent.cpt.Main / Main.jsp(property equals) DEBUG SavedRequest - serverPort:arg1 = 8090; arg2 = 8090(财产等于) DEBUG SavedRequest - requestURL:arg1 =http://localhost:8090/resources/com.capgent.cpt.Main/Main.jsp; arg2 =http://localhost:8090/resources/com.capgent.cpt.Main/Main.jsp(财产等于) DEBUG SavedRequest - scheme:arg1 = http; arg2 = http(属性等于) DEBUG SavedRequest - serverName:arg1 = localhost; arg2 = localhost(属性等于) DEBUG SavedRequest - contextPath:arg1 = / resources; arg2 = / resources(属性等于) DEBUG SavedRequest - servletPath:arg1 = / com.capgent.cpt.Main / Main.jsp; arg2 = / com.capgent.cpt.Main / Main.jsp(property equals) DEBUG SavedRequestAwareWrapper - 更换了Wrapper; SavedRequest是:SavedRequest [http:// localhost:8090 / resources / com.capgent.cpt.Main / Main.jsp] 在另一个过滤链中,DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp位于第7位的10位;过滤:' org.springframework.security.ui.rememberme.RememberMeProcessingFilter [order = 1200; ]' DEBUG RememberMeProcessingFilter - SecurityContextHolder未填充remember-me标记,因为它已包含:' org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal:com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd ;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN' DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第8位的10位额外的过滤链中;触发过滤器:' org.springframework.security.ui.ExceptionTranslationFilter [order = 1400; ]' DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第9位的10位附加过滤链中;触发过滤器:' org.springframework.security.ui.SessionFixationProtectionFilter [order = 1600; ]' DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在10位10的附加过滤链中;过滤:' org.springframework.security.intercept.web.FilterSecurityInterceptor@11ca33b' DEBUG lterInvocationDefinitionSource - 将URL转换为小写,来自:' /com.capgent.cpt.main/main.jsp' ;; to:' /com.capgent.cpt.main/main.jsp' DEBUG lterInvocationDefinitionSource - 候选者是:' /com.capgent.cpt.main/main.jsp' ;; pattern是//*main.jsp;匹配=真 DEBUG AbstractSecurityInterceptor - 安全对象:FilterInvocation:URL:/com.capgent.cpt.Main/Main.jsp; ConfigAttributes:[ROLE_ADMIN] DEBUG AbstractSecurityInterceptor - 以前经过身份验证:org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal:com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN DEBUG AbstractSecurityInterceptor - 授权成功 DEBUG XmlWebApplicationContext - 在上下文中发布事件[org.springframework.web.context.support.XmlWebApplicationContext@1d0d124]:org.springframework.security.event.authorization.AuthorizedEvent [source = FilterInvocation:URL:/com.capgent.cpt.Main/ main.jsp中] DEBUG AbstractSecurityInterceptor - RunAsManager没有更改Authentication对象 DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp到达了额外的过滤器链的末尾;继续与原始链 DEBUG JspServlet - JspEngine - > /com.capgent.cpt.Main/Main.jsp DEBUG JspServlet - ServletPath:/com.capgent.cpt.Main/Main.jsp DEBUG JspServlet - PathInfo:null DEBUG JspServlet - RealPath:D:\ springworkspace.metadata.plugins \ org.eclipse.wst.server.core \ tmp3 \ wtpwebapps \ capgentspring \ com.capgent.cpt.Main \ Main.jsp DEBUG JspServlet - RequestURI:/resources/com.capgent.cpt.Main/Main.jsp DEBUG JspServlet - QueryString:null
答案 0 :(得分:1)
"问题是,我通过应用程序登录并清除浏览器cookie并刷新页面应用程序被重定向到登录页面"
是的。这是正常行为。因为旧会话无效/关闭,所以会从那里开始新会话。
"但在后面它会抛出异常"
是的。它会,因为它会在您刷新页面时尝试重新验证用户信息/会话。因为您已经清除了cookie,它将失败。
答案 1 :(得分:0)
设置
<form-login login-page="/Login.jsp" authentication-failure-url="/LoginHandler.jsp" always-use-default-target="true" default-target-url="/LoginHandler.jsp"/>
早先解决了我的问题,价值为alway-use-default-target="false"