我有一个来自供应商的Web应用程序,它具有一些新功能,您可以按下网页上的按钮,然后打开一个新的弹出窗口以使用新功能。但是,当登录到应用程序的用户按下按钮时,用户将自动注销。我们已经与很多用户进行了测试,他们都遇到了同样的问题。
我们正在使用IE 8,因为这是供应商为其编写的应用程序。该应用程序托管在WebSphere Application Server 8.5.5.1(刚刚从WebSphere 7.0.17升级)上。无论我们是通过网络服务器还是通过端口号直接进入应用程序,都会出现问题。
如果我使用的是谷歌浏览器,那么当用户第一次登录并单击该按钮时,它们就会被注销,但下次登录按钮时工作正常。但我们无法使用谷歌浏览器,因为供应商不支持。
我已经与IBM开了一个PMR,他们可以看到会话失效了。
[12/12/14 11:27:49:368 EST] 0000012b HttpRequestMe 1 setRequestURL input [/blue2web/images/cbf/bg.grad.blue.jpg]
.......
[12/12/14 11:27:49:439 EST] 0000012b filter 1 com.ibm.ws.webcontainer.filter.WebAppFilterChain doFilter entry
[12/12/14 11:27:49:439 EST] 0000012b filter 1 com.ibm.ws.webcontainer.filter.WebAppFilterChain doFilter executing filter -->springSecurityFilterChain
[12/12/14 11:27:49:440 EST] 0000012b util 1 com.ibm.ws.webcontainer.util.EventListeners fireEvent Use visitor com.ibm.ws.webcontainer.webapp.FireOnFilterStartDoFilter@c7cef1a9 to fire event to com.ibm.websphere.servlet.event.FilterListenerImpl@2a6d1c41, class:class com.ibm.websphere.servlet.event.FilterListenerImpl
.......
[12/12/14 11:27:49:440 EST] 0000012b event 1 com.ibm.websphere.servlet.event.FilterListenerImpl onFilterStartDoFilter onFilterStartDoFilter -->springSecurityFilterChain request -->com.ibm.ws.webcontainer.srt.SRTServletRequest@3925fa48
.......
[12/12/14 11:27:49:444 EST] 0000012b WASSessionCor > MemorySession invalidate ENTRY AppName=default_hostblue2web; Id=XgGNO6yhlsbiQKcNk9eOeZF
.......
[12/12/14 11:27:49:445 EST] 0000012b WASSessionCor 1 MemorySession setIsValid New Value=false; Old Value=true AppName=default_hostblue2web; Id=XgGNO6yhlsbiQKcNk9eOeZF
.......
[12/12/14 11:27:49:445 EST] 0000012b WASSessionCor < MemorySession invalidate RETURN
.......
[12/12/14 11:27:49:464 EST] 0000012b filter 1 com.ibm.ws.webcontainer.filter.WebAppFilterChain doFilter entry
[12/12/14 11:27:49:464 EST] 0000012b filter 1 com.ibm.ws.webcontainer.filter.WebAppFilterChain doFilter executing filter -->struts2
.......
[12/12/14 11:27:49:481 EST] 0000012b HttpResponseM 1 Marshalling first line: HTTP/1.1 304 Not Modified
我们看到了对/blue2web/images/cbf/bg.grad.blue.jpg的请求。请求进入过滤器springSecurityFilterChain,会话无效 请求继续通过几个过滤器(从struts2过滤器开始),最终返回304响应。
供应商已经说过没有其他人(包括他们)看到过这个问题。
我现在感到很困惑,因为我不知道它是IE 8问题,Spring问题还是WebSphere 8.5.5.1问题。我们在应用程序中有其他按钮,为不同的功能提供不同的窗口,它们工作得很好。
更新(2014年12月22日) -
这是春季安全的痕迹。不确定它会有所帮助。
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/cbfcommonutil.js'; to: '/javascript/cbfcommonutil.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is:
'/javascript/cbfcommonutil.js'; pattern is /j_security_check; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/cbfcommonutil.js'; to: '/javascript/cbfcommonutil.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/cbfcommonutil.js'; pattern is /favicon.ico; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/cbfcommonutil.js'; to: '/javascript/cbfcommonutil.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/cbfcommonutil.js'; pattern is /index*; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/cbfcommonutil.js'; to: '/javascript/cbfcommonutil.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/cbfcommonutil.js'; pattern is /javascript/*; matched=true
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy doFilter /javascript/cbfCommonUtil.js has an empty filter list
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/mootools-1.2.5.js'; to: '/javascript/mootools-1.2.5.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/mootools-1.2.5.js'; pattern is /j_security_check; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/mootools-1.2.5.js'; to: '/javascript/mootools-1.2.5.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/mootools-1.2.5.js'; pattern is /favicon.ico; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/mootools-1.2.5.js'; to: '/javascript/mootools-1.2.5.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/mootools-1.2.5.js'; pattern is /index*; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/mootools-1.2.5.js'; to: '/javascript/mootools-1.2.5.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/mootools-1.2.5.js'; pattern is /javascript/*; matched=true
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy doFilter /javascript/mootools-1.2.5.js has an empty filter list
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /j_security_check; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /favicon.ico; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /index*; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /javascript/*; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /css/*; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /images/*; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /iframe_black*; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /webhelp_pro/**; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /**; matched=true
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[12/22/14 14:17:19:922 CST] 000000a5 HttpSessionSe 1 org.springframework.security.web.context.HttpSessionSecurityContextRepository readSecurityContextFromSession Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@ba2bcf8a: Authentication: com.bcbsa.blue2.configuration.security.jee.DelegateToUserDetailsPreAuthenticatedAuthenticationToken@ba2bcf8a: Principal: com.bcbsa.blue2.configuration.security.model.springsecurity.AuthoritiesByBoidUser@6820f6c1: Username: MyId; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: AdjustmentMsgUser,BasicMsgUser,CBFUpdateUser,CBFViewOnlyUser,CSRNMsgUser,Claim276StatusWithoutSccf,ClaimDispositionDetailsViewer,ClaimMisrouteMsgUser,ClaimStatusRequester,ClaimSubmissionDetailsViewer,DataRole1,DataRole11,DataRole13,DataRole17,DataRole2,DataRole3,DataRole30,DataRole35,DataRole37,DataRole39,DataRole4,DataRole41,DataRole49,DataRole5,DataRole51,DataRole53,DataRole55,DataRole57,DataRole58,DataRole59,DataRole61,DataRole63,DataRole65,DataRole70,DataRole9,DataRole99,EscalationLevel1MsgUser,EscalationLevel2MsgUser,EvaluateAdjustmentMessageStateAdmin,GlobalFeeMsgUser,LocalEditAdmin,MedicalRecordViewer,MessageCommentConfigAdmin,MessageListingViewer,MessageReprocessUser,MessageSummaryViewer,PQIMsgSummaryViewer,PQIMsgUser,PostProcessConfigAdmin,PreExMsgUser,PurgeDF,PurgeMessage,PurgeNF,PurgeRF,PurgeRestoreAdmin,PurgeSF,ReassignUserAdmin,RemoteOperationViewer,RestoreViewer,SecurityConfigAdmin,SubscriberIDWildcardSearchAdmin,ValidUser,ValidUserCBF; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 3VjGU8WisdQb0Zvjzk7jYyc; Authorities: [DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, PurgeSF, PostProcessConfigAdmin, DataRole65, RestoreViewer, MessageReprocessUser, DataRole70, EvaluateAdjustmentMessageStateAdmin, EscalationLevel1MsgUser, PurgeDF, LocalEditAdmin, ClaimMisrouteMsgUser, DataRole99, AdjustmentMsgUser, CSRNMsgUser, ValidUserCBF, GlobalFeeMsgUser, MessageSummaryViewer, ClaimDispositionDetailsViewer, CBFViewOnlyUser, DataRole1, DataRole2, DataRole3, DataRole4, MedicalRecordViewer, DataRole5, DataRole9, PurgeMessage, BasicMsgUser, MessageListingViewer, RemoteOperationViewer, EscalationLevel2MsgUser, ClaimSubmissionDetailsViewer, CBFUpdateUser, ReassignUserAdmin, PQIMsgUser, PreExMsgUser, DataRole11, DataRole13, PurgeNF, DataRole17, PurgeRestoreAdmin, MessageCommentConfigAdmin, SubscriberIDWildcardSearchAdmin, SecurityConfigAdmin, DataRole30, DataRole35, DataRole37, DataRole39, ValidUser, Claim276StatusWithoutSccf, DataRole41, PQIMsgSummaryViewer, DataRole49, ClaimStatusRequester, DataRole51, DataRole53, PurgeRF]; Granted Authorities: AdjustmentMsgUser, BasicMsgUser, CBFUpdateUser, CBFViewOnlyUser, CSRNMsgUser, Claim276StatusWithoutSccf, ClaimDispositionDetailsViewer, ClaimMisrouteMsgUser, ClaimStatusRequester, ClaimSubmissionDetailsViewer, DataRole1, DataRole11, DataRole13, DataRole17, DataRole2, DataRole3, DataRole30, DataRole35, DataRole37, DataRole39, DataRole4, DataRole41, DataRole49, DataRole5, DataRole51, DataRole53, DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, DataRole65, DataRole70, DataRole9, DataRole99, EscalationLevel1MsgUser, EscalationLevel2MsgUser, EvaluateAdjustmentMessageStateAdmin, GlobalFeeMsgUser, LocalEditAdmin, MedicalRecordViewer, MessageCommentConfigAdmin, MessageListingViewer, MessageReprocessUser, MessageSummaryViewer, PQIMsgSummaryViewer, PQIMsgUser, PostProcessConfigAdmin, PreExMsgUser, PurgeDF, PurgeMessage, PurgeNF, PurgeRF, PurgeRestoreAdmin, PurgeSF, ReassignUserAdmin, RemoteOperationViewer, RestoreViewer, SecurityConfigAdmin, SubscriberIDWildcardSearchAdmin, ValidUser, ValidUserCBF'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 2 of 9 in additional filter chain; firing Filter: 'LtpaSSOLogoutFilter'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 3 of 9 in additional filter chain; firing Filter: 'J2eePreAuthenticatedProcessingFilter'
[12/22/14 14:17:19:922 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter doFilter Checking secure context token: com.bcbsa.blue2.configuration.security.jee.DelegateToUserDetailsPreAuthenticatedAuthenticationToken@ba2bcf8a: Principal: com.bcbsa.blue2.configuration.security.model.springsecurity.AuthoritiesByBoidUser@6820f6c1: Username: MyId; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: AdjustmentMsgUser,BasicMsgUser,CBFUpdateUser,CBFViewOnlyUser,CSRNMsgUser,Claim276StatusWithoutSccf,ClaimDispositionDetailsViewer,ClaimMisrouteMsgUser,ClaimStatusRequester,ClaimSubmissionDetailsViewer,DataRole1,DataRole11,DataRole13,DataRole17,DataRole2,DataRole3,DataRole30,DataRole35,DataRole37,DataRole39,DataRole4,DataRole41,DataRole49,DataRole5,DataRole51,DataRole53,DataRole55,DataRole57,DataRole58,DataRole59,DataRole61,DataRole63,DataRole65,DataRole70,DataRole9,DataRole99,EscalationLevel1MsgUser,EscalationLevel2MsgUser,EvaluateAdjustmentMessageStateAdmin,GlobalFeeMsgUser,LocalEditAdmin,MedicalRecordViewer,MessageCommentConfigAdmin,MessageListingViewer,MessageReprocessUser,MessageSummaryViewer,PQIMsgSummaryViewer,PQIMsgUser,PostProcessConfigAdmin,PreExMsgUser,PurgeDF,PurgeMessage,PurgeNF,PurgeRF,PurgeRestoreAdmin,PurgeSF,ReassignUserAdmin,RemoteOperationViewer,RestoreViewer,SecurityConfigAdmin,SubscriberIDWildcardSearchAdmin,ValidUser,ValidUserCBF; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 3VjGU8WisdQb0Zvjzk7jYyc; Authorities: [DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, PurgeSF, PostProcessConfigAdmin, DataRole65, RestoreViewer, MessageReprocessUser, DataRole70, EvaluateAdjustmentMessageStateAdmin, EscalationLevel1MsgUser, PurgeDF, LocalEditAdmin, ClaimMisrouteMsgUser, DataRole99, AdjustmentMsgUser, CSRNMsgUser, ValidUserCBF, GlobalFeeMsgUser, MessageSummaryViewer, ClaimDispositionDetailsViewer, CBFViewOnlyUser, DataRole1, DataRole2, DataRole3, DataRole4, MedicalRecordViewer, DataRole5, DataRole9, PurgeMessage, BasicMsgUser, MessageListingViewer, RemoteOperationViewer, EscalationLevel2MsgUser, ClaimSubmissionDetailsViewer, CBFUpdateUser, ReassignUserAdmin, PQIMsgUser, PreExMsgUser, DataRole11, DataRole13, PurgeNF, DataRole17, PurgeRestoreAdmin, MessageCommentConfigAdmin, SubscriberIDWildcardSearchAdmin, SecurityConfigAdmin, DataRole30, DataRole35, DataRole37, DataRole39, ValidUser, Claim276StatusWithoutSccf, DataRole41, PQIMsgSummaryViewer, DataRole49, ClaimStatusRequester, DataRole51, DataRole53, PurgeRF]; Granted Authorities: AdjustmentMsgUser, BasicMsgUser, CBFUpdateUser, CBFViewOnlyUser, CSRNMsgUser, Claim276StatusWithoutSccf, ClaimDispositionDetailsViewer, ClaimMisrouteMsgUser, ClaimStatusRequester, ClaimSubmissionDetailsViewer, DataRole1, DataRole11, DataRole13, DataRole17, DataRole2, DataRole3, DataRole30, DataRole35, DataRole37, DataRole39, DataRole4, DataRole41, DataRole49, DataRole5, DataRole51, DataRole53, DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, DataRole65, DataRole70, DataRole9, DataRole99, EscalationLevel1MsgUser, EscalationLevel2MsgUser, EvaluateAdjustmentMessageStateAdmin, GlobalFeeMsgUser, LocalEditAdmin, MedicalRecordViewer, MessageCommentConfigAdmin, MessageListingViewer, MessageReprocessUser, MessageSummaryViewer, PQIMsgSummaryViewer, PQIMsgUser, PostProcessConfigAdmin, PreExMsgUser, PurgeDF, PurgeMessage, PurgeNF, PurgeRF, PurgeRestoreAdmin, PurgeSF, ReassignUserAdmin, RemoteOperationViewer, RestoreViewer, SecurityConfigAdmin, SubscriberIDWildcardSearchAdmin, ValidUser, ValidUserCBF
[12/22/14 14:17:19:922 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter getPreAuthenticatedPrincipal PreAuthenticated J2EE principal: null
[12/22/14 14:17:19:922 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter requiresAuthentication Pre-authenticated principal has changed to null and will be reauthenticated
[12/22/14 14:17:19:922 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter requiresAuthentication Invalidating existing session
[12/22/14 14:17:19:922 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter getPreAuthenticatedPrincipal PreAuthenticated J2EE principal: null
[12/22/14 14:17:19:938 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter doAuthenticate No pre-authenticated principal found in request
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 4 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[12/22/14 14:17:19:938 CST] 000000a5 AnonymousAuth 1 org.springframework.security.web.authentication.AnonymousAuthenticationFilter doFilter SecurityContextHolder not populated with anonymous token, as it already contained: 'com.bcbsa.blue2.configuration.security.jee.DelegateToUserDetailsPreAuthenticatedAuthenticationToken@ba2bcf8a: Principal: com.bcbsa.blue2.configuration.security.model.springsecurity.AuthoritiesByBoidUser@6820f6c1: Username: MyId; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: AdjustmentMsgUser,BasicMsgUser,CBFUpdateUser,CBFViewOnlyUser,CSRNMsgUser,Claim276StatusWithoutSccf,ClaimDispositionDetailsViewer,ClaimMisrouteMsgUser,ClaimStatusRequester,ClaimSubmissionDetailsViewer,DataRole1,DataRole11,DataRole13,DataRole17,DataRole2,DataRole3,DataRole30,DataRole35,DataRole37,DataRole39,DataRole4,DataRole41,DataRole49,DataRole5,DataRole51,DataRole53,DataRole55,DataRole57,DataRole58,DataRole59,DataRole61,DataRole63,DataRole65,DataRole70,DataRole9,DataRole99,EscalationLevel1MsgUser,EscalationLevel2MsgUser,EvaluateAdjustmentMessageStateAdmin,GlobalFeeMsgUser,LocalEditAdmin,MedicalRecordViewer,MessageCommentConfigAdmin,MessageListingViewer,MessageReprocessUser,MessageSummaryViewer,PQIMsgSummaryViewer,PQIMsgUser,PostProcessConfigAdmin,PreExMsgUser,PurgeDF,PurgeMessage,PurgeNF,PurgeRF,PurgeRestoreAdmin,PurgeSF,ReassignUserAdmin,RemoteOperationViewer,RestoreViewer,SecurityConfigAdmin,SubscriberIDWildcardSearchAdmin,ValidUser,ValidUserCBF; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 3VjGU8WisdQb0Zvjzk7jYyc; Authorities: [DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, PurgeSF, PostProcessConfigAdmin, DataRole65, RestoreViewer, MessageReprocessUser, DataRole70, EvaluateAdjustmentMessageStateAdmin, EscalationLevel1MsgUser, PurgeDF, LocalEditAdmin, ClaimMisrouteMsgUser, DataRole99, AdjustmentMsgUser, CSRNMsgUser, ValidUserCBF, GlobalFeeMsgUser, MessageSummaryViewer, ClaimDispositionDetailsViewer, CBFViewOnlyUser, DataRole1, DataRole2, DataRole3, DataRole4, MedicalRecordViewer, DataRole5, DataRole9, PurgeMessage, BasicMsgUser, MessageListingViewer, RemoteOperationViewer, EscalationLevel2MsgUser, ClaimSubmissionDetailsViewer, CBFUpdateUser, ReassignUserAdmin, PQIMsgUser, PreExMsgUser, DataRole11, DataRole13, PurgeNF, DataRole17, PurgeRestoreAdmin, MessageCommentConfigAdmin, SubscriberIDWildcardSearchAdmin, SecurityConfigAdmin, DataRole30, DataRole35, DataRole37, DataRole39, ValidUser, Claim276StatusWithoutSccf, DataRole41, PQIMsgSummaryViewer, DataRole49, ClaimStatusRequester, DataRole51, DataRole53, PurgeRF]; Granted Authorities: AdjustmentMsgUser, BasicMsgUser, CBFUpdateUser, CBFViewOnlyUser, CSRNMsgUser, Claim276StatusWithoutSccf, ClaimDispositionDetailsViewer, ClaimMisrouteMsgUser, ClaimStatusRequester, ClaimSubmissionDetailsViewer, DataRole1, DataRole11, DataRole13, DataRole17, DataRole2, DataRole3, DataRole30, DataRole35, DataRole37, DataRole39, DataRole4, DataRole41, DataRole49, DataRole5, DataRole51, DataRole53, DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, DataRole65, DataRole70, DataRole9, DataRole99, EscalationLevel1MsgUser, EscalationLevel2MsgUser, EvaluateAdjustmentMessageStateAdmin, GlobalFeeMsgUser, LocalEditAdmin, MedicalRecordViewer, MessageCommentConfigAdmin, MessageListingViewer, MessageReprocessUser, MessageSummaryViewer, PQIMsgSummaryViewer, PQIMsgUser, PostProcessConfigAdmin, PreExMsgUser, PurgeDF, PurgeMessage, PurgeNF, PurgeRF, PurgeRestoreAdmin, PurgeSF, ReassignUserAdmin, RemoteOperationViewer, RestoreViewer, SecurityConfigAdmin, SubscriberIDWildcardSearchAdmin, ValidUser, ValidUserCBF'
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 7 of 9 in additional filter chain; firing Filter: 'SessionManagementFilter'
[12/22/14 14:17:19:938 CST] 000000a5 HttpSessionSe 1 org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper createNewSessionIfAllowed HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[12/22/14 14:17:19:938 CST] 000000a5 DefaultFilter 1 org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource lookupAttributes Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
更新(2014年12月24日) -
好的,我相信Spring Security的问题正在发生。当应用程序尝试从/ images / cbf获取图像时,而不是选择模式/ images / *它选择模式/ 。选择/ 时,它应该通过Spring Security过滤器。那么为什么选择模式/ **而不是/ images / *。这可能是WebSphere 8.5.5.1中的问题吗?
以下是可以选择的模式。
<sec:http entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" access-decision-manager-ref="httpRequestAccessDecisionManager">
<sec:intercept-url pattern="/general/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<sec:intercept-url pattern="/j_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
<sec:intercept-url pattern="/favicon.ico" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
<sec:intercept-url pattern="/index*" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
<sec:intercept-url pattern="/javascript/*" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
<sec:intercept-url pattern="/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
<sec:intercept-url pattern="/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
<sec:intercept-url pattern="/iframe_black*" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
<sec:intercept-url pattern="/WebHelp_Pro/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
<sec:intercept-url pattern="/j_spring_security_logout" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<sec:intercept-url pattern="/**" access="ValidUser"/>
<sec:intercept-url pattern="/cbf/*" access="ValidUserCBF"/>
<sec:custom-filter ref="j2eePreAuthFilter" position="PRE_AUTH_FILTER" />
<sec:custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />
</sec:http>
答案 0 :(得分:1)
我能够通过将intercept-url模式从/ images / *更改为/ images / **来解决此问题。这允许存储在/ images / cbf或/ images / cbf /按钮下的图像不通过Spring Security过滤器。