Grails 2.5 + Spring Security Core 2.0-RC4:AbstractAuthenticationProcessingFilter

时间:2015-05-20 13:10:31

标签: grails spring-security

环境:Grails 2.5.0,OSX,Java 7.0_71

我试图从

升级我的应用

Grails / Hibernate 2.2.4 + spring-security-core:1.2.7.3

Grails 2.5.0 + hibernate4:4.3.8.1 + spring-security-core:2.0-RC4

但是当我尝试进行身份验证时,我得到了:

2015-05-20 21:35:55.705 [http-bio-8080-exec-10] grails.plugin.springsecurity.web.filter.DebugFilter
 INFO  

************************************************************

Request received for '/j_spring_security_check':

org.apache.catalina.connector.RequestFacade@2ca7d226

servletPath:/j_spring_security_check
pathInfo:null

Security filter chain: [
  SecurityContextPersistenceFilter
  MutableLogoutFilter
  RequestHolderAuthenticationFilter
  SecurityContextHolderAwareRequestFilter
  GrailsRememberMeAuthenticationFilter
  GrailsAnonymousAuthenticationFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]
************************************************************
2015-05-20 21:35:55.705 [http-bio-8080-exec-10] grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter
 DEBUG Request is to process authentication
2015-05-20 21:35:55.773 [http-bio-8080-exec-10] net.sf.ehcache.store.disk.Segment
...
2015-05-20 21:35:55.805 [http-bio-8080-exec-10] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/foo].[default]
 ERROR Servlet.service() for servlet [default] in context with path [/foo] threw exception
java.lang.NullPointerException
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:216)
    at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at grails.plugin.springsecurity.web.filter.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:102)
    at grails.plugin.springsecurity.web.filter.DebugFilter.doFilter(DebugFilter.java:69)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:69)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
2015-05-20 21:35:55.806 [http-bio-8080-exec-10] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost]
 DEBUG Processing ErrorPage[errorCode=500, location=/grails-errorhandler]
2015-05-20 21:35:55.807 [http-bio-8080-exec-10] org.apache.catalina.core.StandardWrapper
 DEBUG Allocating non-STM instance
2015-05-20 21:35:55.808 [http-bio-8080-exec-10] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/foo]
 INFO  Initializing Spring FrameworkServlet 'grails-errorhandler'
2015-05-20 21:35:55.821 [http-bio-8080-exec-10] grails.plugin.springsecurity.web.filter.DebugFilter
 INFO  
...

我们在216处调查了AbstractAuthenticationProcessingFilter source code

sessionStrategy.onAuthentication(authResult, request, response);

我认为sessionStrategy可能为null。

因此,我应该怎么做才能正确初始化sessionStrategy?

这是我的Config.groovy:

//######### Spring Security Core plugin:

grails.plugin.springsecurity.userLookup.userDomainClassName = 'br.com.foo.domain.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'br.com.foo.domain.UserRole'
grails.plugin.springsecurity.authority.className = 'br.com.foo.domain.Role'

//maintain the previous encryption
grails.plugin.springsecurity.password.algorithm = 'SHA-256'
grails.plugin.springsecurity.password.hash.iterations = 1

grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.onInteractiveAuthenticationSuccessEvent = { e, appCtx ->
    appCtx.userService.onAuthenticationSuccessEvent()
}
grails.plugin.springsecurity.useHttpSessionEventPublisher = true

grails.plugin.springsecurity.sessionFixationPrevention.alwaysCreateSession = true

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    '/':                              ['permitAll'],
    '/index':                         ['permitAll'],
    '/index.gsp':                     ['permitAll'],
    '/assets/**':                     ['permitAll'],
    '/**/js/**':                      ['permitAll'],
    '/**/css/**':                     ['permitAll'],
    '/**/images/**':                  ['permitAll'],
    '/**/favicon.ico':                ['permitAll']
]

干杯。

1 个答案:

答案 0 :(得分:0)

好的,我估计我找到了如何启动sessionStrategy:

在文件中:/conf/resources.groovy我添加了:

import org.springframework.security.core.session.SessionRegistryImpl
import org.springframework.security.web.session.ConcurrentSessionFilter
import org.springframework.security.web.session.SessionManagementFilter
import org.springframework.security.web.context.HttpSessionSecurityContextRepository
import org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy

// Place your Spring DSL code here
beans = {

    sessionRegistry(SessionRegistryImpl)

    concurrentSessionFilter(ConcurrentSessionFilter) {
        sessionRegistry = ref('sessionRegistry')
        logoutHandlers = [ref("rememberMeServices"), ref("securityContextLogoutHandler")]
        expiredUrl='/login/auth'
    }

    //Spring Security Session Expired Configuration
    simpleRedirectInvalidSessionStrategy(SimpleRedirectInvalidSessionStrategy, "/login/auth")
    securityContextRepository(HttpSessionSecurityContextRepository)
    sessionManagementFilter(SessionManagementFilter, securityContextRepository) {
      invalidSessionStrategy=ref('simpleRedirectInvalidSessionStrategy')
    }
}

在文件cont / Bootstrap.groovy中,我补充说:

import org.springframework.security.core.context.SecurityContextHolder

class BootStrap {

    def init = { servletContext ->

        SpringSecurityUtils.clientRegisterFilter('concurrentSessionFilter', SecurityFilterPosition.CONCURRENT_SESSION_FILTER)
    SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL)
           } 
}

现在一切正常。

干杯。