环境:Grails 2.5.0,OSX,Java 7.0_71
我试图从
升级我的应用Grails / Hibernate 2.2.4 + spring-security-core:1.2.7.3
到
Grails 2.5.0 + hibernate4:4.3.8.1 + spring-security-core:2.0-RC4
但是当我尝试进行身份验证时,我得到了:
2015-05-20 21:35:55.705 [http-bio-8080-exec-10] grails.plugin.springsecurity.web.filter.DebugFilter
INFO
************************************************************
Request received for '/j_spring_security_check':
org.apache.catalina.connector.RequestFacade@2ca7d226
servletPath:/j_spring_security_check
pathInfo:null
Security filter chain: [
SecurityContextPersistenceFilter
MutableLogoutFilter
RequestHolderAuthenticationFilter
SecurityContextHolderAwareRequestFilter
GrailsRememberMeAuthenticationFilter
GrailsAnonymousAuthenticationFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
************************************************************
2015-05-20 21:35:55.705 [http-bio-8080-exec-10] grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter
DEBUG Request is to process authentication
2015-05-20 21:35:55.773 [http-bio-8080-exec-10] net.sf.ehcache.store.disk.Segment
...
2015-05-20 21:35:55.805 [http-bio-8080-exec-10] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/foo].[default]
ERROR Servlet.service() for servlet [default] in context with path [/foo] threw exception
java.lang.NullPointerException
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:216)
at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at grails.plugin.springsecurity.web.filter.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:102)
at grails.plugin.springsecurity.web.filter.DebugFilter.doFilter(DebugFilter.java:69)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:69)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
2015-05-20 21:35:55.806 [http-bio-8080-exec-10] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost]
DEBUG Processing ErrorPage[errorCode=500, location=/grails-errorhandler]
2015-05-20 21:35:55.807 [http-bio-8080-exec-10] org.apache.catalina.core.StandardWrapper
DEBUG Allocating non-STM instance
2015-05-20 21:35:55.808 [http-bio-8080-exec-10] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/foo]
INFO Initializing Spring FrameworkServlet 'grails-errorhandler'
2015-05-20 21:35:55.821 [http-bio-8080-exec-10] grails.plugin.springsecurity.web.filter.DebugFilter
INFO
...
我们在216处调查了AbstractAuthenticationProcessingFilter source code:
sessionStrategy.onAuthentication(authResult, request, response);
我认为sessionStrategy可能为null。
因此,我应该怎么做才能正确初始化sessionStrategy?
这是我的Config.groovy:
//######### Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'br.com.foo.domain.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'br.com.foo.domain.UserRole'
grails.plugin.springsecurity.authority.className = 'br.com.foo.domain.Role'
//maintain the previous encryption
grails.plugin.springsecurity.password.algorithm = 'SHA-256'
grails.plugin.springsecurity.password.hash.iterations = 1
grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.onInteractiveAuthenticationSuccessEvent = { e, appCtx ->
appCtx.userService.onAuthenticationSuccessEvent()
}
grails.plugin.springsecurity.useHttpSessionEventPublisher = true
grails.plugin.springsecurity.sessionFixationPrevention.alwaysCreateSession = true
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']
]
干杯。
答案 0 :(得分:0)
好的,我估计我找到了如何启动sessionStrategy:
在文件中:/conf/resources.groovy我添加了:
import org.springframework.security.core.session.SessionRegistryImpl
import org.springframework.security.web.session.ConcurrentSessionFilter
import org.springframework.security.web.session.SessionManagementFilter
import org.springframework.security.web.context.HttpSessionSecurityContextRepository
import org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
// Place your Spring DSL code here
beans = {
sessionRegistry(SessionRegistryImpl)
concurrentSessionFilter(ConcurrentSessionFilter) {
sessionRegistry = ref('sessionRegistry')
logoutHandlers = [ref("rememberMeServices"), ref("securityContextLogoutHandler")]
expiredUrl='/login/auth'
}
//Spring Security Session Expired Configuration
simpleRedirectInvalidSessionStrategy(SimpleRedirectInvalidSessionStrategy, "/login/auth")
securityContextRepository(HttpSessionSecurityContextRepository)
sessionManagementFilter(SessionManagementFilter, securityContextRepository) {
invalidSessionStrategy=ref('simpleRedirectInvalidSessionStrategy')
}
}
在文件cont / Bootstrap.groovy中,我补充说:
import org.springframework.security.core.context.SecurityContextHolder
class BootStrap {
def init = { servletContext ->
SpringSecurityUtils.clientRegisterFilter('concurrentSessionFilter', SecurityFilterPosition.CONCURRENT_SESSION_FILTER)
SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL)
}
}
现在一切正常。
干杯。