在spring过滤器链中的sessionMgmt过滤器中获取防火墙请求Classcast异常

时间:2016-03-08 23:17:30

标签: java spring spring-mvc spring-security

我在spring过滤器链中使用会话mgmt过滤器在此类HttpSessionSecurityContextRepository中抛出此异常。 这是我的security-app.xml的片段

<beans:bean id="springSecurityFilterChain1" class="org.springframework.security.web.FilterChainProxy">
    <beans:constructor-arg>
        <beans:list>
            <security:filter-chain pattern="/resources/**" filters="none"/>
            <security:filter-chain pattern="/**"
                filters="securityContextPersistenceFilterWithASCTrue, 
                customBadgeAuthFilter,   
                                                      logoutFilter,   

                                                         requestCacheFilter,
                                                         securityContextHolderAwareRequestFilter,
                                                         sessionMgmtFilter,
                                                         formLoginExceptionTranslationFilter,
                                                         filterSecurityInterceptor" />
        </beans:list>

</beans:constructor-arg></beans:bean><beans:bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/> <beans:bean id="requestCacheFilter" class="org.springframework.security.web.savedrequest.RequestCacheAwareFilter" /> <beans:bean id="securityContextPersistenceFilterWithASCTrue" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"> <beans:property name="securityContextRepository" ref="securityContextRepository"/> </beans:bean> <beans:bean id="securityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"/><beans:bean id="sessionMgmtFilter" class="org.springframework.security.web.session.SessionManagementFilter"> <beans:constructor-arg ref="securityContextRepository"/> </beans:bean>

当它尝试强制转换为SavedContextOnUpdateOrErrorResponseWrapper时,它是一个类强制转换。此值由ContextPersistentFilter设置,它在我的安全链中作为第一个元素被调用

public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
    SaveContextOnUpdateOrErrorResponseWrapper responseWrapper = (SaveContextOnUpdateOrErrorResponseWrapper)response;
    // saveContext() might already be called by the response wrapper
    // if something in the chain called sendError() or sendRedirect(). This ensures we only call it
    // once per request.
    if (!responseWrapper.isContextSaved() ) {
        responseWrapper.saveContext(context);
    }
}

这是我的堆栈跟踪

java.lang.ClassCastException: org.springframework.security.web.firewall.FirewalledResponse cannot be cast to org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
at org.springframework.security.web.context.HttpSessionSecurityContextRepository.saveContext(HttpSessionSecurityContextRepository.java:99)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:93)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:207)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at edu.mayo.fss.security.filter.SecureLoginFilter.doFilter(SecureLoginFilter.java:83)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:207)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at edu.mayo.fss.spring.util.LoggingFilter.doFilter(LoggingFilter.java:41)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:207)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at

有些人可以帮忙解决我需要做些什么来解决这个防火墙请求的分类广播异常。尝试转换时,错误在sessionMgmtFilter中开始。

由于 DJ

2 个答案:

答案 0 :(得分:1)

我在spring-filter chain proxy之前有一个辅助servlet过滤器。 我摆脱了那个过滤器,一切都开始工作了。 因此,如果没有直接从jsp调用spring-filter链,而是通过另一个过滤器调用过滤器链,则防火墙请求将抛出Class Cast Exception。 spring-security之前的customFilter是FirewalledClass Cast Exception的原因。 

<filter><filter-name>customFilter</filter-name><filter-class>sas.SecureLoginFilter</filter-class></filter><filter-mapping><filter-name>customFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter>

答案 1 :(得分:0)

我遇到了同样的问题,我添加了解决方案here

可能对某些人有帮助。

相关问题
最新问题