无法让hasIpAddress在Spring Security上运行

时间:2016-09-15 16:42:02

标签: spring spring-security

我正在努力让hasIpAddress('192.168.0.129') hasIpAddress('192.168.0.0/24') hasIpAddress('192.168.0/24') 致力于Spring Security。我已经阅读了我在网上找到的所有内容,但没有解决我的问题......

我试过了:

hasIpAddress

我只能在没有SpringSecurityConfig.xml ...

的情况下工作

<http use-expressions="true"> <intercept-url pattern="/init.do" access="isAnonymous() and hasIpAddress('192.168.0/24')" /> <form-login login-page="/login" /> <logout /> </http>

09/15/2016 16:19:19  [http-listener-1(5)]:springframework.security.web.context.SecurityContextPersistenceFilter.doFilter()119 SecurityContextHolder now cleared, as request processing completed
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.context.HttpSessionSecurityContextRepository.readSecurityContextFromSession()186 HttpSession returned null object for SPRING_SECURITY_CONTEXT
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.context.HttpSessionSecurityContextRepository.loadContext()116 No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@4636ced1. A new one will be created.
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:security.web.util.matcher.AntPathRequestMatcher.matches()137 Request 'GET /init.do' doesn't match 'POST /logout
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:security.web.util.matcher.AntPathRequestMatcher.matches()137 Request 'GET /init.do' doesn't match 'POST /login
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()322 pathInfo: both null (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()322 queryString: both null (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 requestURI: arg1=/gestionprod/; arg2=/gestionprod/ (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 serverPort: arg1=8080; arg2=8080 (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 requestURL: arg1=http://localhost:8080/gestionprod/; arg2=http://localhost:8080/gestionprod/ (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 scheme: arg1=http; arg2=http (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 serverName: arg1=localhost; arg2=localhost (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 contextPath: arg1=/gestionprod; arg2=/gestionprod (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 servletPath: arg1=/init.do; arg2=/init.do (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.HttpSessionRequestCache.removeRequest()82 Removing DefaultSavedRequest from session if present
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter()100 Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: e2c51e45dac31339aa97b4863285; Granted Authorities: ROLE_ANONYMOUS'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
09/15/2016 16:19:19  [http-listener-1(1)]:security.web.util.matcher.AntPathRequestMatcher.matches()157 Checking match of request : '/init.do'; against '/init.do'
09/15/2016 16:19:19  [http-listener-1(1)]:security.web.access.intercept.FilterSecurityInterceptor.beforeInvocation()219 Secure object: FilterInvocation: URL: /init.do; Attributes: [isAnonymous() and hasIpAddress('192.168.0/24')]
09/15/2016 16:19:19  [http-listener-1(1)]:security.web.access.intercept.FilterSecurityInterceptor.authenticateIfRequired()348 Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: e2c51e45dac31339aa97b4863285; Granted Authorities: ROLE_ANONYMOUS
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.access.vote.AffirmativeBased.decide()66 Voter: org.springframework.security.web.access.expression.WebExpressionVoter@36f219a, returned: -1
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException()174 Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied

在我的日志中:

Cell A  | Cell B  | Cell C (result)
=============================
My Name |   this  | My Name 1
-------------------------------
my Name | you      | My Name 2
My name |  our     |  My name 3 

1 个答案:

答案 0 :(得分:1)

您的客户端IP地址错误0:0:0:0:0:0:0:1,请参阅:

09/15/2016 16:19:19  [http-listener-1(1)]:security.web.access.intercept.FilterSecurityInterceptor.authenticateIfRequired()348 Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: e2c51e45dac31339aa97b4863285; Granted Authorities: ROLE_ANONYMOUS

0:0:0:0:0:0:0:1是loopback的IPv6地址,请参阅RFC 4291

  

单播地址0:0:0:0:0:0:0:1称为环回地址。

请勿使用localhost来呼叫您的服务器,这是一个环回,请参阅Wikipedia

  

将名称​​ localhost 解析为一个或多个IP地址由操作系统主机文件中的以下行配置:

127.0.0.1    localhost
::1          localhost