将Spring mvc项目迁移到Spring引导时,Spring Security登录失败

时间:2016-11-22 06:38:17

标签: spring security spring-boot migrate

我将一个正在运行的Spring mvc项目迁移到Spring引导。请参阅此document和此question的第81.3节。模块工作正常,但SpringSecurity无法登录。

在打开主页时会跳转到登录页面,然后登录主页和登录页面后反复重定向都是302 HTTP响应,然后出现错误ERR_TOO_MANY_REDIRECTS。

调试后,当我登录Custom UserDetailsS​​ervice时可以正确查找并返回UserDetails,自定义SimpleUrlAuthenticationSuccessHandler也正常调用onAuthenticationSuccess,但是在过滤器链中调用FilterSecurityInterceptor这个过滤器,SpringSecurity登录状态被清除,我和不要调用HTTP请求的注销。 我仔细检查了集create-session = "stateless"中的清除登录状态是否正常,但似乎我的应用程序无法正确重新授权。请求后SecurityContextHolder.getContext().GetAuthentication().GetPrincipal()已成为匿名用户(Cookie正确传递loginKey = b3668242-574a-498e-bd03-243e28dc805c; SESSIONID_HAP = 98963370-8561-40a2-9898-a5e80f7d1186)。

这个项目比较复杂,以下是配置和代码的重要部分,它们的作用基本上是原始的和等价的。

SpringBootConfigure.java SpringBoot输入点。

@SpringBootApplication(exclude = { DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class })
@ImportResource({"classpath:/spring/applicationContext*.xml","classpath:/spring/appServlet/servlet*.xml"})
public class SpringBootConfigure {
...
}

spring security xml config          

<http access-decision-manager-ref="accessDecisionManager">
    <csrf disabled="true"/>
    <intercept-url pattern="/login" access="permitAll" />
    <intercept-url pattern="/login.html" access="permitAll" />
    <intercept-url pattern="/verifiCode" access="permitAll" />
    <intercept-url pattern="/common/**" access="permitAll" />
    <intercept-url pattern="/boot/**" access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

    <access-denied-handler error-page="/403.html"/>


    <form-login login-page='/login' authentication-success-handler-ref="successHandler"
                authentication-failure-handler-ref="loginFailureHandler"/>
    <custom-filter ref="captchaVerifierFilter" before="FORM_LOGIN_FILTER"/>

    <logout logout-url="/logout"/>

    <headers defaults-disabled="true">
        <cache-control/>
    </headers>
</http>

<beans:bean id="loginFailureHandler" class="com.hand.hap.security.LoginFailureHandler"/>

<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
    <beans:constructor-arg>
        <beans:list>
            <beans:bean class="org.springframework.security.web.access.expression.WebExpressionVoter"/>
        </beans:list>
    </beans:constructor-arg>
</beans:bean>

<authentication-manager>
    <authentication-provider user-service-ref="customUserDetailsService">
        <password-encoder ref="passwordManager"/>
    </authentication-provider>
</authentication-manager>

<beans:bean id="captchaVerifierFilter" class="com.hand.hap.security.CaptchaVerifierFilter">
    <beans:property name="captchaField" value="verifiCode"/>
</beans:bean>

<beans:bean id="successHandler" class="com.hand.hap.security.CustomAuthenticationSuccessHandler">
    <beans:property name="defaultTargetUrl" value="/index"/>
</beans:bean>

0 个答案:

没有答案
相关问题
最新问题