Spring web mvc安全需要很长时间才能完成加载页面

时间:2017-04-02 18:54:38

标签: java spring spring-mvc spring-security spring-session

我正在使用具有spring security的spring web mvc创建一个登录页面。当我在我的本地计算机上部署应用程序时,它正在按预期工作。登录页面加载没有问题。但是当我尝试在托管服务提供商中部署应用程序时,登录页面在最终成功加载之前需要很长时间才能加载。

这是我访问应用程序时的消息

2017-04-02 18:16:30.482  INFO 28450 --- [p-nio-80-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 43 ms

这是最终加载登录页面时的消息

2017-04-02 18:25:01.135  INFO 28450 --- [p-nio-80-exec-1] o.a.c.util.SessionIdGeneratorBase        : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [510,546] milliseconds.

我正在使用spring 1.4.5,使用maven构建并使用java -jar运行应用程序

这是我的application.properties内容

# other
server.port=8082
spring.session.store-type=none
spring.jpa.properties.hibernate.jdbc.time_zone = UTC+7

MvcConfig.java 

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/").setViewName("dashboard");
        registry.addViewController("/login").setViewName("login");
        registry.addViewController("/403").setViewName("403");
        registry.addViewController("/404").setViewName("404");
    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/resources/**")
                .addResourceLocations("/resources/")
                .addResourceLocations("/static/")
                .addResourceLocations("/static/**")
                .addResourceLocations("/resources/static/")
                .addResourceLocations("/resources/static/**")
                .addResourceLocations("/")
                .addResourceLocations("/**");
    }

}

WebSecurityConfig.java 

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@ComponentScan(basePackageClasses = CustomAccountDetailsService.class)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordencoder());

    @Bean(name = "passwordEncoder")
    public PasswordEncoder passwordencoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/layout/**").permitAll()
                .antMatchers("/calendar").hasAuthority("USER")
                .antMatchers("/customer").hasAuthority("ADMIN")
                .anyRequest().fullyAuthenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .failureUrl("/login?error")
                .defaultSuccessUrl("/")
                .permitAll()
                .and()
            .logout()
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/login")
                .permitAll()
                .and()
            .exceptionHandling().accessDeniedPage("/403")
                .and().csrf();
    }

}

托管提供商机器: Ubuntu Server 16.04.2 LTS RAM 4GB 硬盘:40GB SSD和3TB

页面成功加载后,如果我刷新它,页面不再需要很长时间才能加载。但如果我更改server.port中的application.properties并重新启动应用程序(再次按Ctrl + C和java -jar),则会再次发生同样的事情。

我不明白是什么原因导致托管机器的加载时间与我的本地机器相比需要很长时间。 任何指针应该做什么或检查将是非常有帮助的

1 个答案:

答案 0 :(得分:1)

SecureRandom初始化时,系统随机数生成器需要一些字节。在Linux上,如果系统没有足够的熵(直到系统获得该熵),Java会从/ dev / random中获取阻塞的内容。这可能需要一段时间。

解决方案是切换到/dev/urandom,但不会阻止。

可能的解决方案之一是在java命令行中添加以下内容:

-Djava.security.egd=file:/dev/./urandom

请注意/ dev /和/ urandom之间的点:这不是拼写错误。这是必需的(或者至少在某些Java版本中是必需的):https://security.stackexchange.com/questions/14386/what-do-i-need-to-configure-to-make-sure-my-software-uses-dev-urandom

相关问题
最新问题