成功验证后,Spring Security不会重定向用户

时间:2017-05-19 01:45:43

标签: spring spring-security

我正在使用Spring Security。在成功验证用户之后,用户不会被重定向到目标页面(mytasks-staffToDoList-displayStaffToDo)。而是将用户返回到登录页面。这是日志。

    [5/18/17 19:28:32:783 CDT] 00000100 SystemOut     O 19:28:32.783 [WebContainer : 5] DEBUG 

    org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.805 [WebContainer : 5] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher 

    - Checking match of request : '/mytasks/staffToDoList/displayStaffToDo'; against '/resources/**'
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.806 [WebContainer : 5] DEBUG 

    org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.806 [WebContainer : 5] DEBUG 

    org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will 

    be created.
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher 

    - Checking match of request : '/mytasks/staffToDoList/displayStaffToDo'; against '/logout'
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher 

    - Request 'GET /mytasks/staffToDoList/displayStaffToDo' doesn't match 'POST /login
    [5/18/17 19:28:32:806 CDT] 00000100 SystemOut     O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG 

    org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 

    'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa93c2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; 

    Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 168.38.174.82; SessionId: null; Granted 

    Authorities: ROLE_ANONYMOUS'
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.session.SessionManagementFilter - 

    Requested session ID 0001-xoP2q1PCn822W2-J6Sp7n1:1bg8u7rts is invalid.
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy - 

    /mytasks/staffToDoList/displayStaffToDo at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher 

    - Checking match of request : '/mytasks/staffToDoList/displayStaffToDo'; against '/login'
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG 

    org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /mytasks/staffToDoList/displayStaffToDo; 

    Attributes: [isAuthenticated()]
    [5/18/17 19:28:32:807 CDT] 00000100 SystemOut     O 19:28:32.807 [WebContainer : 5] DEBUG 

    org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: 

    org.springframework.security.authentication.AnonymousAuthenticationToken@6faa93c2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; 

    Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 168.38.174.82; SessionId: null; Granted 

    Authorities: ROLE_ANONYMOUS
    [5/18/17 19:28:32:814 CDT] 00000100 SystemOut     O 19:28:32.813 [WebContainer : 5] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: 

    org.springframework.security.web.access.expression.WebExpressionVoter@d8a70c45, returned: -1

以下是例外:

org.springframework.security.access.AccessDeniedException: Access is denied
        at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
        at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
        at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
        at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
        at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:969)
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1109)
        at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4144)
        at com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2208)
        at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
        at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1030)
        at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
        at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
        at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:88)
        at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1820)
        at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
[5/18/17 19:28:32:819 CDT] 00000100 SystemOut     O 19:28:32.819 [WebContainer : 5] DEBUG 

org.springframework.security.web.savedrequest.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest

[https://dfps4svapp26:12226/web/mytasks/staffToDoList/displayStaffToDo]

这是我的spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
   xmlns:beans="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
                   http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
                   http://www.springframework.org/schema/security
                   http://www.springframework.org/schema/security/spring-security-4.2.xsd">

   <!-- <http pattern="/static/**" security="none" /> -->

   <!-- <http use-expressions="true" >
     <intercept-url pattern="/" access="permitAll" />
     <intercept-url pattern="/enter" access="hasRole('user')" />
     <intercept-url pattern="/**" access="denyAll" />
     <form-login default-target-url="/" />
     <logout  logout-success-url="/" />
   </http> -->
    <beans:bean id="myAuthenticationSuccessHandler"
            class="us.tx.state.dfps.web.security.handler.DefaultAuthenticationSuccessHandler" >
            <beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
            <beans:property name="defaultTargetUrl" value="/"/>
     </beans:bean>

    <!-- <http pattern="/service-business-1.2.2/**" security="none" create-session="stateless"/> -->
    <http security="none" pattern="/resources/**"/>
    <http auto-config="true">
        <!--  <intercept-url pattern="/**" access="permitAll" /> -->
        <intercept-url pattern="/login" access="permitAll" />
        <intercept-url pattern="/**" access="isAuthenticated()" />
        <intercept-url pattern="/resources/**" access="permitAll"/>

        <csrf disabled="true"/>
        <form-login login-page='/login'
            authentication-failure-url="/login?error=true"
            authentication-success-handler-ref="myAuthenticationSuccessHandler"/>
        <logout  logout-success-url="/login" />
    </http>






    <beans:bean  id="ldapAuthProvider"
    class="us.tx.state.dfps.web.security.config.ActiveDirectoryLdapAuthenticationProvider">
        <beans:constructor-arg value="dfps.txnet.state.tx.us" />
        <beans:constructor-arg value="ldap://12aust2872dc03.dfps.txnet.state.tx.us:3268" />
        <!-- <beans:property name="useAuthenticationRequestCredentials">
        <value type="java.lang.Boolean">true</value>
        </beans:property>
        <beans:property name="convertSubErrorCodesToExceptions" >
        <value type="java.lang.Boolean">true</value>
        </beans:property> -->
   </beans:bean>

   <authentication-manager erase-credentials="false">
     <authentication-provider ref="ldapAuthProvider" />
   </authentication-manager>
</beans:beans>

The application is deployed on Websphere Application Server 9.0. 

0 个答案:

没有答案