我正在使用Spring Security。在成功验证用户之后,用户不会被重定向到目标页面(mytasks-staffToDoList-displayStaffToDo)。而是将用户返回到登录页面。这是日志。
[5/18/17 19:28:32:783 CDT] 00000100 SystemOut O 19:28:32.783 [WebContainer : 5] DEBUG
org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.805 [WebContainer : 5] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher
- Checking match of request : '/mytasks/staffToDoList/displayStaffToDo'; against '/resources/**'
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.806 [WebContainer : 5] DEBUG
org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.806 [WebContainer : 5] DEBUG
org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will
be created.
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher
- Checking match of request : '/mytasks/staffToDoList/displayStaffToDo'; against '/logout'
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher
- Request 'GET /mytasks/staffToDoList/displayStaffToDo' doesn't match 'POST /login
[5/18/17 19:28:32:806 CDT] 00000100 SystemOut O 19:28:32.806 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG
org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token:
'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa93c2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true;
Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 168.38.174.82; SessionId: null; Granted
Authorities: ROLE_ANONYMOUS'
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.session.SessionManagementFilter -
Requested session ID 0001-xoP2q1PCn822W2-J6Sp7n1:1bg8u7rts is invalid.
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.FilterChainProxy -
/mytasks/staffToDoList/displayStaffToDo at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher
- Checking match of request : '/mytasks/staffToDoList/displayStaffToDo'; against '/login'
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG
org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /mytasks/staffToDoList/displayStaffToDo;
Attributes: [isAuthenticated()]
[5/18/17 19:28:32:807 CDT] 00000100 SystemOut O 19:28:32.807 [WebContainer : 5] DEBUG
org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated:
org.springframework.security.authentication.AnonymousAuthenticationToken@6faa93c2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true;
Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffe21a: RemoteIpAddress: 168.38.174.82; SessionId: null; Granted
Authorities: ROLE_ANONYMOUS
[5/18/17 19:28:32:814 CDT] 00000100 SystemOut O 19:28:32.813 [WebContainer : 5] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter:
org.springframework.security.web.access.expression.WebExpressionVoter@d8a70c45, returned: -1
以下是例外:
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:969)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1109)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4144)
at com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2208)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1030)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:88)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1820)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
[5/18/17 19:28:32:819 CDT] 00000100 SystemOut O 19:28:32.819 [WebContainer : 5] DEBUG
org.springframework.security.web.savedrequest.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest
[https://dfps4svapp26:12226/web/mytasks/staffToDoList/displayStaffToDo]
这是我的spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<!-- <http pattern="/static/**" security="none" /> -->
<!-- <http use-expressions="true" >
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/enter" access="hasRole('user')" />
<intercept-url pattern="/**" access="denyAll" />
<form-login default-target-url="/" />
<logout logout-success-url="/" />
</http> -->
<beans:bean id="myAuthenticationSuccessHandler"
class="us.tx.state.dfps.web.security.handler.DefaultAuthenticationSuccessHandler" >
<beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
<beans:property name="defaultTargetUrl" value="/"/>
</beans:bean>
<!-- <http pattern="/service-business-1.2.2/**" security="none" create-session="stateless"/> -->
<http security="none" pattern="/resources/**"/>
<http auto-config="true">
<!-- <intercept-url pattern="/**" access="permitAll" /> -->
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<intercept-url pattern="/resources/**" access="permitAll"/>
<csrf disabled="true"/>
<form-login login-page='/login'
authentication-failure-url="/login?error=true"
authentication-success-handler-ref="myAuthenticationSuccessHandler"/>
<logout logout-success-url="/login" />
</http>
<beans:bean id="ldapAuthProvider"
class="us.tx.state.dfps.web.security.config.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="dfps.txnet.state.tx.us" />
<beans:constructor-arg value="ldap://12aust2872dc03.dfps.txnet.state.tx.us:3268" />
<!-- <beans:property name="useAuthenticationRequestCredentials">
<value type="java.lang.Boolean">true</value>
</beans:property>
<beans:property name="convertSubErrorCodesToExceptions" >
<value type="java.lang.Boolean">true</value>
</beans:property> -->
</beans:bean>
<authentication-manager erase-credentials="false">
<authentication-provider ref="ldapAuthProvider" />
</authentication-manager>
</beans:beans>
The application is deployed on Websphere Application Server 9.0.