我正在使用Spring Web MVC 4和Spring Security在GlassFish 4上开发Web应用程序。
我通过Spring的XML配置使用JDBC提供程序配置了基于表单的身份验证:
<jee:jndi-lookup id="appDataSource" jndi-name="jdbc/appDbPool" expected-type="javax.sql.DataSource" />
<http use-expressions="true">
<form-login login-page="/login.html" default-target-url="/" />
<logout logout-url="/logout" logout-success-url="/" />
</http>
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="appDataSource"
users-by-username-query="SELECT user_login_name, user_password_hash, 1 FROM user_accounts WHERE user_login_name = ?"
authorities-by-username-query="SELECT ... WHERE user_login_name = ?"
/>
</authentication-provider>
</authentication-manager>
我使用默认格式字符串在GlassFish的HTTP服务配置中启用了访问日志记录:
%client.name% %auth-user-name% %datetime% %request% %status% %response.length%
在用户登录之前,我在访问日志的%auth-user-name%字段中看到“ NULL-AUTH-USER”。 用户成功登录后,我希望Spring Security创建一个标准Java EE服务器的会话对象,并且用户的登录名将出现在访问日志中。但是日志显示了相同的“ NULL-AUTH-USER”。
这是我的日志中的报价:
"0:0:0:0:0:0:0:1" "NULL-AUTH-USER" "21/Jun/2018:10:31:10 +0500" "GET /appweb/main.html HTTP/1.1" 200 24923
(用户进入“ / appweb / profile”页面,该页面要求用户登录)
"0:0:0:0:0:0:0:1" "NULL-AUTH-USER" "21/Jun/2018:10:31:20 +0500" "GET /appweb/login.html HTTP/1.1" 200 5471
"0:0:0:0:0:0:0:1" "NULL-AUTH-USER" "21/Jun/2018:10:31:25 +0500" "POST /ectrweb/login HTTP/1.1" 302 181
(用户成功登录并进入其个人资料页面)
"0:0:0:0:0:0:0:1" "NULL-AUTH-USER" "21/Jun/2018:10:31:25 +0500" "GET /appweb/profile HTTP/1.1" 200 20202
如何使用Spring Security正确显示登录用户的登录名?
((在我的其他应用程序中,我将JSF和GlassFish的安全性用于JDBC领域,而不是Spring框架。访问日志正确显示了登录的用户名:
"127.0.0.1" "NULL-AUTH-USER" "21/Jun/2018:11:32:17 +0500" "GET /index.xhtml HTTP/1.1" 200 26964
"127.0.0.1" "NULL-AUTH-USER" "21/Jun/2018:11:32:47 +0500" "GET /app/summary.xhtml HTTP/1.1" 200 3767
"127.0.0.1" "NULL-AUTH-USER" "21/Jun/2018:11:33:29 +0500" "POST /app/j_security_check HTTP/1.1" 302 193
"127.0.0.1" "g66" "21/Jun/2018:11:33:29 +0500" "GET /app/summary.xhtml HTTP/1.1" 200 16928
)