使用基本身份验证和无状态会话的Underwow中的无效会话

时间:2020-07-09 21:50:19

标签: spring-boot grails spring-security undertow

我有一个grails 4(基于spring boot)应用程序,它偶尔会出现故障。在这一点上,我什至没有指出问题的根源,希望有人可以提供帮助。

发生错误的情况是一个应用程序对另一个应用程序进行REST调用。这些都是使用通过基本身份验证提供的通用用户名和密码制成的。在应用程序成功运行后的某个时间点(到目前为止,大多数情况下,> 12小时)这些调用开始失败,并显示以下错误:

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalStateException: UT000010: Session is invalid XVBnzVaxVhijSIz2xk_Tl5fqsJD9n30ggd_614iF
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
        at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
        at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:209)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:251)
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:186)
        at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:501)
        at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:427)
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:308)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
        at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
        at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalStateException: UT000010: Session is invalid XVBnzVaxVhijSIz2xk_Tl5fqsJD9n30ggd_614iF
        at io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:512)
        at io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122)
        at org.springframework.web.servlet.support.SessionFlashMapManager.retrieveFlashMaps(SessionFlashMapManager.java:49)
        at org.springframework.web.servlet.support.AbstractFlashMapManager.retrieveAndUpdate(AbstractFlashMapManager.java:94)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:934)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)

使用Postman相同的基本身份验证成功调用相同的端点。

对于这些呼叫,安全性配置如下:

  http
    .headers().frameOptions().sameOrigin().and()
    .csrf().disable()
    .requestMatcher(basicAuthMatcher)
    .authorizeRequests()
    .anyRequest().authenticated()
    .and()
    .httpBasic()
     
  http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

对我而言,可疑的部分是堆栈跟踪来自SessionFlashMapManager。据我了解,不应举行任何会议。当然,我不打算使用任何东西。

有人以前曾经见过这样的错误,或者有诊断建议吗?

0 个答案:

没有答案
相关问题
最新问题