Spring Security - 登录后,浏览器不再要求登录详细信息

时间:2011-06-30 11:31:46

标签: spring spring-security

我正在使用Spring security 3.1和Spring 3。

我遇到的问题是我使用一个浏览器登录系统,我可以登录系统。如果我将相同的URL从这里复制到其他浏览器,那就不是要求用户再次输入用户凭据。问题是它没有显示登录屏幕。

这是我的app-cofig.xml

    <!-- Scans within the base package of the application for @Components to 
    configure as beans -->
<aop:aspectj-autoproxy proxy-target-class="true" />

<bean id="CltSearch_signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
    <property name="clientApp" ref="CltSearch_clientApp" />
</bean>

<bean id="CltSearch_clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
    <property name="name" value="S3" />
</bean>

<bean id="signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
    <property name="clientApp" ref="clientApp" />
    <property name="signonPswd" ref="signonPswd" />
</bean>
<bean id="signonPswd" class="com.csc.exceed.certificate.domain.SignonPswd">
    <property name="custId" ref="custId" />
    <property name="custPswd" ref="custPswd" />
</bean>
<bean id="custId" class="com.csc.exceed.certificate.domain.CustId">
</bean>
<bean id="custPswd" class="com.csc.exceed.certificate.domain.CustPswd">
</bean>


<bean id="clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
    <property name="name" value="XCA" />
</bean>

<bean id="oXMapper" class="com.csc.exceed.util.OXMapper">
    <property name="unmarshaller" ref="unmarshaller" />
    <property name="marshaller" ref="marshaller" />
    <property name="acordRequest" ref="acordRequest" />
    <property name="acordResponse" ref="acordResponse" />
</bean>

<bean id="unmarshaller" class="org.springframework.oxm.castor.CastorMarshaller">
    <property name="mappingLocation"
        value="classpath:/templates/mapping/ACORD_Response_Mapping.xml" />
</bean>

<bean id="marshaller" class="org.springframework.oxm.castor.CastorMarshaller">
    <property name="mappingLocation"
        value="classpath:/templates/mapping/ACORD_Request_Mapping.xml" />
</bean>

<bean id="acordRequest" class="com.csc.exceed.certificate.domain.ACORD">
    <property name="insuranceSvcRq" ref="insuranceSvcRq" />
    <property name="signonRq" ref="CltSearch_signonRq" />
</bean>

<bean id="insuranceSvcRq" class="com.csc.exceed.certificate.domain.InsuranceSvcRq">
    <property name="com_csc_ClientSearchRq" ref="com_csc_ClientSearchRq" />
</bean>

<bean id="com_csc_ClientSearchRq"
    class="com.csc.exceed.certificate.domain.Com_csc_ClientSearchRq">
    <property name="com_csc_SearchInfo" ref="com_csc_SearchInfo" />
</bean>

<bean id="com_csc_SearchInfo" class="com.csc.exceed.certificate.domain.Com_csc_SearchInfo">
    <property name="com_csc_SearchCriteria" ref="com_csc_SearchCriteria" />
</bean>

<bean id="com_csc_SearchCriteria"
    class="com.csc.exceed.certificate.domain.Com_csc_SearchCriteria">
    <property name="com_csc_ClientSearch" ref="com_csc_ClientSearch" />
</bean>

<bean id="com_csc_ClientSearch" class="com.csc.exceed.certificate.domain.Com_csc_ClientSearch">
</bean>

<bean id="acordResponse" class="com.csc.exceed.certificate.domain.AcordResponse" />

<bean id="postXmlToUrl" class="com.csc.exceed.util.PostXmlToUrl" />

<bean id="supportData" class="com.csc.exceed.util.SupportDataUtilityImpl" />

<bean id="logging" class="com.csc.exceed.aspect.logging.LoggingAspect">
</bean>

<bean id="searchHandler" class="com.csc.exceed.certificate.web.AccountSearchHandler">
    <property name="oXMapper" ref="oXMapper" />
    <property name="applicationProperties" ref="applicationProperties" />
    <property name="messageProperties" ref="messageProperties" />
</bean>

<bean id="exceptionHandling" class="com.csc.exceed.aspect.exception.ExceptionHandling">
</bean>

<bean id="applicationProperties"
    class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    <property name="location">
        <value>classpath:/config/application.properties</value>
    </property>
</bean>

<bean id="messageProperties"
    class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    <property name="location">
        <value>classpath:/config/MessageResources.properties
        </value>
    </property>
</bean>

<bean id="xmlReader" class="com.csc.exceed.util.Validator">
    <property name="messageProperties" ref="messageProperties" />
    <property name="applicationProperties" ref="applicationProperties" />
    <property name="validationXml" value="classpath:/rules/validation-rules.xml" />
    <property name="oXMapper" ref="oXMapper" />
</bean>

<bean id="login" class="com.csc.exceed.certificate.domain.ACORD">
    <property name="signonRq" ref="signonRq" />
</bean>

<bean id="userManagerService" class="com.csc.exceed.aspect.security.UserManagerService" />
<bean id="customAuthenticationProvider"
    class="com.csc.exceed.aspect.security.CustomAuthenticationProvider">

    <property name="userManagerService" ref="userManagerService"></property>
    <property name="oXMapper" ref="oXMapper" />
    <property name="applicationProperties" ref="applicationProperties" />
    <property name="messageProperties" ref="messageProperties" />
</bean>

<bean id="customAuthenticationManager"
    class="com.csc.exceed.aspect.security.CustomAuthenticationManager">

    <property name="authenticationProvider" ref="customAuthenticationProvider" />
    <property name="oXMapper" ref="oXMapper" />
    <property name="login" ref="login" />
</bean>

<cache:annotation-driven />
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
    <property name="cacheManager" ref="ehcache" />
</bean>

<bean id="ehcache"
    class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
    <property name="configLocation" value="classpath:/config/ehcache.xml" />
</bean>

<bean id="checkSession" class="com.csc.exceed.util.CheckSession">
    <property name="messageProperties" ref="messageProperties" />
</bean>


<security:http entry-point-ref="CMSAuthenticationEntryPoint">
    <security:custom-filter position="FORM_LOGIN_FILTER"
        ref="customizedFormLoginFilter" />
    <security:session-management
        session-authentication-strategy-ref="sas" />


    <security:intercept-url pattern="/certs/signin/**"
        access="IS_AUTHENTICATED_ANONYMOUSLY" />

    <security:intercept-url pattern="/certs/AccountSearch/**"
        access="IS_AUTHENTICATED_ANONYMOUSLY" />


</security:http>
<bean id="sas"
    class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />

<bean id="CMSAuthenticationEntryPoint"
    class="com.csc.exceed.aspect.accesscontrol.CMSAuthenticationEntryPoint">
    <property name="loginFormUrl" value="/certs/signin" />
    <property name="forceHttps" value="false" />
</bean>

<bean id="customizedFormLoginFilter"
    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <property name="authenticationManager" ref="customAuthenticationManager" />
    <property name="filterProcessesUrl" value="/certs/j_spring_security_check" />
    <property name="authenticationSuccessHandler" ref="simpleURLSuccessHandler" />
    <property name="authenticationFailureHandler" ref="simpleURLFailureHandler" />
    <property name="allowSessionCreation" value="true" />
    <property name="sessionAuthenticationStrategy" ref="sas" />

</bean>


<bean id="simpleURLFailureHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/certs/signin" />
    <!-- <property name="allowSessionCreation" value="true" /> -->
</bean>

<bean id="simpleURLSuccessHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    <property name="defaultTargetUrl" value="/certs/AccountSearch" />
    <property name="alwaysUseDefaultTargetUrl" value="true" />


</bean>
<security:authentication-manager alias="authenticationManager">
</security:authentication-manager>

web.xml是

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/config/web-application-config.xml
    </param-value>
</context-param>
<error-page>
    <error-code>500</error-code>
    <location>/error.xhtml</location>
</error-page>
<context-param>
    <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
    <param-value>.xhtml</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>
<context-param>
    <param-name>facelets.DEVELOPMENT</param-name>
    <param-value>true</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_REFRESH_PERIOD</param-name>
    <param-value>1</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_LIBRARIES</param-name>
    <param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<!-- Enables Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
    <listener-class>
        org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
    <listener-class>
        org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<servlet>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value></param-value>
    </init-param>
    <load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <url-pattern>/certs/*</url-pattern>
</servlet-mapping>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.faces</url-pattern>
</servlet-mapping>
<welcome-file-list>
    <welcome-file>index.html</welcome-file>
</welcome-file-list>

Maven依赖树

1 个答案:

答案 0 :(得分:0)

如果不实际查看你的课程,很难猜到。但也许你的CustomAuthenticationProvider - 默认为singleton - 将第一个登录的用户对象保留在内存中,而不是查看security context
您没有说,但我想当您打开第二个浏览器时,登录的用户面板(如果有的话)显示第一个浏览器中记录的用户,对吗?