我正在使用Spring security 3.1和Spring 3。
我遇到的问题是我使用一个浏览器登录系统,我可以登录系统。如果我将相同的URL从这里复制到其他浏览器,那就不是要求用户再次输入用户凭据。问题是它没有显示登录屏幕。
这是我的app-cofig.xml
<!-- Scans within the base package of the application for @Components to
configure as beans -->
<aop:aspectj-autoproxy proxy-target-class="true" />
<bean id="CltSearch_signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
<property name="clientApp" ref="CltSearch_clientApp" />
</bean>
<bean id="CltSearch_clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
<property name="name" value="S3" />
</bean>
<bean id="signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
<property name="clientApp" ref="clientApp" />
<property name="signonPswd" ref="signonPswd" />
</bean>
<bean id="signonPswd" class="com.csc.exceed.certificate.domain.SignonPswd">
<property name="custId" ref="custId" />
<property name="custPswd" ref="custPswd" />
</bean>
<bean id="custId" class="com.csc.exceed.certificate.domain.CustId">
</bean>
<bean id="custPswd" class="com.csc.exceed.certificate.domain.CustPswd">
</bean>
<bean id="clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
<property name="name" value="XCA" />
</bean>
<bean id="oXMapper" class="com.csc.exceed.util.OXMapper">
<property name="unmarshaller" ref="unmarshaller" />
<property name="marshaller" ref="marshaller" />
<property name="acordRequest" ref="acordRequest" />
<property name="acordResponse" ref="acordResponse" />
</bean>
<bean id="unmarshaller" class="org.springframework.oxm.castor.CastorMarshaller">
<property name="mappingLocation"
value="classpath:/templates/mapping/ACORD_Response_Mapping.xml" />
</bean>
<bean id="marshaller" class="org.springframework.oxm.castor.CastorMarshaller">
<property name="mappingLocation"
value="classpath:/templates/mapping/ACORD_Request_Mapping.xml" />
</bean>
<bean id="acordRequest" class="com.csc.exceed.certificate.domain.ACORD">
<property name="insuranceSvcRq" ref="insuranceSvcRq" />
<property name="signonRq" ref="CltSearch_signonRq" />
</bean>
<bean id="insuranceSvcRq" class="com.csc.exceed.certificate.domain.InsuranceSvcRq">
<property name="com_csc_ClientSearchRq" ref="com_csc_ClientSearchRq" />
</bean>
<bean id="com_csc_ClientSearchRq"
class="com.csc.exceed.certificate.domain.Com_csc_ClientSearchRq">
<property name="com_csc_SearchInfo" ref="com_csc_SearchInfo" />
</bean>
<bean id="com_csc_SearchInfo" class="com.csc.exceed.certificate.domain.Com_csc_SearchInfo">
<property name="com_csc_SearchCriteria" ref="com_csc_SearchCriteria" />
</bean>
<bean id="com_csc_SearchCriteria"
class="com.csc.exceed.certificate.domain.Com_csc_SearchCriteria">
<property name="com_csc_ClientSearch" ref="com_csc_ClientSearch" />
</bean>
<bean id="com_csc_ClientSearch" class="com.csc.exceed.certificate.domain.Com_csc_ClientSearch">
</bean>
<bean id="acordResponse" class="com.csc.exceed.certificate.domain.AcordResponse" />
<bean id="postXmlToUrl" class="com.csc.exceed.util.PostXmlToUrl" />
<bean id="supportData" class="com.csc.exceed.util.SupportDataUtilityImpl" />
<bean id="logging" class="com.csc.exceed.aspect.logging.LoggingAspect">
</bean>
<bean id="searchHandler" class="com.csc.exceed.certificate.web.AccountSearchHandler">
<property name="oXMapper" ref="oXMapper" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="messageProperties" ref="messageProperties" />
</bean>
<bean id="exceptionHandling" class="com.csc.exceed.aspect.exception.ExceptionHandling">
</bean>
<bean id="applicationProperties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>classpath:/config/application.properties</value>
</property>
</bean>
<bean id="messageProperties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>classpath:/config/MessageResources.properties
</value>
</property>
</bean>
<bean id="xmlReader" class="com.csc.exceed.util.Validator">
<property name="messageProperties" ref="messageProperties" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="validationXml" value="classpath:/rules/validation-rules.xml" />
<property name="oXMapper" ref="oXMapper" />
</bean>
<bean id="login" class="com.csc.exceed.certificate.domain.ACORD">
<property name="signonRq" ref="signonRq" />
</bean>
<bean id="userManagerService" class="com.csc.exceed.aspect.security.UserManagerService" />
<bean id="customAuthenticationProvider"
class="com.csc.exceed.aspect.security.CustomAuthenticationProvider">
<property name="userManagerService" ref="userManagerService"></property>
<property name="oXMapper" ref="oXMapper" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="messageProperties" ref="messageProperties" />
</bean>
<bean id="customAuthenticationManager"
class="com.csc.exceed.aspect.security.CustomAuthenticationManager">
<property name="authenticationProvider" ref="customAuthenticationProvider" />
<property name="oXMapper" ref="oXMapper" />
<property name="login" ref="login" />
</bean>
<cache:annotation-driven />
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
<property name="cacheManager" ref="ehcache" />
</bean>
<bean id="ehcache"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation" value="classpath:/config/ehcache.xml" />
</bean>
<bean id="checkSession" class="com.csc.exceed.util.CheckSession">
<property name="messageProperties" ref="messageProperties" />
</bean>
<security:http entry-point-ref="CMSAuthenticationEntryPoint">
<security:custom-filter position="FORM_LOGIN_FILTER"
ref="customizedFormLoginFilter" />
<security:session-management
session-authentication-strategy-ref="sas" />
<security:intercept-url pattern="/certs/signin/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/certs/AccountSearch/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>
<bean id="sas"
class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
<bean id="CMSAuthenticationEntryPoint"
class="com.csc.exceed.aspect.accesscontrol.CMSAuthenticationEntryPoint">
<property name="loginFormUrl" value="/certs/signin" />
<property name="forceHttps" value="false" />
</bean>
<bean id="customizedFormLoginFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="customAuthenticationManager" />
<property name="filterProcessesUrl" value="/certs/j_spring_security_check" />
<property name="authenticationSuccessHandler" ref="simpleURLSuccessHandler" />
<property name="authenticationFailureHandler" ref="simpleURLFailureHandler" />
<property name="allowSessionCreation" value="true" />
<property name="sessionAuthenticationStrategy" ref="sas" />
</bean>
<bean id="simpleURLFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/certs/signin" />
<!-- <property name="allowSessionCreation" value="true" /> -->
</bean>
<bean id="simpleURLSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/certs/AccountSearch" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
</bean>
<security:authentication-manager alias="authenticationManager">
</security:authentication-manager>
web.xml是
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/web-application-config.xml
</param-value>
</context-param>
<error-page>
<error-code>500</error-code>
<location>/error.xhtml</location>
</error-page>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_REFRESH_PERIOD</param-name>
<param-value>1</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_LIBRARIES</param-name>
<param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<!-- Enables Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/certs/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
Maven依赖树
答案 0 :(得分:0)
如果不实际查看你的课程,很难猜到。但也许你的CustomAuthenticationProvider
- 默认为singleton - 将第一个登录的用户对象保留在内存中,而不是查看security context。
您没有说,但我想当您打开第二个浏览器时,登录的用户面板(如果有的话)显示第一个浏览器中记录的用户,对吗?