这是我的AuthSuccessHandlerClass
public class AuthSuccessHandler implements AuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication auth) throws IOException, ServletException {
response.sendRedirect("http://google.com");
}}
这是......- security.xml
<security:http use-expressions="true" auto-config="true" create-session="always" access-decision-manager-ref="accessDecisionManager">
<security:intercept-url pattern="/app/Censor.html" access="hasRole('ROLE_CENSOR')"/>
<security:intercept-url pattern="/**" filters="none"/>
<security:form-login login-page="/auth/Login.html"
authentication-success-handler-ref="authenticationSuccessHandler"/>
<security:custom-filter position="FIRST" ref="customX509Filter" />
</security:http>
<beans:bean id="authenticationSuccessHandler" class="com.test.services.security.handlers.AuthSuccessHandler"/>
<authentication-manager alias="authenticationManager">
<security:authentication-provider ref="authenticationProvider">
</security:authentication-provider>
</authentication-manager>
对某些人来说,对我来说不可见,登录操作后的原因浏览器不会在google.com上重定向我,而在调试模式下它跳过这个hadler。为什么?我的错误在哪里?
THX!
UPD 第二次登录(自动授权)后记录弹簧安全性
19:48:18,690 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Converted URL to lowercase, from: '/service/censorservice'; to: '/service/censorservice'
19:48:18,690 DEBUG [http-8000-2] [security.web.FilterChainProxy]: Converted URL to lowercase, from: '/service/messageservice'; to: '/service/messageservice'
19:48:18,690 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Candidate is: '/service/censorservice'; pattern is /**; matched=true
19:48:18,690 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 1 of 11 in additional filter chain; firing Filter: 'CustomX509Filter'
19:48:18,690 DEBUG [http-8000-2] [security.web.FilterChainProxy]: Candidate is: '/service/messageservice'; pattern is /**; matched=true
19:48:18,692 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
19:48:18,692 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 1 of 11 in additional filter chain; firing Filter: 'CustomX509Filter'
19:48:18,692 DEBUG [http-8000-3] [web.context.HttpSessionSecurityContextRepository]: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@a48448b4: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:18,692 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
19:48:18,693 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
19:48:18,693 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
19:48:18,693 DEBUG [http-8000-2] [web.context.HttpSessionSecurityContextRepository]: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@a48448b4: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:18,694 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:48:18,694 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
19:48:18,695 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:48:18,695 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
19:48:18,696 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:48:18,695 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
19:48:18,696 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:48:18,696 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
19:48:18,697 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
19:48:18,697 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
19:48:18,697 DEBUG [http-8000-3] [web.authentication.AnonymousAuthenticationFilter]: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:18,698 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:48:18,698 DEBUG [http-8000-2] [web.authentication.AnonymousAuthenticationFilter]: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:18,699 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:48:18,699 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
19:48:18,700 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
19:48:18,700 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
19:48:18,700 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Converted URL to lowercase, from: '/service/censorservice'; to: '/service/censorservice'
19:48:18,701 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
19:48:18,701 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/censorservice'; pattern is /app/censor.html; matched=false
19:48:18,701 DEBUG [http-8000-2] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Converted URL to lowercase, from: '/service/messageservice'; to: '/service/messageservice'
19:48:18,702 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/censorservice'; pattern is /**; matched=true
19:48:18,702 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Secure object: FilterInvocation: URL: /service/censorservice; Attributes: [permitAll]
19:48:18,702 DEBUG [http-8000-2] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/messageservice'; pattern is /app/censor.html; matched=false
19:48:18,703 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:18,703 DEBUG [http-8000-2] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/messageservice'; pattern is /**; matched=true
19:48:18,704 DEBUG [http-8000-2] [access.intercept.FilterSecurityInterceptor]: Secure object: FilterInvocation: URL: /service/messageservice; Attributes: [permitAll]
19:48:18,704 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@235b4804, returned: 0
19:48:18,704 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.AuthenticatedVoter@6f3e49a8, returned: 0
19:48:18,704 DEBUG [http-8000-2] [access.intercept.FilterSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:18,705 DEBUG [http-8000-2] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@235b4804, returned: 0
19:48:18,705 DEBUG [http-8000-2] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.AuthenticatedVoter@6f3e49a8, returned: 0
19:48:18,705 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4019eb89, returned: 1
19:48:18,706 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Authorization successful
19:48:18,706 DEBUG [http-8000-2] [access.vote.AffirmativeBased]: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4019eb89, returned: 1
19:48:18,706 DEBUG [http-8000-2] [access.intercept.FilterSecurityInterceptor]: Authorization successful
19:48:18,706 DEBUG [http-8000-2] [access.intercept.FilterSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:18,707 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice reached end of additional filter chain; proceeding with original chain
19:48:18,706 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:18,707 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice reached end of additional filter chain; proceeding with original chain
19:48:18,707 DEBUG [http-8000-2] [intercept.aopalliance.MethodSecurityInterceptor]: Secure object: ReflectiveMethodInvocation: public abstract com.extjs.gxt.ui.client.data.PagingLoadResult com.exigenservices.letter.censormodule.client.service.MessageDTOService.getAllNewIncomingMessageByCensor(java.util.Date); target is of class [com.exigenservices.letter.censormodule.server.MessageDTOServiceImpl]; Attributes: [ROLE_CENSOR]
19:48:18,707 DEBUG [http-8000-3] [intercept.aopalliance.MethodSecurityInterceptor]: Secure object: ReflectiveMethodInvocation: public abstract com.exigenservices.letter.censormodule.client.dto.UpdateResult com.exigenservices.letter.censormodule.client.service.CensorService.checkForNewLetters(java.util.Date) throws com.exigenservices.letter.commonmodule.client.exceptions.AccessDeniedException; target is of class [com.exigenservices.letter.censormodule.server.CensorServiceImpl]; Attributes: [ROLE_CENSOR]
19:48:18,708 DEBUG [http-8000-2] [intercept.aopalliance.MethodSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:18,708 DEBUG [http-8000-3] [intercept.aopalliance.MethodSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:18,709 DEBUG [http-8000-2] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@55a07c1c, returned: 1
19:48:18,709 DEBUG [http-8000-2] [intercept.aopalliance.MethodSecurityInterceptor]: Authorization successful
19:48:18,709 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@55a07c1c, returned: 1
19:48:18,710 DEBUG [http-8000-3] [intercept.aopalliance.MethodSecurityInterceptor]: Authorization successful
19:48:18,710 DEBUG [http-8000-2] [intercept.aopalliance.MethodSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:18,710 DEBUG [http-8000-3] [intercept.aopalliance.MethodSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:18,711 DEBUG [http-8000-2] [web.access.ExceptionTranslationFilter]: Chain processed normally
19:48:18,711 DEBUG [http-8000-2] [web.context.SecurityContextPersistenceFilter]: SecurityContextHolder now cleared, as request processing completed
19:48:18,715 DEBUG [http-8000-3] [web.access.ExceptionTranslationFilter]: Chain processed normally
19:48:18,715 DEBUG [http-8000-3] [web.context.SecurityContextPersistenceFilter]: SecurityContextHolder now cleared, as request processing completed
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Converted URL to lowercase, from: '/app/censor.html'; to: '/app/censor.html'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Candidate is: '/app/censor.html'; pattern is /**; matched=true
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 1 of 11 in additional filter chain; firing Filter: 'CustomX509Filter'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
19:48:19,359 DEBUG [http-8000-3] [web.context.HttpSessionSecurityContextRepository]: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@a48448b4: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
19:48:19,360 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
19:48:19,360 DEBUG [http-8000-3] [web.authentication.AnonymousAuthenticationFilter]: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:19,360 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:48:19,360 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
19:48:19,360 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
19:48:19,360 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Converted URL to lowercase, from: '/app/censor.html'; to: '/app/censor.html'
19:48:19,360 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/app/censor.html'; pattern is /app/censor.html; matched=true
19:48:19,360 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Secure object: FilterInvocation: URL: /app/Censor.html; Attributes: [hasRole('ROLE_CENSOR')]
19:48:19,360 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:19,360 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@235b4804, returned: 0
19:48:19,360 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.AuthenticatedVoter@6f3e49a8, returned: 0
19:48:19,360 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4019eb89, returned: 1
19:48:19,360 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Authorization successful
19:48:19,361 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:19,361 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html reached end of additional filter chain; proceeding with original chain
19:48:19,361 DEBUG [http-8000-3] [web.access.ExceptionTranslationFilter]: Chain processed normally
19:48:19,361 DEBUG [http-8000-3] [web.context.SecurityContextPersistenceFilter]: SecurityContextHolder now cleared, as request processing completed
19:48:19,955 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Converted URL to lowercase, from: '/app/app.nocache.js'; to: '/app/app.nocache.js'
19:48:19,955 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Candidate is: '/app/app.nocache.js'; pattern is /**; matched=true
19:48:19,955 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 1 of 11 in additional filter chain; firing Filter: 'CustomX509Filter'
19:48:19,955 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
19:48:19,959 DEBUG [http-8000-3] [web.context.HttpSessionSecurityContextRepository]: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@a48448b4: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:19,959 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
19:48:19,960 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
19:48:19,960 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:48:19,960 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:48:19,961 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
19:48:19,961 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
19:48:19,961 DEBUG [http-8000-3] [web.authentication.AnonymousAuthenticationFilter]: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:19,961 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:48:19,962 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
19:48:19,962 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
19:48:19,962 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Converted URL to lowercase, from: '/app/app.nocache.js'; to: '/app/app.nocache.js'
19:48:19,963 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/app/app.nocache.js'; pattern is /app/censor.html; matched=false
19:48:19,963 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/app/app.nocache.js'; pattern is /**; matched=true
19:48:19,963 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Secure object: FilterInvocation: URL: /app/app.nocache.js; Attributes: [permitAll]
19:48:19,963 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:19,964 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@235b4804, returned: 0
19:48:19,964 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.AuthenticatedVoter@6f3e49a8, returned: 0
19:48:19,964 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4019eb89, returned: 1
19:48:19,964 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Authorization successful
19:48:19,965 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:19,965 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js reached end of additional filter chain; proceeding with original chain
19:48:19,965 DEBUG [http-8000-3] [commonmodule.server.GWTCacheControlFilter]: doFilter() nocache file expired forcibly
19:48:19,965 DEBUG [http-8000-3] [web.access.ExceptionTranslationFilter]: Chain processed normally
19:48:19,965 DEBUG [http-8000-3] [web.context.SecurityContextPersistenceFilter]: SecurityContextHolder now cleared, as request processing completed
19:48:20,814 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Converted URL to lowercase, from: '/service/censorservice'; to: '/service/censorservice'
19:48:20,815 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Candidate is: '/service/censorservice'; pattern is /**; matched=true
19:48:20,815 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 1 of 11 in additional filter chain; firing Filter: 'CustomX509Filter'
19:48:20,815 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
19:48:20,817 DEBUG [http-8000-3] [web.context.HttpSessionSecurityContextRepository]: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@a48448b4: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:20,817 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
19:48:20,818 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
19:48:20,818 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:48:20,818 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:48:20,819 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
19:48:20,819 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
19:48:20,819 DEBUG [http-8000-3] [web.authentication.AnonymousAuthenticationFilter]: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:20,820 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:48:20,820 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
19:48:20,820 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
19:48:20,821 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Converted URL to lowercase, from: '/service/censorservice'; to: '/service/censorservice'
19:48:20,821 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/censorservice'; pattern is /app/censor.html; matched=false
19:48:20,821 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/censorservice'; pattern is /**; matched=true
19:48:20,822 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Secure object: FilterInvocation: URL: /service/censorservice; Attributes: [permitAll]
答案 0 :(得分:2)
尝试更改
<security:intercept-url pattern="/**" filters="none"/>
到
<security:intercept-url pattern="/**" access="permitAll"/>
前者会阻止安全链应用于除“/app/Censor.html”的完全匹配之外的任何请求,包括登录表单提交。这看起来很奇怪,因为我希望你能获得404登录请求。
您还应该发布登录表单提交的调试日志,该日志显示您的处理程序被“跳过”。
<强>更新强>
您发布的日志显示了从已经过身份验证的客户端(带有会话)提交的多个交错请求,因此我不希望发生身份验证或重定向发生。