身份验证失败 spring security wildfly
Authentication failing spring security wildfly
我正在尝试将我的 spring 应用程序从 tomcat 迁移到 Wildfly。我无法登录了。似乎最初成功的身份验证丢失或被覆盖,然后创建了一个匿名会话。
spring 安全性:4.0.1.RELEASE
野蝇 8.2.0
我卡住了,想不通。任何帮助或建议将不胜感激。
谢谢
以下是日志的摘录:
认证成功:
17:13:43,182 FINE [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] (default task-6) Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fc115a3: Principal: myapp.springSupport.AccountUser@bb94ce99: Username: test1976; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_sysadmin,user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_sysadmin, user
17:13:43,183 FINE [org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler] (default task-6) Using default Url: /
17:13:43,183 FINE [org.springframework.security.web.DefaultRedirectStrategy] (default task-6) Redirecting to '/myapp/'
17:13:43,183 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-6) HttpSession being created as SecurityContext is non-default
17:13:43,184 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-6) SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@fc115a3: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fc115a3: Principal: myapp.springSupport.AccountUser@bb94ce99: Username: test1976; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_sysadmin,user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_sysadmin, user' stored to HttpSession: 'io.undertow.servlet.spec.HttpSessionImpl@725caa25
17:13:43,186 FINE [org.springframework.security.web.context.SecurityContextPersistenceFilter] (default task-6) SecurityContextHolder now cleared, as request processing completed
17:13:43,202 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
17:13:43,202 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) No HttpSession currently exists
17:13:43,202 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) No SecurityContext was available from the HttpSession: null. A new one will be created.
这里是创建匿名会话的地方:
17:13:43,205 FINE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] (default task-9) Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
17:13:43,205 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
17:13:43,205 FINE [org.springframework.security.web.session.SessionManagementFilter] (default task-9) Requested session ID 4B9EACEB7190B99CC7A1E248D8E4495B is invalid.
17:13:43,205 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
17:13:43,206 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
17:13:43,206 FINE [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (default task-9) Checking match of request : '/index.jsp'; against '/srv/private/**'
17:13:43,206 FINE [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] (default task-9) Public object - authentication not attempted
17:13:43,206 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp reached end of additional filter chain; proceeding with original chain
17:13:43,207 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
17:13:43,207 FINE [org.springframework.security.web.access.ExceptionTranslationFilter] (default task-9) Chain processed normally
17:13:43,207 FINE [org.springframework.security.web.context.SecurityContextPersistenceFilter] (default task-9) SecurityContextHolder now cleared, as request processing completed
17:13:43,211 FINE [org.springframework.security.web.FilterChainProxy] (default task-12) /srv/home at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
17:13:43,211 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-12) No HttpSession currently exists
17:13:43,211 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-12) No SecurityContext was available from the HttpSession: null. A new one will be created.
我的 spring 安全配置:
<security:http auto-config="true">
<security:intercept-url pattern="/srv/private/**"
access="hasAuthority('user')"/>
<!-- enable csrf protection -->
<security:csrf disabled="true"/>
</security:http>
太棒了,我感觉有点紧张。
事实证明,当我使用 chrome 而不是 firefox 时,我没有遇到这个问题。
Firefox 正在处理 JSESSIONID。
这是因为我工作太忙,没时间升级我的 ubuntu,而且我使用的是非常过时的 firefox 浏览器。
我有没有提到我觉得自己像个旋钮?
我正在尝试将我的 spring 应用程序从 tomcat 迁移到 Wildfly。我无法登录了。似乎最初成功的身份验证丢失或被覆盖,然后创建了一个匿名会话。
spring 安全性:4.0.1.RELEASE 野蝇 8.2.0
我卡住了,想不通。任何帮助或建议将不胜感激。
谢谢
以下是日志的摘录:
认证成功:
17:13:43,182 FINE [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] (default task-6) Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fc115a3: Principal: myapp.springSupport.AccountUser@bb94ce99: Username: test1976; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_sysadmin,user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_sysadmin, user
17:13:43,183 FINE [org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler] (default task-6) Using default Url: /
17:13:43,183 FINE [org.springframework.security.web.DefaultRedirectStrategy] (default task-6) Redirecting to '/myapp/'
17:13:43,183 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-6) HttpSession being created as SecurityContext is non-default
17:13:43,184 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-6) SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@fc115a3: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fc115a3: Principal: myapp.springSupport.AccountUser@bb94ce99: Username: test1976; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_sysadmin,user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_sysadmin, user' stored to HttpSession: 'io.undertow.servlet.spec.HttpSessionImpl@725caa25
17:13:43,186 FINE [org.springframework.security.web.context.SecurityContextPersistenceFilter] (default task-6) SecurityContextHolder now cleared, as request processing completed
17:13:43,202 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
17:13:43,202 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) No HttpSession currently exists
17:13:43,202 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) No SecurityContext was available from the HttpSession: null. A new one will be created.
这里是创建匿名会话的地方:
17:13:43,205 FINE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] (default task-9) Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
17:13:43,205 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
17:13:43,205 FINE [org.springframework.security.web.session.SessionManagementFilter] (default task-9) Requested session ID 4B9EACEB7190B99CC7A1E248D8E4495B is invalid.
17:13:43,205 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
17:13:43,206 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
17:13:43,206 FINE [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (default task-9) Checking match of request : '/index.jsp'; against '/srv/private/**'
17:13:43,206 FINE [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] (default task-9) Public object - authentication not attempted
17:13:43,206 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp reached end of additional filter chain; proceeding with original chain
17:13:43,207 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
17:13:43,207 FINE [org.springframework.security.web.access.ExceptionTranslationFilter] (default task-9) Chain processed normally
17:13:43,207 FINE [org.springframework.security.web.context.SecurityContextPersistenceFilter] (default task-9) SecurityContextHolder now cleared, as request processing completed
17:13:43,211 FINE [org.springframework.security.web.FilterChainProxy] (default task-12) /srv/home at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
17:13:43,211 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-12) No HttpSession currently exists
17:13:43,211 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-12) No SecurityContext was available from the HttpSession: null. A new one will be created.
我的 spring 安全配置:
<security:http auto-config="true">
<security:intercept-url pattern="/srv/private/**"
access="hasAuthority('user')"/>
<!-- enable csrf protection -->
<security:csrf disabled="true"/>
</security:http>
太棒了,我感觉有点紧张。
事实证明,当我使用 chrome 而不是 firefox 时,我没有遇到这个问题。
Firefox 正在处理 JSESSIONID。
这是因为我工作太忙,没时间升级我的 ubuntu,而且我使用的是非常过时的 firefox 浏览器。
我有没有提到我觉得自己像个旋钮?