我正在使用Spring 2.5.2和相同版本的spring security . 问题是,我通过应用程序登录并清除我的浏览器cookie并刷新页面应用程序被重定向到登录页面,但在后面它会引发异常
DEBUG ExceptionTranslationFilter - 发生身份验证异常;重定向到认证入口点org.springframework.security.AuthenticationCredentialsNotFoundException:认证对象未在SecurityContext中在org.springframework.security.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:342)在org.springframework.security.intercept找到 . org.springframework.security.intercept.intervil上的org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106)中的AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254)(FilterSecurityInterceptor.doFilter:FilterSecurityInterceptor.java: 83)在org.springframework.security.util.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:390)在org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:52)在org.springframework.security.ui org.springf中的.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) ramework.security.util.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:390)
继续,直到 at java.lang.Thread.run(Unknown Source)
在此异常应用程序被重定向到登录页面后,在输入登录凭据后,我必须单击我的登录按钮两次才能进入应用程序 . 第一次单击控制台显示后
DEBUG CptLogger - com.capgent.cpt.server.services.auth.LoginAuthenticationProvider调用的方法:additionalAuthenticationChecks是否已经过身份验证? :false DEBUG XmlWebApplicationContext - 在上下文中发布事件[org.springframework.web.context.support.XmlWebApplicationContext@1d0d124]:org.springframework.security.event.authentication.AuthenticationSuccessEvent [source=org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc :校长:com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授予的权限:ROLE_ADMIN] DEBUG AuthenticationProcessingFilter - 认证成功:org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:负责人:com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授予的权限:ROLE_ADMIN DEBUG AuthenticationProcessingFilter - 更新SecurityContextHolder中包含以下验证:“org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:负责人:com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN'DEBUG SessionUtils - 使用Id'6693D3BCE880D6339D9D149F44637952'和迁移属性使会话无效 . DEBUG SessionUtils - 开始新的会话:E772A0D1441C079B2ACD3698F68AF63C DEBUG AuthenticationProcessingFilter - 重定向从HTTP会话(或默认)目标网址:HTTP://本地主机:8090 /资源/ com.capgent.cpt.Main / main.jsp中DEBUG omTokenBasedRemembermeServices - 没有派记住我的cookie(主要没有设置参数'_spring_security_remember_me')DEBUG omTokenBasedRemembermeServices - 记住我没有请求登录 . DEBUG XmlWebApplicationContext - 在上下文中发布事件[org.springframework.web.context.support.XmlWebApplicationContext@1d0d124]:org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent [source=org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal :com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN] DEBUG essionContextIntegrationFilter - 存储到HttpSession的SecurityContext:'org.springframework.security.context.SecurityContextImpl@862413dc:身份验证:org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal:com.capgent.cpt.server . services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN'DEBUG essionContextIntegrationFilter - SecurityContextHolder现已清除,因为请求处理已完成DEBUG RequestContextFilter - 清除线程绑定请求上下文:org.apache.catalina.connector.RequestFacade@1d03700 DEBUG nsactionSynchronizationManager - 删除值[org.springframework.orm.hibernate3 .SessionHolder @ 1c9dea3]来自线程[http-8090-Processor25]的密钥[org.hibernate.impl.SessionFactoryImpl@42c282] DEBUG OpenSessionInViewFilter - 在OpenSessionInViewFilter中关闭单个Hibernate会话DEBUG SessionFactoryUtils - 关闭Hibernate会话DEBUG ConnectionManager - 释放JDBC连接[( open PreparedStatements:0,global:0)(打开ResultSet:0,全局:0)] DEBUG ConnectionManager - 事务在on_close连接释放模式的会话中完成;一定要关闭会话以释放JDBC资源! DEBUG OpenSessionInViewFilter - 使用SessionFactory'cptSessionFactory'用于OpenSessionInViewFilter DEBUG DefaultListableBeanFactory - 返回单例bean的缓存实例'cptSessionFactory'DEBUG OpenSessionInViewFilter - 在OpenSessionInViewFilter中打开单个Hibernate会话DEBUG SessionFactoryUtils - 打开Hibernate会话DEBUG SessionImpl - 在时间戳打开会话:13938439638 DEBUG nsactionSynchronizationManager - Bound key [org.springframework.orm.hibernate3.SessionHolder@862557] for key [org.hibernate.impl.SessionFactoryImpl@42c282] to thread [http-8090-Processor25] DEBUG RequestContextFilter - 绑定请求上下文到thread:org.apache.catalina .connector.RequestFacade @ 1d03700 DEBUG FilterChainProxy - 将URL转换为小写,来自:'/ com.capgent.cpt.main/main.jsp'; to:'/ com.capgent.cpt.main / main.jsp'DEBUG FilterChainProxy - 候选者是:'/ com.capgent.cpt.main/main.jsp'; pattern是/ssoerror.html*; matched = false DEBUG FilterChainProxy - 将URL转换为小写,来自:'/ com.capgent.cpt.main/main.jsp'; to:'/ com.capgent.cpt.main / main.jsp'DEBUG FilterChainProxy - 候选者是:'/ com.capgent.cpt.main/main.jsp';模式是/; matched = true DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp位于附加过滤器链中的第1位10;触发过滤器:'org.springframework.security.context.HttpSessionContextIntegrationFilter [order = 200; ]'DEBUG essionContextIntegrationFilter - 从SPRING_SECURITY_CONTEXT获取有效的SecurityContext以与SecurityContextHolder关联:'org.springframework.security.context.SecurityContextImpl@862413dc:身份验证:org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal:com.capgent.cpt .server.services.auth.UserDetailsContainer @ bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN'DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp,位于第2位,共10个,位于额外的过滤链中;触发过滤器:'com.capgent.cpt.server.services.auth.CantrexSsoProcessingFilter [order = 600; ]'DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第3位,共10个附加过滤链;触发过滤器:'com.capgent.cpt.server.services.auth.DnbiSsoProcessingFilter [order = 600; ]'DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第4位的10位额外的过滤链中;触发过滤器:'com.capgent.cpt.server.services.auth.OpenIdAuthenticationProcessingFilter [order = 800; ]'DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第5位的10位额外的过滤链中;触发过滤器:'org.springframework.security.ui.webapp.AuthenticationProcessingFilter [order = 700; ]'DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第6位的10位额外的过滤链中;射击过滤器:'org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter [order = 1100; ]'DEBUG SavedRequest - pathInfo:both null(property equals)DEBUG SavedRequest - queryString:both null(property equals)DEBUG SavedRequest - requestURI:arg1 = / resources / com.capgent.cpt.Main / Main.jsp; arg2 = / resources / com.capgent.cpt.Main / Main.jsp(property equals)DEBUG SavedRequest - serverPort:arg1 = 8090; arg2 = 8090(property equals)DEBUG SavedRequest - requestURL:arg1 = http:// localhost:8090 / resources / com.capgent.cpt.Main / Main.jsp; arg2 = http:// localhost:8090 / resources / com.capgent.cpt.Main / Main.jsp(property equals)DEBUG SavedRequest - scheme:arg1 = http; arg2 = http(property equals)DEBUG SavedRequest - serverName:arg1 = localhost; arg2 = localhost(property equals)DEBUG SavedRequest - contextPath:arg1 = / resources; arg2 = / resources(property equals)DEBUG SavedRequest - servletPath:arg1 = / com.capgent.cpt.Main / Main.jsp; arg2 = / com.capgent.cpt.Main / Main.jsp(property equals)DEBUG SavedRequestAwareWrapper - Wrapper被替换; SavedRequest是:SavedRequest [http:// localhost:8090 / resources / com.capgent.cpt.Main / Main.jsp] DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp,位于第7位,共10个链;触发过滤器:'org.springframework.security.ui.rememberme.RememberMeProcessingFilter [order = 1200; ]'DEBUG RememberMeProcessingFilter - SecurityContextHolder没有填充remember-me标记,因为它已经包含:'org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal:com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN'DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp,位于附加过滤器链中的第8位;触发过滤器:'org.springframework.security.ui.ExceptionTranslationFilter [order = 1400; ]'DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在第9位的10位额外的过滤链中;触发过滤器:'org.springframework.security.ui.SessionFixationProtectionFilter [order = 1600; ]'DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp在10位10的附加过滤链中;触发过滤器:'org.springframework.security.intercept.web.FilterSecurityInterceptor@11ca33b'DEBUG lterInvocationDefinitionSource - 将URL转换为小写,来自:'/ com.capgent.cpt.main/main.jsp'; to:'/ com.capgent.cpt.main / main.jsp'DEBUG lterInvocationDefinitionSource - 候选者是:'/ com.capgent.cpt.main/main.jsp'; pattern是//*main.jsp; matched = true DEBUG AbstractSecurityInterceptor - 安全对象:FilterInvocation:URL:/com.capgent.cpt.Main/Main.jsp; ConfigAttributes:[ROLE_ADMIN] DEBUG AbstractSecurityInterceptor - 以前经过身份验证的:org.springframework.security.providers.UsernamePasswordAuthenticationToken@862413dc:Principal:com.capgent.cpt.server.services.auth.UserDetailsContainer@bc1ebd;密码保护];认证:真实;详细信息:org.springframework.security.ui.WebAuthenticationDetails@0:RemoteIpAddress:127.0.0.1; SessionId:6693D3BCE880D6339D9D149F44637952;授权机构:ROLE_ADMIN DEBUG AbstractSecurityInterceptor - 授权成功DEBUG XmlWebApplicationContext - 在上下文中发布事件[org.springframework.web.context.support.XmlWebApplicationContext@1d0d124]:org.springframework.security.event.authorization.AuthorizedEvent [source = FilterInvocation:URL: /com.capgent.cpt.Main/Main.jsp] DEBUG AbstractSecurityInterceptor - RunAsManager没有更改Authentication对象DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp到达附加过滤器链的末尾;继续使用原始链DEBUG JspServlet - JspEngine - > /com.capgent.cpt.Main/Main.jsp DEBUG JspServlet - ServletPath:/com.capgent.cpt.Main/Main.jsp DEBUG JspServlet - PathInfo:null DEBUG JspServlet - RealPath :D:\ springworkspace.metadata.plugins \ org.eclipse.wst.server.core \ tmp3 \ wtpwebapps \ capgentspring \ com.capgent.cpt.Main \ Main.jsp DEBUG JspServlet - RequestURI:/resources/com.capgent.cpt .Main / Main.jsp DEBUG JspServlet - QueryString:null
2 回答
"Issue is, I login through the application and clears my browser cookies and refreshes the page application is redirected to the login page"
是的 . 这是正常行为 . 因为旧会话无效/关闭,所以将从那里开始新会话 .
"but at the back it throws following exception"
是的 . 它会,因为它会在您刷新页面时尝试重新验证用户信息/会话 . 因为您已经清除了cookie,它将失败 .
设置
<form-login login-page="/Login.jsp" authentication-failure-url="/LoginHandler.jsp" always-use-default-target="true" default-target-url="/LoginHandler.jsp"/>已经解决了我的问题,之前的 Value 是
alway-use-default-target="false"