0

我在登录ajax后的第一次通话中收到以下错误。remember-me(导致手动登录。)

奇怪的是persistent_login记录被删除,然后它试图找到具有相同键的记录。

(使用 tomcat 和最新的 grails 版本和最新的插件)

*下面的完整调试日志:(感谢您的帮助!)*

2013-01-20 13:34:14,261 [http-bio-8080-exec-3] DEBUG hibernate.SQL  - 
    delete 
    from 
        grails_persistent_login 
    where 
        series=? 
2013-01-20 13:34:14,262 [http-bio-8080-exec-3] TRACE sql.BasicBinder  - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ== 
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices  - Cancelling cookie 
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository  - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed 
| Error 2013-01-20 13:34:14,274 [http-bio-8080-exec-3] ERROR [/].[default]  - Servlet.service() for servlet [default] in context with path [] threw exception 
Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack. 
    Line | Method 
->> 1110 | runWorker in java.util.concurrent.ThreadPoolExecutor 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|    603 | run       in java.util.concurrent.ThreadPoolExecutor$Worker 
^    722 | run . . . in java.lang.Thread 
2013-01-20 13:34:14,295 [http-bio-8080-exec-7] DEBUG access.ExceptionTranslationFilter  - Chain processed normally 
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.HttpSessionSecurityContextRepository  - HttpSession being created as SecurityContext is non-default 
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] WARN  context.HttpSessionSecurityContextRepository  - Failed to create a session, as response has been committed. Unable to store SecurityContext. 
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - Converted URL to lowercase, from: '/grails-errorhandler'; to: '/grails-errorhandler' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - Candidate is: '/grails-errorhandler'; pattern is / **; matched=true 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository  - No HttpSession currently exists 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository  - No SecurityContext was available from the HttpSession: null. A new one will be created. 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices  - Remember-me cookie detected 
2013-01-20 13:34:14,313 [http-bio-8080-exec-3] DEBUG hibernate.SQL  - 
    select 
        persistent0_.series as series23_0_, 
        persistent0_.last_used as last2_23_0_, 
        persistent0_.token as token23_0_, 
        persistent0_.username as username23_0_ 
    from 
        grails_persistent_login persistent0_ 
    where 
        persistent0_.series=? 
2013-01-20 13:34:14,313 [http-bio-8080-exec-3] TRACE sql.BasicBinder  - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ== 
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices  - No persistent token found for series id: 0V7Xge3Qqb0Nged8S9BeJQ== 
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices  - Cancelling cookie 
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter  - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY] 
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor  - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG hierarchicalroles.RoleHierarchyImpl  - getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps. 
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor  - Authorization successful 
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor  - RunAsManager did not change Authentication object 
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter' 
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - Converted URL to lowercase, from: '/grails/error/development500.dispatch'; to: '/grails/error/development500.dispatch' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - Candidate is: '/grails/error/development500.dispatch'; pattern is /**; matched=true 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG rememberme.RememberMeAuthenticationFilter  - SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter' 
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy  - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain 
2013-01-20 13:34:14,690 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter  - Chain processed normally 
2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter  - Chain processed normally 
2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository  - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
2013-01-20 13:34:14,755 [http-bio-
4

1 回答 1

0

从日志看来,用户username:anonymousUser, role:ROLE_ANONYMOUS身份验证成功,但rememberme.PersistentTokenBasedRememberMeServices不支持anonymousUser,它取消了为该用户创建cookie。

于 2013-01-21T04:01:59.647 回答