我在登录ajax
后的第一次通话中收到以下错误。remember-me
(导致手动登录。)
奇怪的是persistent_login
记录被删除,然后它试图找到具有相同键的记录。
(使用 tomcat 和最新的 grails 版本和最新的插件)
*下面的完整调试日志:(感谢您的帮助!)*
2013-01-20 13:34:14,261 [http-bio-8080-exec-3] DEBUG hibernate.SQL -
delete
from
grails_persistent_login
where
series=?
2013-01-20 13:34:14,262 [http-bio-8080-exec-3] TRACE sql.BasicBinder - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ==
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession.
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
| Error 2013-01-20 13:34:14,274 [http-bio-8080-exec-3] ERROR [/].[default] - Servlet.service() for servlet [default] in context with path [] threw exception
Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
Line | Method
->> 1110 | runWorker in java.util.concurrent.ThreadPoolExecutor
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 603 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 722 | run . . . in java.lang.Thread
2013-01-20 13:34:14,295 [http-bio-8080-exec-7] DEBUG access.ExceptionTranslationFilter - Chain processed normally
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.HttpSessionSecurityContextRepository - HttpSession being created as SecurityContext is non-default
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] WARN context.HttpSessionSecurityContextRepository - Failed to create a session, as response has been committed. Unable to store SecurityContext.
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/grails-errorhandler'; to: '/grails-errorhandler'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Candidate is: '/grails-errorhandler'; pattern is / **; matched=true
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - No HttpSession currently exists
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie detected
2013-01-20 13:34:14,313 [http-bio-8080-exec-3] DEBUG hibernate.SQL -
select
persistent0_.series as series23_0_,
persistent0_.last_used as last2_23_0_,
persistent0_.token as token23_0_,
persistent0_.username as username23_0_
from
grails_persistent_login persistent0_
where
persistent0_.series=?
2013-01-20 13:34:14,313 [http-bio-8080-exec-3] TRACE sql.BasicBinder - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ==
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - No persistent token found for series id: 0V7Xge3Qqb0Nged8S9BeJQ==
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG hierarchicalroles.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Authorization successful
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter'
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/grails/error/development500.dispatch'; to: '/grails/error/development500.dispatch'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Candidate is: '/grails/error/development500.dispatch'; pattern is /**; matched=true
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain
2013-01-20 13:34:14,690 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter - Chain processed normally
2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter - Chain processed normally
2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession.
2013-01-20 13:34:14,755 [http-bio-