spring - 预认证问题

Question

大家好，我的项目中有一个大问题。

我已将我的项目配置为使用 Java EE Security for Authentication 和 Spring Security 使用 spring Pre Authentication 进行授权。

在 Java EE 登录后，应用程序进入我设置授权权限的预认证过滤器类。但是在那之后没有导航到我的主页，应用程序会触发我通过 Java EE 容器安全性再次登录。如果我第二次登录，它会导航到应用程序的主页。我想摆脱第二次登录。

我正在为 UI 使用 vaadin。以下是我的课程

web.xml
-------------------------------------------------------------------
<security-constraint>
        <display-name>SecureApplicationConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>Vaadin application</web-resource-name>
            <description>The entire Vaadin application is                          
                                                               protected</description>
            <url-pattern>/application/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
                <description>Only valid users are allowed</description>
            <role-name>authenticated</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login.jsp</form-error-page>
        </form-login-config>
    </login-config>

    <security-role>
        <description />
        <role-name>authenticated</role-name>
    </security-role>

=====================================================================
security.xml
======================================================================
 <sec:http realm="My Realm" auto-config='true' create-session="ifRequired" disable-url-rewriting="true">
    <sec:intercept-url pattern="/application/**" access="ROLE_XXXUSER"/>   
    <sec:custom-filter ref="myPreAuthFilter" position="PRE_AUTH_FILTER"/>  
    <sec:session-management session-fixation-protection="newSession"/>
  </sec:http>

  <sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider ref='preAuthenticatedAuthenticationProvider'/>
  </sec:authentication-manager>

  <bean id="myPreAuthFilter" 
       class="com.xxx.yyy.web.security.xxxPreAuthenticatedProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
    <property name="continueFilterChainOnUnsuccessfulAuthentication" value="false"/>
  </bean>

  <bean id="authenticationDetailsSource" 
           class="com.xxx.yyy.web.security.xxxAuthenticationDetailsSource" />

  <bean id="authenticationManager" 
          class="org.springframework.security.authentication.ProviderManager">
    <constructor-arg>
      <list>
        <ref bean="preAuthenticatedAuthenticationProvider"/>
      </list>
    </constructor-arg>
  </bean>

  <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
  </bean>

  <bean id="preAuthenticatedUserDetailsService" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>

</beans>