0

我们有一个非常奇怪的问题。我们有一个使用 ajax 身份验证的 1 页 ajax 应用程序(想想 gmail-like)。在正常情况下,它工作得很好。但是,我们注意到您尝试登录,而对服务器的其他请求仍处于打开状态并正在运行。登录尝试成功,但是当您再次调用服务器以获取与用户相关的内容时,来自会话的对象的身份验证为空。

就像我说的,它总是在连接打开并在登录尝试之前运行时发生。如果登录是在一切按预期工作时发生的唯一请求。

这是spring-security.xml

<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:c="http://www.springframework.org/schema/c"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd" default-lazy-init="true">

    <context:component-scan base-package="com.myProject"/> <!-- need this? -->

    <security:global-method-security secured-annotations="enabled" />

    <security:http pattern="/css/**" security="none" />
    <security:http pattern="/js/**" security="none" />
    <security:http pattern="/tmpl/**" security="none" />

    <security:http pattern="/**" use-expressions="true" entry-point-ref="authenticationEntryPoint">
        <security:custom-filter before="FORM_LOGIN_FILTER" ref="legacyAuthenticationProcessingFilter" /> 
        <security:custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/>
        <security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
        <security:custom-filter before="LOGOUT_FILTER" ref="legacyLogoutFilter" /> 
        <security:remember-me services-ref="#{applicationProperties['security.rememberMeServices']}" />
    </security:http>

    <security:authentication-manager alias="authenticationManager" erase-credentials="false">
        <security:authentication-provider ref="activeDirectoryAuthenticationProvider" />
        <security:authentication-provider ref="singleLogonAuthenticationProvider" />
        <security:authentication-provider ref="serviceAuthenticationProvider" />
        <security:authentication-provider ref="rememberMeAuthenticationProvider" />
    </security:authentication-manager>

    <!-- single logon remember me -->
    <bean id="singleLogonRememberMeServices" class="com.myProject.security.singlelogon.SingleLogonRememberMeServices" c:userDetailsService-ref="userDao" c:key="#{applicationProperties['security.rememberMeServices.key']}" p:parameter="rememberMe" />

    <!-- 'regular' remember me -->
    <bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices" c:userDetailsService-ref="userDao" c:key="#{applicationProperties['security.rememberMeServices.key']}" p:parameter="rememberMe" />

    <bean id="activeDirectoryAuthenticationProvider" class="com.myProject.security.activedirectory.ActiveDirectoryAuthenticationProvider" />
    <bean id="singleLogonAuthenticationProvider" class="com.myProject.security.singlelogon.SingleLogonAuthenticationProvider" />
    <bean id="serviceAuthenticationProvider" class="com.myProject.security.ServiceAuthenticationProvider" />
    <bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider" p:key="#{applicationProperties['security.rememberMeServices.key']}" />

    <!-- custom authentication processing filter that accepts json credentials -->  
    <bean id="authenticationProcessingFilter" class="com.myProject.security.AuthenticationProcessingFilter">
        <constructor-arg value="/login" />
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="rememberMeServices" ref="#{applicationProperties['security.rememberMeServices']}" />
        <property name="authenticationSuccessHandler"><bean class="com.myProject.security.AuthenticationSuccessHandler" /></property>
        <property name="authenticationFailureHandler"><bean class="com.myProject.security.AuthenticationFailureHandler" /></property>
    </bean>

    <!-- dummy implementation supplied to satisfy spring-security -->   
    <bean id="authenticationEntryPoint" class="com.myProject.security.AuthenticationEntryPoint" />

    <bean id="logoutSuccessHandler" class="com.myProject.security.LogoutSuccessHandler" />

    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />

    <!-- used by AuthenticationSuccess/FailureHandlers -->
    <bean class="org.codehaus.jackson.map.ObjectMapper" />

    <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize" value="100000000"/>
    </bean>



    <bean id="legacyAuthenticationProcessingFilter" class="com.myProject.security.LegacyAuthenticationProcessingFilter">
        <constructor-arg value="/j_security_check" />
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="authenticationSuccessHandler"><bean class="com.myProject.security.AuthenticationSuccessHandler" /></property>
        <property name="authenticationFailureHandler"><bean class="com.myProject.security.AuthenticationFailureHandler" /></property>
    </bean>

    <bean id="legacyLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
        <constructor-arg ref="logoutSuccessHandler" />
        <constructor-arg><bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /></constructor-arg>
        <property name="filterProcessesUrl" value="/Logout.html"></property>
    </bean>


</beans>

更新

日志附在下面作为另一个答案,因为它太长了,不能放在这里。我们在开始时调用 sleep 来模仿处理另一个 ajax 请求的行为。通过在触发登录之前发出此请求,我们每次都能复制此登录错误。这是应用程序流程的快速摘要

/睡眠/15000

/blank - 这是一个发布请求,专门触发浏览器保存密码,因为它是一个 ajax 请求

/login - 实际登录脚本

/isauthenticated - 检查用户是否实际登录(特定于应用程序)

/account/summary - 获取用户摘要(特定于应用程序)

/currentuser - 获取当前用户(特定于应用程序)

/sleep/1500 然后将结束并清除会话。

4

1 回答 1

0 
[application start]
[myapp] 04 Jun 2013 16:22:51,474 | INFO [main] SpringSecurityCoreVersion.<clinit>(33) | You are running with Spring Security Core 3.1.4.RELEASE
[myapp] 04 Jun 2013 16:22:51,478 | INFO [main] SecurityNamespaceHandler.<init>(59) | Spring Security 'config' module version is 3.1.4.RELEASE


[/sleep/15000] START
[myapp] 04 Jun 2013 16:27:00,767 | DEBUG [494291573@qtp-1995218271-0] AntPathRequestMatcher.matches(116) | Checking match of request : '/sleep/15000'; against '/css/**'
[myapp] 04 Jun 2013 16:27:00,780 | DEBUG [494291573@qtp-1995218271-0] AntPathRequestMatcher.matches(116) | Checking match of request : '/sleep/15000'; against '/js/**'
[myapp] 04 Jun 2013 16:27:00,781 | DEBUG [494291573@qtp-1995218271-0] AntPathRequestMatcher.matches(116) | Checking match of request : '/sleep/15000'; against '/tmpl/**'
[myapp] 04 Jun 2013 16:27:00,782 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[myapp] 04 Jun 2013 16:27:00,782 | DEBUG [494291573@qtp-1995218271-0] HttpSessionSecurityContextRepository.readSecurityContextFromSession(139) | HttpSession returned null object for SPRING_SECURITY_CONTEXT
[myapp] 04 Jun 2013 16:27:00,783 | DEBUG [494291573@qtp-1995218271-0] HttpSessionSecurityContextRepository.loadContext(85) | No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:1tqlu01iu4prct7j4tsirpkhx@863190940. A new one will be created.
[myapp] 04 Jun 2013 16:27:00,783 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/150000 at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myapp] 04 Jun 2013 16:27:00,783 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myapp] 04 Jun 2013 16:27:00,783 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 4 of 12 in additional filter chain; firing Filter: 'LegacyAuthenticationProcessingFilter'
[myapp] 04 Jun 2013 16:27:00,784 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 5 of 12 in additional filter chain; firing Filter: 'AuthenticationProcessingFilter'
[myapp] 04 Jun 2013 16:27:00,784 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 6 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[myapp] 04 Jun 2013 16:27:00,784 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 7 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[myapp] 04 Jun 2013 16:27:00,785 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 8 of 12 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
[myapp] 04 Jun 2013 16:27:00,785 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[myapp] 04 Jun 2013 16:27:00,786 | DEBUG [494291573@qtp-1995218271-0] AnonymousAuthenticationFilter.doFilter(102) | Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90545b24: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: ROLE_ANONYMOUS'
[myapp] 04 Jun 2013 16:27:00,787 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
[myapp] 04 Jun 2013 16:27:00,787 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[myapp] 04 Jun 2013 16:27:00,787 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[myapp] 04 Jun 2013 16:27:00,788 | DEBUG [494291573@qtp-1995218271-0] FilterSecurityInterceptor.beforeInvocation(185) | Public object - authentication not attempted
[myapp] 04 Jun 2013 16:27:00,788 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(323) | /sleep/15000 reached end of additional filter chain; proceeding with original chain


[/BLANK] START
[myApp] 04 Jun 2013 16:27:05,937 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/blank'; against '/css/**'
[myApp] 04 Jun 2013 16:27:05,937 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/blank'; against '/js/**'
[myApp] 04 Jun 2013 16:27:05,938 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/blank'; against '/tmpl/**'
[myApp] 04 Jun 2013 16:27:05,938 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[myApp] 04 Jun 2013 16:27:05,939 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.readSecurityContextFromSession(139) | HttpSession returned null object for SPRING_SECURITY_CONTEXT
[myApp] 04 Jun 2013 16:27:05,940 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.loadContext(85) | No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:1tqlu01iu4prct7j4tsirpkhx@863190940. A new one will be created.
[myApp] 04 Jun 2013 16:27:05,941 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:05,942 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:05,943 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 4 of 12 in additional filter chain; firing Filter: 'LegacyAuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:05,944 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 5 of 12 in additional filter chain; firing Filter: 'AuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:05,945 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 6 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[myApp] 04 Jun 2013 16:27:05,945 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 7 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[myApp] 04 Jun 2013 16:27:05,945 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 8 of 12 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:05,946 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:05,946 | DEBUG [319749910@qtp-1995218271-4] AnonymousAuthenticationFilter.doFilter(102) | Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90545b24: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: ROLE_ANONYMOUS'
[myApp] 04 Jun 2013 16:27:05,947 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
[myApp] 04 Jun 2013 16:27:05,947 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[myApp] 04 Jun 2013 16:27:05,947 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[myApp] 04 Jun 2013 16:27:05,948 | DEBUG [319749910@qtp-1995218271-4] FilterSecurityInterceptor.beforeInvocation(185) | Public object - authentication not attempted
[myApp] 04 Jun 2013 16:27:05,948 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(323) | /blank reached end of additional filter chain; proceeding with original chain
[myApp] 04 Jun 2013 16:27:06,160 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.saveContext(269) | SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[myApp] 04 Jun 2013 16:27:06,162 | DEBUG [319749910@qtp-1995218271-4] ExceptionTranslationFilter.doFilter(115) | Chain processed normally
[myApp] 04 Jun 2013 16:27:06,162 | DEBUG [319749910@qtp-1995218271-4] SecurityContextPersistenceFilter.doFilter(97) | SecurityContextHolder now cleared, as request processing completed

[/LOGIN] START
[myApp] 04 Jun 2013 16:27:06,195 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/login'; against '/css/**'
[myApp] 04 Jun 2013 16:27:06,196 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/login'; against '/js/**'
[myApp] 04 Jun 2013 16:27:06,197 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/login'; against '/tmpl/**'
[myApp] 04 Jun 2013 16:27:06,198 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /login?_=1370377626193 at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[myApp] 04 Jun 2013 16:27:06,271 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.readSecurityContextFromSession(139) | HttpSession returned null object for SPRING_SECURITY_CONTEXT
[myApp] 04 Jun 2013 16:27:06,272 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.loadContext(85) | No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:1tqlu01iu4prct7j4tsirpkhx@863190940. A new one will be created.
[myApp] 04 Jun 2013 16:27:06,272 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /login?_=1370377626193 at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:06,272 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /login?_=1370377626193 at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:06,273 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /login?_=1370377626193 at position 4 of 12 in additional filter chain; firing Filter: 'LegacyAuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:06,273 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /login?_=1370377626193 at position 5 of 12 in additional filter chain; firing Filter: 'AuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:06,293 | DEBUG [319749910@qtp-1995218271-4] ProviderManager.authenticate(152) | Authentication attempt using com.myproject.security.activedirectory.ActiveDirectoryAuthenticationProvider
[myApp] 04 Jun 2013 16:27:06,323 | DEBUG [319749910@qtp-1995218271-4] DefaultSpringSecurityContextSource.setupEnvironment(76) | Removing pooling flag for user admin@myproject.com
[myApp] 04 Jun 2013 16:27:06,500 | DEBUG [319749910@qtp-1995218271-4] ProviderManager.authenticate(152) | Authentication attempt using com.sun.proxy.$Proxy194
[myApp] 04 Jun 2013 16:27:06,503 | DEBUG [319749910@qtp-1995218271-4] ProviderManager.authenticate(152) | Authentication attempt using com.sun.proxy.$Proxy194
[myApp] 04 Jun 2013 16:27:11,513 | DEBUG [319749910@qtp-1995218271-4] TokenBasedRememberMeServices.rememberMeRequested(296) | Did not send remember-me cookie (principal did not set parameter 'rememberMe')
[myApp] 04 Jun 2013 16:27:11,514 | DEBUG [319749910@qtp-1995218271-4] TokenBasedRememberMeServices.loginSuccess(254) | Remember-me login not requested.
[myApp] 04 Jun 2013 16:27:11,531 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.saveContext(292) | SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@509b64dc: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,532 | DEBUG [319749910@qtp-1995218271-4] SecurityContextPersistenceFilter.doFilter(97) | SecurityContextHolder now cleared, as request processing completed


[/isauthenticated] START
[myApp] 04 Jun 2013 16:27:11,539 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/isauthenticated'; against '/css/**'
[myApp] 04 Jun 2013 16:27:11,540 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/isauthenticated'; against '/js/**'
[myApp] 04 Jun 2013 16:27:11,540 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/isauthenticated'; against '/tmpl/**'
[myApp] 04 Jun 2013 16:27:11,540 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[myApp] 04 Jun 2013 16:27:11,541 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.readSecurityContextFromSession(158) | Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@509b64dc: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,541 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:11,542 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:11,542 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 4 of 12 in additional filter chain; firing Filter: 'LegacyAuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:11,542 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 5 of 12 in additional filter chain; firing Filter: 'AuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:11,542 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 6 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[myApp] 04 Jun 2013 16:27:11,543 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 7 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[myApp] 04 Jun 2013 16:27:11,543 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 8 of 12 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:11,543 | DEBUG [319749910@qtp-1995218271-4] RememberMeAuthenticationFilter.doFilter(142) | SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,544 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:11,544 | DEBUG [319749910@qtp-1995218271-4] AnonymousAuthenticationFilter.doFilter(107) | SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,545 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
[myApp] 04 Jun 2013 16:27:11,545 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[myApp] 04 Jun 2013 16:27:11,545 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[myApp] 04 Jun 2013 16:27:11,546 | DEBUG [319749910@qtp-1995218271-4] FilterSecurityInterceptor.beforeInvocation(185) | Public object - authentication not attempted
[myApp] 04 Jun 2013 16:27:11,546 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(323) | /isAuthenticated?_=1370377631538 reached end of additional filter chain; proceeding with original chain
[myApp] 04 Jun 2013 16:27:11,573 | DEBUG [319749910@qtp-1995218271-4] ExceptionTranslationFilter.doFilter(115) | Chain processed normally
[myApp] 04 Jun 2013 16:27:11,574 | DEBUG [319749910@qtp-1995218271-4] SecurityContextPersistenceFilter.doFilter(97) | SecurityContextHolder now cleared, as request processing completed

[/account/summary] START
[removing this to save space, its redundant ]

[/currentuser] START
[myApp] 04 Jun 2013 16:27:11,949 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/currentuser'; against '/css/**'
[myApp] 04 Jun 2013 16:27:11,950 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/currentuser'; against '/js/**'
[myApp] 04 Jun 2013 16:27:11,950 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/currentuser'; against '/tmpl/**'
[myApp] 04 Jun 2013 16:27:11,950 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[myApp] 04 Jun 2013 16:27:11,950 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.readSecurityContextFromSession(158) | Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@509b64dc: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,951 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:11,951 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:11,951 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 4 of 12 in additional filter chain; firing Filter: 'LegacyAuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:11,951 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 5 of 12 in additional filter chain; firing Filter: 'AuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:11,952 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 6 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[myApp] 04 Jun 2013 16:27:11,952 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 7 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[myApp] 04 Jun 2013 16:27:11,952 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 8 of 12 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:11,953 | DEBUG [319749910@qtp-1995218271-4] RememberMeAuthenticationFilter.doFilter(142) | SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,953 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:11,953 | DEBUG [319749910@qtp-1995218271-4] AnonymousAuthenticationFilter.doFilter(107) | SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_CONFIG_ADMIN_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,954 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
[myApp] 04 Jun 2013 16:27:11,954 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[myApp] 04 Jun 2013 16:27:11,954 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[myApp] 04 Jun 2013 16:27:11,954 | DEBUG [319749910@qtp-1995218271-4] FilterSecurityInterceptor.beforeInvocation(185) | Public object - authentication not attempted
[myApp] 04 Jun 2013 16:27:11,955 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(323) | /currentUser?_=1370377631948 reached end of additional filter chain; proceeding with original chain
[myApp] 04 Jun 2013 16:27:12,016 | DEBUG [319749910@qtp-1995218271-4] ExceptionTranslationFilter.doFilter(115) | Chain processed normally
[myApp] 04 Jun 2013 16:27:12,018 | DEBUG [319749910@qtp-1995218271-4] SecurityContextPersistenceFilter.doFilter(97) | SecurityContextHolder now cleared, as request processing completed
















[myApp] 04 Jun 2013 16:27:15,822 | DEBUG [494291573@qtp-1995218271-0] HttpSessionSecurityContextRepository.saveContext(269) | SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[myApp] 04 Jun 2013 16:27:15,823 | DEBUG [494291573@qtp-1995218271-0] HttpSessionSecurityContextRepository.saveContext(269) | SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[myApp] 04 Jun 2013 16:27:15,824 | DEBUG [494291573@qtp-1995218271-0] ExceptionTranslationFilter.doFilter(115) | Chain processed normally
[myApp] 04 Jun 2013 16:27:15,825 | DEBUG [494291573@qtp-1995218271-0] SecurityContextPersistenceFilter.doFilter(97) | SecurityContextHolder now cleared, as request processing completed
于 2013-06-04T21:17:03.003 回答