5

我正在尝试将安全并发会话与 spring security 3.1.4 一起使用。但它不起作用,我不明白为什么。Tomcat https 配置为重定向 http 请求,但我不知道它是否在实际问题中起作用。

你能帮我解决这个问题吗?

谢谢。

这是我的弹簧安全 xml。

 <security:http auto-config="true" use-expressions="true" disable-url-rewriting="true">
     <security:intercept-url pattern="/Loginsucess*" access="isAuthenticated()"  />
     <security:intercept-url pattern="/Login" access="hasRole('ROLE_ANONYMOUS')" />   
     <security:intercept-url pattern="/Login/Error" access="hasRole('ROLE_ANONYMOUS')" />    
     <security:form-login  login-page="/Login"  login-processing-url="/j_spring_security_check"  authentication-failure-url="/Login/Error" default-target-url="/Loginsucess" />
     <security:logout logout-url="/j_spring_security_logout" logout-success-url="/Login" delete-cookies="JSESSIONID"  invalidate-session="true"/>
     <security:anonymous/>
     <security:session-management invalid-session-url="/Login" >
        <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"  />
     </security:session-management>
     <security:port-mappings>
      <security:port-mapping http="8086" https="8443"/>
     </security:port-mappings>
</security:http>

我已经将此添加到我的 web.xml 中:

<listener>
<listener-class>
  org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>

编辑 :

在一台机器上首次登录:

> 17:57:17,116 DEBUG FilterChainProxy:337 - /j_spring_security_check at
> position 1 of 11 in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 17:57:17,117 DEBUG
> HttpSessionSecurityContextRepository:139 - HttpSession returned null
> object for SPRING_SECURITY_CONTEXT 17:57:17,117 DEBUG
> HttpSessionSecurityContextRepository:85 - No SecurityContext was
> available from the HttpSession:
> org.apache.catalina.session.StandardSessionFacade@1a60232c. A new one
> will be created. 17:57:17,117 DEBUG FilterChainProxy:337 -
> /j_spring_security_check at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 17:57:17,117 DEBUG
> FilterChainProxy:337 - /j_spring_security_check at position 3 of 11 in
> additional filter chain; firing Filter: 'LogoutFilter' 17:57:17,117
> DEBUG FilterChainProxy:337 - /j_spring_security_check at position 4 of
> 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 17:57:17,117 DEBUG
> UsernamePasswordAuthenticationFilter:189 - Request is to process
> authentication 17:57:17,118 DEBUG ProviderManager:152 - Authentication
> attempt using
> org.springframework.security.authentication.dao.DaoAuthenticationProvider
> Hibernate: select user0_.id as id1_13_, user0_.username as
> username2_13_, user0_.firstname as firstnam3_13_, user0_.lastname as
> lastname4_13_, user0_.password as password5_13_, user0_.email as
> email6_13_, user0_.enabled as enabled7_13_ from biomoltracker.LOG_user
> user0_ where user0_.username=? Hibernate: select roles1_.role_name as
> col_0_0_ from biomoltracker.LOG_user user0_ inner join
> biomoltracker.LOG_role roles1_ on user0_.id=roles1_.id_user_fk where
> user0_.id=? 17:57:17,355 DEBUG ConcurrentSessionControlStrategy:88 -
> Invalidating session with Id '4A09DE3E6ACDE04373284600DACDBE39' and
> migrating attributes. 17:57:17,355 DEBUG HttpSessionEventPublisher:83
> - Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@1a60232c]
> 17:57:17,356 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@60e9ebe1]
> 17:57:17,356 DEBUG ConcurrentSessionControlStrategy:98 - Started new
> session: 7431CCBD3008FC59A2AF1C44632F33F0 17:57:17,356 DEBUG
> SessionRegistryImpl:107 - Registering session
> 7431CCBD3008FC59A2AF1C44632F33F0, for principal
> com.clb.genomic.lyon.model.User@654f8017 17:57:17,356 DEBUG
> UsernamePasswordAuthenticationFilter:317 - Authentication success.
> Updating SecurityContextHolder to contain:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 17:57:17,357 DEBUG
> SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url:
> /Loginsucess 17:57:17,357 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Loginsucess' 17:57:17,357 DEBUG
> HttpSessionSecurityContextRepository:292 - SecurityContext stored to
> HttpSession:
> 'org.springframework.security.core.context.SecurityContextImpl@ff2ffd00:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,357 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 17:57:17,360 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 1 of 11 in additional
> filter chain; firing Filter: 'SecurityContextPersistenceFilter'
> 17:57:17,361 DEBUG HttpSessionSecurityContextRepository:158 - Obtained
> a valid SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@ff2ffd00:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,361 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 2 of 11 in additional filter chain; firing
> Filter: 'ConcurrentSessionFilter' 17:57:17,361 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 3 of 11 in additional
> filter chain; firing Filter: 'LogoutFilter' 17:57:17,361 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 4 of 11 in additional
> filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
> 17:57:17,361 DEBUG FilterChainProxy:337 - /Loginsucess at position 5
> of 11 in additional filter chain; firing Filter:
> 'BasicAuthenticationFilter' 17:57:17,361 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 6 of 11 in additional filter chain; firing
> Filter: 'RequestCacheAwareFilter' 17:57:17,362 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 7 of 11 in additional
> filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 17:57:17,362 DEBUG FilterChainProxy:337 - /Loginsucess at position 8
> of 11 in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 17:57:17,362 DEBUG
> AnonymousAuthenticationFilter:107 - SecurityContextHolder not
> populated with anonymous token, as it already contained:
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,362 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 9 of 11 in additional filter chain; firing
> Filter: 'SessionManagementFilter' 17:57:17,362 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 10 of 11 in additional
> filter chain; firing Filter: 'ExceptionTranslationFilter' 17:57:17,362
> DEBUG FilterChainProxy:337 - /Loginsucess at position 11 of 11 in
> additional filter chain; firing Filter: 'FilterSecurityInterceptor'
> 17:57:17,362 DEBUG AntPathRequestMatcher:116 - Checking match of
> request : '/loginsucess'; against '/loginsucess*' 17:57:17,363 DEBUG
> FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL:
> /Loginsucess; Attributes: [isAuthenticated()] 17:57:17,363 DEBUG
> FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 17:57:17,363 DEBUG AffirmativeBased:65 -
> Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 17:57:17,363 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 17:57:17,363 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 17:57:17,364 DEBUG FilterChainProxy:323 -
> /Loginsucess reached end of additional filter chain; proceeding with
> original chain 17:57:17,469 DEBUG ExceptionTranslationFilter:115 -
> Chain processed normally 17:57:17,469 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed

当具有相同(用户名/密码)的第二个用户从另一台机器登录时。

> 8:01:47,309 DEBUG FilterChainProxy:337 - /j_spring_security_check at
> position 1 of 11 in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:47,310 DEBUG
> HttpSessionSecurityContextRepository:139 - HttpSession returned null
> object for SPRING_SECURITY_CONTEXT 18:01:47,310 DEBUG
> HttpSessionSecurityContextRepository:85 - No SecurityContext was
> available from the HttpSession:
> org.apache.catalina.session.StandardSessionFacade@67a53697. A new one
> will be created. 18:01:47,310 DEBUG FilterChainProxy:337 -
> /j_spring_security_check at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 18:01:47,310 DEBUG
> FilterChainProxy:337 - /j_spring_security_check at position 3 of 11 in
> additional filter chain; firing Filter: 'LogoutFilter' 18:01:47,310
> DEBUG FilterChainProxy:337 - /j_spring_security_check at position 4 of
> 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 18:01:47,310 DEBUG
> UsernamePasswordAuthenticationFilter:189 - Request is to process
> authentication 18:01:47,310 DEBUG ProviderManager:152 - Authentication
> attempt using
> org.springframework.security.authentication.dao.DaoAuthenticationProvider
> Hibernate: select user0_.id as id1_13_, user0_.username as
> username2_13_, user0_.firstname as firstnam3_13_, user0_.lastname as
> lastname4_13_, user0_.password as password5_13_, user0_.email as
> email6_13_, user0_.enabled as enabled7_13_ from biomoltracker.LOG_user
> user0_ where user0_.username=? Hibernate: select roles1_.role_name as
> col_0_0_ from biomoltracker.LOG_user user0_ inner join
> biomoltracker.LOG_role roles1_ on user0_.id=roles1_.id_user_fk where
> user0_.id=? 18:01:47,317 DEBUG ConcurrentSessionControlStrategy:88 -
> Invalidating session with Id 'E644740185BC8E28272BD4F80751D445' and
> migrating attributes. 18:01:47,318 DEBUG HttpSessionEventPublisher:83
> - Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@67a53697]
> 18:01:47,318 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@65447c32]
> 18:01:47,318 DEBUG ConcurrentSessionControlStrategy:98 - Started new
> session: 3694308C7FCA68AC5FFD1E442464FE50 18:01:47,318 DEBUG
> SessionRegistryImpl:107 - Registering session
> 3694308C7FCA68AC5FFD1E442464FE50, for principal
> com.clb.genomic.lyon.model.User@1b2c4d8f 18:01:47,319 DEBUG
> UsernamePasswordAuthenticationFilter:317 - Authentication success.
> Updating SecurityContextHolder to contain:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 18:01:47,319 DEBUG
> SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url:
> /Loginsucess 18:01:47,319 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Loginsucess' 18:01:47,319 DEBUG
> HttpSessionSecurityContextRepository:292 - SecurityContext stored to
> HttpSession:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,320 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 18:01:47,324 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 1 of 11 in additional
> filter chain; firing Filter: 'SecurityContextPersistenceFilter'
> 18:01:47,324 DEBUG HttpSessionSecurityContextRepository:158 - Obtained
> a valid SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,324 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 2 of 11 in additional filter chain; firing
> Filter: 'ConcurrentSessionFilter' 18:01:47,324 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 3 of 11 in additional
> filter chain; firing Filter: 'LogoutFilter' 18:01:47,325 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 4 of 11 in additional
> filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
> 18:01:47,325 DEBUG FilterChainProxy:337 - /Loginsucess at position 5
> of 11 in additional filter chain; firing Filter:
> 'BasicAuthenticationFilter' 18:01:47,325 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 6 of 11 in additional filter chain; firing
> Filter: 'RequestCacheAwareFilter' 18:01:47,325 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 7 of 11 in additional
> filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 18:01:47,325 DEBUG FilterChainProxy:337 - /Loginsucess at position 8
> of 11 in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 18:01:47,325 DEBUG
> AnonymousAuthenticationFilter:107 - SecurityContextHolder not
> populated with anonymous token, as it already contained:
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,326 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 9 of 11 in additional filter chain; firing
> Filter: 'SessionManagementFilter' 18:01:47,326 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 10 of 11 in additional
> filter chain; firing Filter: 'ExceptionTranslationFilter' 18:01:47,326
> DEBUG FilterChainProxy:337 - /Loginsucess at position 11 of 11 in
> additional filter chain; firing Filter: 'FilterSecurityInterceptor'
> 18:01:47,326 DEBUG AntPathRequestMatcher:116 - Checking match of
> request : '/loginsucess'; against '/loginsucess*' 18:01:47,326 DEBUG
> FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL:
> /Loginsucess; Attributes: [isAuthenticated()] 18:01:47,326 DEBUG
> FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 18:01:47,327 DEBUG AffirmativeBased:65 -
> Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 18:01:47,327 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 18:01:47,327 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 18:01:47,327 DEBUG FilterChainProxy:323 -
> /Loginsucess reached end of additional filter chain; proceeding with
> original chain 18:01:47,427 DEBUG ExceptionTranslationFilter:115 -
> Chain processed normally 18:01:47,427 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 18:01:56,039 DEBUG
> FilterChainProxy:337 - /j_spring_security_logout at position 1 of 11
> in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:56,040 DEBUG
> HttpSessionSecurityContextRepository:158 - Obtained a valid
> SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:56,040 DEBUG FilterChainProxy:337 -
> /j_spring_security_logout at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 18:01:56,040 DEBUG
> FilterChainProxy:337 - /j_spring_security_logout at position 3 of 11
> in additional filter chain; firing Filter: 'LogoutFilter' 18:01:56,040
> DEBUG LogoutFilter:93 - Logging out user
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' and transferring to logout destination
> 18:01:56,040 DEBUG SecurityContextLogoutHandler:62 - Invalidating
> session: 3694308C7FCA68AC5FFD1E442464FE50 18:01:56,040 DEBUG
> HttpSessionEventPublisher:83 - Publishing event:
> org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@65447c32]
> 18:01:56,041 DEBUG SessionRegistryImpl:156 - Removing session
> 3694308C7FCA68AC5FFD1E442464FE50 from principal's set of registered
> sessions 18:01:56,041 DEBUG SessionRegistryImpl:164 - Removing
> principal com.clb.genomic.lyon.model.User@1b2c4d8f from registry
> 18:01:56,041 DEBUG SimpleUrlLogoutSuccessHandler:107 - Using default
> Url: /Login 18:01:56,041 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Login' 18:01:56,041 DEBUG
> HttpSessionSecurityContextRepository:269 - SecurityContext is empty or
> contents are anonymous - context will not be stored in HttpSession.
> 18:01:56,042 DEBUG SecurityContextPersistenceFilter:97 -
> SecurityContextHolder now cleared, as request processing completed
> 18:01:56,045 DEBUG FilterChainProxy:337 - /Login at position 1 of 11
> in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:56,045 DEBUG
> HttpSessionSecurityContextRepository:127 - No HttpSession currently
> exists 18:01:56,045 DEBUG HttpSessionSecurityContextRepository:85 - No
> SecurityContext was available from the HttpSession: null. A new one
> will be created. 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at
> position 2 of 11 in additional filter chain; firing Filter:
> 'ConcurrentSessionFilter' 18:01:56,046 DEBUG FilterChainProxy:337 -
> /Login at position 3 of 11 in additional filter chain; firing Filter:
> 'LogoutFilter' 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at
> position 4 of 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 5 of 11 in additional filter
> chain; firing Filter: 'BasicAuthenticationFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 6 of 11 in additional filter
> chain; firing Filter: 'RequestCacheAwareFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 7 of 11 in additional filter
> chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at position 8 of 11
> in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 18:01:56,047 DEBUG
> AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder
> with anonymous token:
> 'org.springframework.security.authentication.AnonymousAuthenticationToken@90554a14:
> Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated:
> true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@3bcc:
> RemoteIpAddress: 192.168.154.20; SessionId: null; Granted Authorities:
> ROLE_ANONYMOUS' 18:01:56,047 DEBUG FilterChainProxy:337 - /Login at
> position 9 of 11 in additional filter chain; firing Filter:
> 'SessionManagementFilter' 18:01:56,047 DEBUG FilterChainProxy:337 -
> /Login at position 10 of 11 in additional filter chain; firing Filter:
> 'ExceptionTranslationFilter' 18:01:56,047 DEBUG FilterChainProxy:337 -
> /Login at position 11 of 11 in additional filter chain; firing Filter:
> 'FilterSecurityInterceptor' 18:01:56,047 DEBUG
> AntPathRequestMatcher:116 - Checking match of request : '/login';
> against '/loginsucess*' 18:01:56,047 DEBUG AntPathRequestMatcher:116 -
> Checking match of request : '/login'; against '/login' 18:01:56,048
> DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation:
> URL: /Login; Attributes: [hasRole('ROLE_ANONYMOUS')] 18:01:56,048
> DEBUG FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.AnonymousAuthenticationToken@90554a14:
> Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated:
> true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@3bcc:
> RemoteIpAddress: 192.168.154.20; SessionId: null; Granted Authorities:
> ROLE_ANONYMOUS 18:01:56,048 DEBUG AffirmativeBased:65 - Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 18:01:56,048 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 18:01:56,049 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 18:01:56,049 DEBUG FilterChainProxy:323 - /Login
> reached end of additional filter chain; proceeding with original chain
> 18:01:56,145 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@2fa28842]
> 18:01:56,152 DEBUG HttpSessionSecurityContextRepository:269 -
> SecurityContext is empty or contents are anonymous - context will not
> be stored in HttpSession. 18:01:56,152 DEBUG
> ExceptionTranslationFilter:115 - Chain processed normally 18:01:56,152
> DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed
4

1 回答 1

10

您有一个自定义主体对象(类型com.clb.genomic.lyon.model.User),它将用作SessionRegistry键。您所看到的最可能的原因是您尚未实现此类hashcodeequals因此注册表不知道这两个实例用于同一主体。

在不引起任何问题的情况下执行此操作的最佳方法是使用用户名作为唯一数据来实现方法(请参阅默认User对象以获取示例)。

您可能还应该实现toString至少输出用户名,因为它会使阅读调试日志更容易。

于 2013-10-11T17:19:06.640 回答