堆栈内存溢出
  简体   繁体   English

RememberMe Spring Security:成功处理程序被多次调用

[英]RememberMe Spring Security: success handler is called multiple times

 原文  2015-07-29 16:21:39       java/ spring/ tomcat/ authentication

问题描述

I am running a Spring application over Tomcat7. 我正在通过Tomcat7运行Spring应用程序。 I implemented a remember me service in Spring with the following bean in security.xml: 我在Spring中使用security.xml中的以下bean实现了“记住我”服务: 

<remember-me key="SOMEKEY" user-service-ref="defaultUserService"
             authentication-success-handler-ref="rememberMeAuthenticationSuccessHandler" />

My Success controller looks like this: 我的成功控制器如下所示: 

@Service
public class RememberMeAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    @Autowired
    private UserService userService;

    private static final Logger logger = LoggerFactory.getLogger(RememberMeAuthenticationSuccessHandler.class);

    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
        User authenticatedUser = (User)authentication.getPrincipal();

        if (authenticatedUser != null) {
            logger.info("Successfully auto-logged in user: " + authenticatedUser.getUsername());
            authenticatedUser.setLastLogin(new Date());
            userService.save(authenticatedUser);
        } else {
            logger.error("Auto-logged in user is empty!");
        }
    }
}

The problem is that the callback is run multiple times so that I will have four access to the database. 问题是该回调多次运行,因此我将对数据库具有四个访问权限。

logs look like this: 日志如下所示: 

2015.07.29 18:13:28 [http-bio-8080-exec-9] INFO  Successfully auto-logged in user: t50@t.it
2015.07.29 18:13:28 [http-bio-8080-exec-1] INFO  Successfully auto-logged in user: t50@t.it
2015.07.29 18:13:28 [http-bio-8080-exec-7] INFO  Successfully auto-logged in user: t50@t.it
2015.07.29 18:13:28 [http-bio-8080-exec-6] INFO  Successfully auto-logged in user: t50@t.it

I think there is a registered callback per thread. 我认为每个线程都有一个注册的回调。 I supposed this is related to the fact that it is a Service type, however I need it in order to Autowire the userRepository 我认为这与它是服务类型有关,但是我需要它以便自动连接userRepository

Is there a way to fix this gracefully? 有没有办法优雅地解决此问题?

Thanks a lot 非常感谢

1 个解决方案

解决方案1
 0 已采纳  2015-07-30 02:15:48

It's not normal, could you just log more information about the request and check your client code again? 这是不正常的,您可以只记录有关该请求的更多信息并再次检查您的客户端代码吗?

I'm pretty sure it's a consequence of multiple client calls 我很确定这是多个客户来电的结果

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Security LDAP成功处理程序 - Spring security LDAP success handler 如何将身份验证成功处理程序分配给多个Spring安全领域 - How to assign auth success handler to multiple spring security realms Spring 4 Security Tiles 3自定义成功处理程序 - Spring 4 Security Tiles 3 Custom Success Handler Spring安全性预认证成功处理程序 - Spring security Pre authentication success handler 找不到用于Spring Security的Spring Bean还记得我吗? - Spring Bean not found for Spring Security RememberMe? Spring Security禁用rememberMe不起作用 - Spring Security disable rememberMe doesn't work 带有用户名和 ID 的 Spring Security RememberMe 功能 - Spring Security RememberMe function with username and id Spring Security 4.0.3 RememberMe tokenValiditySeconds无法正常工作 - Spring Security 4.0.3 rememberMe tokenValiditySeconds not working oauth2 spring-security 成功和失败处理程序 - oauth2 spring-security success and failure handler 为什么我的 Spring Security 没有将请求转发到身份验证成功处理程序? - Why is my spring security not forwarding the request to authentication-success-handler?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM