堆棧內存溢出
  簡體   English   中英

身份驗證成功后,spring security HttpSession為空

[英]spring security HttpSession is null after Authentication success

 原文  2014-10-15 23:35:03       java/ spring/ security/ authentication/ httpsession

問題描述

我正在使用Spring Security 3.0.5.RELEASE。 成功通過身份驗證后,未對用戶進行身份驗證,而是在日志中顯示了此消息

16/10/2014 00:08:17 [http-bio-8080-exec-5](AbstractAuthenticationProcessingFilter.java:289)調試-身份驗證成功...

2014/10/16 00:08:17 [http-bio-8080-exec-5](HttpSessionSecurityContextRepository.java:360)調試-將SecurityContext存儲到HttpSession中:'org.springframework.security.core.context.SecurityContextImpl@57920877: ... 16/10/2014 00:08:17 [http-bio-8080-exec-5](SecurityContextPersistenceFilter.java:89)調試-隨着請求處理完成,SecurityContextHolder現在已清除...

16/10/2014 00:08:18 [http-bio-8080-exec-6](HttpSessionSecurityContextRepository.java:130)調試-當前不存在HttpSession 16/10/2014 00:08:18 [http-bio-8080 -exec-6](HttpSessionSecurityContextRepository.java:88)調試-HttpSession沒有提供SecurityContext:空。 將創建一個新的。

這是我的conf web.xml: 

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

security.xml文件 

<security:http auto-config="true" use-expressions="true" access-denied-page="/denied.htm">
<security:intercept-url pattern="/"  access="permitAll" />
<security:intercept-url pattern="/user/login"  access="permitAll" />
<security:intercept-url pattern="/admin/**"  access="hasRole('ROLE_ADMIN')" />
<security:form-login    login-page="/user/login.htm"  authentication-failure-url="/user/login.htm?error=true"   default-target-url="/" />
<security:logout invalidate-session="true" logout-success-url="/index.htm" logout-url="/logout.htm" />


<security:authentication-manager>
    <security:authentication-provider user-service-ref="userDetailsService">
        <security:password-encoder ref="passwordEncoder" />
    </security:authentication-provider>
</security:authentication-manager>

<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the 
    database -->
<bean
    class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder" />

<bean id="userDaoService" class="com.example.dao.jdbc.JdbcUserDao">
    <property name="dataSource" ref="dataSource" />
</bean>

<bean id="userDetailsService" class="com.cercle.core.services.impl.UserServiceImpl">
</bean>

<bean id="userDetails" class="com.example.model.User">
</bean>

1 個解決方案

解決方案1
 1  2014-10-16 13:22:44

我發現了問題。 Spring conf沒問題,但是我的tomcat在apache2后面運行,我忘了通知apache2保存cookie(使用ProxyPassReverseCookiePath命令)

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 成功認證后的自定義響應彈簧安全性 Spring Security重定向到登錄頁面並在身份驗證成功后終止會話 Spring Security 重新創建 HttpSession 無法驗證:HttpSession為SPRING_SECURITY_CONTEXT返回空對象 Spring安全性預認證成功處理程序 錯誤頁面重定向后,Spring Security身份驗證為空 春季安全-身份驗證中的sessionId為null Tomcat 7會話意外結束Spring Security,並顯示以下消息:HttpSession為SPRING_SECURITY_CONTEXT返回空對象 在Spring Security中檢查現有的HttpSession Spring:HttpSession 在集群 Tomcat 故障轉移中為 SPRING_SECURITY_CONTEXT 返回空對象
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM