[英]spring security HttpSession is null after Authentication success
我正在使用Spring Security 3.0.5.RELEASE。 成功通過身份驗證后,未對用戶進行身份驗證,而是在日志中顯示了此消息
16/10/2014 00:08:17 [http-bio-8080-exec-5](AbstractAuthenticationProcessingFilter.java:289)調試-身份驗證成功...
2014/10/16 00:08:17 [http-bio-8080-exec-5](HttpSessionSecurityContextRepository.java:360)調試-將SecurityContext存儲到HttpSession中:'org.springframework.security.core.context.SecurityContextImpl@57920877: ... 16/10/2014 00:08:17 [http-bio-8080-exec-5](SecurityContextPersistenceFilter.java:89)調試-隨着請求處理完成,SecurityContextHolder現在已清除...
16/10/2014 00:08:18 [http-bio-8080-exec-6](HttpSessionSecurityContextRepository.java:130)調試-當前不存在HttpSession 16/10/2014 00:08:18 [http-bio-8080 -exec-6](HttpSessionSecurityContextRepository.java:88)調試-HttpSession沒有提供SecurityContext:空。 將創建一個新的。
這是我的conf web.xml:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
security.xml文件
<security:http auto-config="true" use-expressions="true" access-denied-page="/denied.htm">
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/user/login" access="permitAll" />
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<security:form-login login-page="/user/login.htm" authentication-failure-url="/user/login.htm?error=true" default-target-url="/" />
<security:logout invalidate-session="true" logout-success-url="/index.htm" logout-url="/logout.htm" />
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the
database -->
<bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder" />
<bean id="userDaoService" class="com.example.dao.jdbc.JdbcUserDao">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="userDetailsService" class="com.cercle.core.services.impl.UserServiceImpl">
</bean>
<bean id="userDetails" class="com.example.model.User">
</bean>
我發現了問題。 Spring conf沒問題,但是我的tomcat在apache2后面運行,我忘了通知apache2保存cookie(使用ProxyPassReverseCookiePath命令)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.