首页   技术笔记   网址导航   Json在线解析   二维码   Ip地址查询   在线流程图  
新用户注册 | 会员登录
当前位置:  开发笔记 > 编程语言 > 正文

Spring Security:即使成功登录后也无法访问目标页面

作者:kikokikolove | 2023-08-14 17:50
如何解决《SpringSecurity:即使成功登录后也无法访问目标页面》经验,为你挑选了1个好方法。

Spring版本:2.5.6 SEC01
Spring Security版本:3.0.0 RC1

我正在尝试将Spring Security与Spring MVC应用程序集成.安全部分主要基于Spring Security附带的示例应用程序.我已经定义了一些需要特定角色来访问它们的页面,并且正如预期的那样,当访问它们而不登录登录页面时(我已经定义了我自己的登录页面).问题是,即使我输入正确的用户名和密码,我也会被扔回登录页面.我不完全确定这是一个Spring Security问题还是Spring MVC问题,但我们先试试前者.我有记录的请求,所以也许更熟悉他们的人将能够发现一些东西.

有很多日志记录(比一个帖子允许的更多)所以我只包括了最有趣的一点.根据我的理解,用户'rod'的登录成功,一切似乎都很好,直到时间14:30:28,222的行,我看到Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser;...,从那时起,用户被认为是匿名的.

输入正确的用户名和密码后,这是调试,导致返回登录页面:

14:30:28,192 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
14:30:28,192 DEBUG FilterChainProxy:183 - Candidate is: '/j_spring_security_check'; pattern is /**; matched=true
14:30:28,192 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 1 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@2a4e37fb'
14:30:28,193 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
14:30:28,193 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/j_spring_security_check'; pattern is /login.htm; matched=false
14:30:28,193 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 2 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.session.ConcurrentSessionFilter@753d556f'
14:30:28,193 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 3 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@db4268b'
14:30:28,194 DEBUG HttpSessionSecurityContextRepository:145 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
14:30:28,194 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2e4e76b4. A new one will be created.
14:30:28,194 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 4 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@21533b2c'
14:30:28,194 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 5 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5f51d6cb'
14:30:28,194 DEBUG UsernamePasswordAuthenticationFilter:194 - Request is to process authentication
14:30:28,197 DEBUG ProviderManager:118 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
14:30:28,203 DEBUG ConcurrentSessionControlStrategy:82 - Invalidating session with Id 'F281373E7B726C52448CDBB845DC0FA0' and migrating attributes.
14:30:28,204 DEBUG ConcurrentSessionControlStrategy:92 - Started new session: 24853B27E3FF94289CBB879FEA7EE27A
14:30:28,204 DEBUG SessionRegistryImpl:115 - Registering session 24853B27E3FF94289CBB879FEA7EE27A, for principal org.springframework.security.core.userdetails.User@2117c700: Username: rod; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER
14:30:28,205 DEBUG UsernamePasswordAuthenticationFilter:290 - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@86589b6c: Principal: org.springframework.security.core.userdetails.User@2117c700: Username: rod; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: F281373E7B726C52448CDBB845DC0FA0; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER
14:30:28,205 DEBUG SavedRequestAwareAuthenticationSuccessHandler:78 - Redirecting to DefaultSavedRequest Url: http://localhost:8080/vicinity/member/member_home.htm
14:30:28,206 DEBUG DefaultRedirectStrategy:55 - Redirecting to 'http://localhost:8080/vicinity/member/member_home.htm'
14:30:28,206 DEBUG HttpSessionSecurityContextRepository:332 - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@86589b6c: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@86589b6c: Principal: org.springframework.security.core.userdetails.User@2117c700: Username: rod; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: F281373E7B726C52448CDBB845DC0FA0; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER'
14:30:28,207 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
14:30:28,217 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/member/member_home.htm'; to: '/member/member_home.htm'
14:30:28,217 DEBUG FilterChainProxy:183 - Candidate is: '/member/member_home.htm'; pattern is /**; matched=true
14:30:28,217 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 1 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@2a4e37fb'
14:30:28,217 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/member/member_home.htm'; to: '/member/member_home.htm'
14:30:28,218 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/member/member_home.htm'; pattern is /login.htm; matched=false
14:30:28,218 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 2 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.session.ConcurrentSessionFilter@753d556f'
14:30:28,218 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 3 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@db4268b'
14:30:28,218 DEBUG HttpSessionSecurityContextRepository:133 - No HttpSession currently exists
14:30:28,218 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: null. A new one will be created.
14:30:28,219 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 4 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@21533b2c'
14:30:28,219 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 5 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5f51d6cb'
14:30:28,219 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 6 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@75ecda50'
14:30:28,219 DEBUG BasicAuthenticationFilter:118 - Authorization header: null
14:30:28,219 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 7 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@10f0f6ac'
14:30:28,220 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 8 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3bd29ee4'
14:30:28,220 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 9 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@bda96b'
14:30:28,220 DEBUG AnonymousAuthenticationFilter:98 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
14:30:28,220 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 10 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@23bdb02e'
14:30:28,221 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 11 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@7a79ae56'
14:30:28,221 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 12 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4aa4ceeb'
14:30:28,221 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/member/member_home.htm'; to: '/member/member_home.htm'
14:30:28,222 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/member/member_home.htm'; pattern is /member/**; matched=true
14:30:28,222 DEBUG FilterSecurityInterceptor:192 - Secure object: FilterInvocation: URL: /member/member_home.htm; Attributes: [ROLE_TELLER]
14:30:28,222 DEBUG FilterSecurityInterceptor:293 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
14:30:28,222 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.RoleVoter@a0ccc96, returned: -1
14:30:28,223 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@4e4b9101, returned: 0
14:30:28,223 DEBUG ExceptionTranslationFilter:154 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:204)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:107)
    SNIP...
14:30:28,224 DEBUG HttpSessionRequestCache:39 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/vicinity/member/member_home.htm]
14:30:28,225 DEBUG ExceptionTranslationFilter:178 - Calling Authentication entry point.
14:30:28,225 DEBUG DefaultRedirectStrategy:55 - Redirecting to 'http://localhost:8080/vicinity/login.htm'
14:30:28,225 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
14:30:28,227 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/login.htm'; to: '/login.htm'
14:30:28,228 DEBUG FilterChainProxy:183 - Candidate is: '/login.htm'; pattern is /**; matched=true
14:30:28,228 DEBUG FilterChainProxy:351 - /login.htm at position 1 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@2a4e37fb'
14:30:28,228 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/login.htm'; to: '/login.htm'
14:30:28,228 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/login.htm'; pattern is /login.htm; matched=true
14:30:28,229 DEBUG ChannelProcessingFilter:100 - Request: FilterInvocation: URL: /login.htm; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
14:30:28,229 DEBUG RetryWithHttpsEntryPoint:65 - Redirecting to: https://localhost:8443/vicinity/login.htm
14:30:28,231 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/login.htm'; to: '/login.htm'
14:30:28,231 DEBUG FilterChainProxy:183 - Candidate is: '/login.htm'; pattern is /**; matched=true
14:30:28,231 DEBUG FilterChainProxy:351 - /login.htm at position 1 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter@2a4e37fb'
14:30:28,232 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/login.htm'; to: '/login.htm'
14:30:28,232 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/login.htm'; pattern is /login.htm; matched=true
14:30:28,232 DEBUG ChannelProcessingFilter:100 - Request: FilterInvocation: URL: /login.htm; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
14:30:28,232 DEBUG FilterChainProxy:351 - /login.htm at position 2 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.session.ConcurrentSessionFilter@753d556f'
14:30:28,232 DEBUG FilterChainProxy:351 - /login.htm at position 3 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@db4268b'
14:30:28,233 DEBUG HttpSessionSecurityContextRepository:145 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
14:30:28,233 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@384e9bea. A new one will be created.
14:30:28,233 DEBUG FilterChainProxy:351 - /login.htm at position 4 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@21533b2c'
14:30:28,233 DEBUG FilterChainProxy:351 - /login.htm at position 5 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5f51d6cb'
14:30:28,234 DEBUG FilterChainProxy:351 - /login.htm at position 6 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@75ecda50'
14:30:28,234 DEBUG BasicAuthenticationFilter:118 - Authorization header: null
14:30:28,234 DEBUG FilterChainProxy:351 - /login.htm at position 7 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@10f0f6ac'
14:30:28,235 DEBUG DefaultSavedRequest:309 - pathInfo: both null (property equals)
14:30:28,235 DEBUG DefaultSavedRequest:309 - queryString: both null (property equals)
14:30:28,235 DEBUG DefaultSavedRequest:331 - requestURI: arg1=/vicinity/member/member_home.htm; arg2=/vicinity/login.htm (property not equals)
14:30:28,235 DEBUG HttpSessionRequestCache:72 - saved request doesn't match
14:30:28,236 DEBUG FilterChainProxy:351 - /login.htm at position 8 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3bd29ee4'
14:30:28,236 DEBUG FilterChainProxy:351 - /login.htm at position 9 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@bda96b'
14:30:28,236 DEBUG AnonymousAuthenticationFilter:98 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fa843a8: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: DC9231E2B140D2F7D720A3B171B52CCF; Granted Authorities: ROLE_ANONYMOUS'
14:30:28,237 DEBUG FilterChainProxy:351 - /login.htm at position 10 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@23bdb02e'
14:30:28,237 DEBUG FilterChainProxy:351 - /login.htm at position 11 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@7a79ae56'
14:30:28,237 DEBUG FilterChainProxy:351 - /login.htm at position 12 of 12 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4aa4ceeb'
14:30:28,237 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/login.htm'; to: '/login.htm'
14:30:28,238 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/login.htm'; pattern is /member/**; matched=false
14:30:28,238 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/login.htm'; pattern is /login.htm; matched=true
14:30:28,238 DEBUG FilterSecurityInterceptor:192 - Secure object: FilterInvocation: URL: /login.htm; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
14:30:28,239 DEBUG FilterSecurityInterceptor:293 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fa843a8: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: DC9231E2B140D2F7D720A3B171B52CCF; Granted Authorities: ROLE_ANONYMOUS
14:30:28,239 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.RoleVoter@a0ccc96, returned: 0
14:30:28,239 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@4e4b9101, returned: 1
14:30:28,239 DEBUG FilterSecurityInterceptor:214 - Authorization successful
14:30:28,240 DEBUG FilterSecurityInterceptor:224 - RunAsManager did not change Authentication object
14:30:28,240 DEBUG FilterChainProxy:340 - /login.htm reached end of additional filter chain; proceeding with original chain
14:30:28,243 DEBUG ExceptionTranslationFilter:101 - Chain processed normally
14:30:28,243 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed

rodrigoap.. 5

这里的关键是成功登录后会话丢失: 

14:30:28,218 DEBUG HttpSessionSecurityContextRepository:133 - No HttpSession currently exists
14:30:28,218 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: null. A new one will be created.

匿名用户是由defult创建的,因为没有安全上下文.

您可以尝试相同但没有https限制吗?或者在https中完成所有操作.只是为了看它是否有效.



1> rodrigoap..:

这里的关键是成功登录后会话丢失: 

14:30:28,218 DEBUG HttpSessionSecurityContextRepository:133 - No HttpSession currently exists
14:30:28,218 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: null. A new one will be created.

匿名用户是由defult创建的,因为没有安全上下文.

您可以尝试相同但没有https限制吗?或者在https中完成所有操作.只是为了看它是否有效.

推荐阅读
devbox
kikokikolove
这个屌丝很懒,什么也没留下!
关注作者
Tags | 热门标签
RankList | 热门文章
DevBox开发工具箱 | 专业的在线开发工具网站    京公网安备 11010802040832号  |  京ICP备19059560号-6
Copyright © 1998 - 2020 DevBox.CN. All Rights Reserved devBox.cn 开发工具箱 版权所有