Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/396.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 春季安全怪异行为_Java_Spring Mvc_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 春季安全怪异行为

Java 春季安全怪异行为

java spring-mvc spring-security

Java 春季安全怪异行为,java,spring-mvc,spring-security,Java,Spring Mvc,Spring Security,我正在使用spring security和MongoDB进行测试,所以我使用MongoDB构建了一个自定义UserDetailService,我让它工作了,但突然它开始抛出异常,我试图解决问题,但我无法解决,所以我在实现自定义UserDetailService之前将代码还原到先前的状态,然后它再次开始工作,我重新实现了UserDetailService,发生了完全相同的事情,它只是停止工作,甚至不做任何更改,只是停止并重新启动tomcat 这是我的web.xml org.springframe

我正在使用spring security和MongoDB进行测试,所以我使用MongoDB构建了一个自定义UserDetailService,我让它工作了,但突然它开始抛出异常,我试图解决问题,但我无法解决,所以我在实现自定义UserDetailService之前将代码还原到先前的状态,然后它再次开始工作,我重新实现了UserDetailService,发生了完全相同的事情,它只是停止工作,甚至不做任何更改,只是停止并重新启动tomcat

这是我的web.xml


org.springframework.web.context.request.RequestContextListener
org.springframework.web.context.ContextLoaderListener
生成的spring安全会话集成筛选器
SpringSecuritySessionIntegrationFilter
org.springframework.security.web.context.SecurityContextPersistenceFilter
生成的sitemesh过滤器
Sitemesh过滤器
com.opensymphony.module.sitemesh.filter.PageFilter
生成的spring安全过滤器
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
SpringSecuritySessionIntegrationFilter
/*
Sitemesh过滤器
/*
springSecurityFilterChain
/*
生成的servlet
MongoSecurity Servlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
类路径:MongoSecurity-web-context.xml
1.
生成资源servlet
资源Servlet
org.springframework.js.resource.ResourceServlet
1.
资源Servlet
/资源/*
MongoSecurity Servlet
/

我得到的例外是:

java.lang.ClassCastException: org.springframework.security.web.firewall.FirewalledResponse cannot be cast to org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
org.springframework.security.web.context.HttpSessionSecurityContextRepository.saveContext(HttpSessionSecurityContextRepository.java:99)
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:139)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:65)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
以下是我的security-context.xml:

<http auto-config="true">
    <intercept-url pattern="/pages/login.jsp" />
    <intercept-url access="ROLE_ADMIN" pattern="/secure/**" />
    <form-login authentication-failure-url="/pages/login.jsp?login_error=true" login-page="/pages/login.jsp" />
<logout invalidate-session="true" logout-success-url="/pages/logout-redirect.jsp" />
    <remember-me key="formsRMKey" user-service-ref="userDetailsService" />
</http>
<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="sha" />
    </authentication-provider>
</authentication-manager>
<beans:bean id="userDetailsService" class="com.realestate.service.MongoUserDetailService" />
以及MongoUserDetailService的实现:

public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException {
    UserAccount user = userDao.findByUsername(username);
    if(user == null){
        return null;
    }
    return new User(user.getUsername(), user.getPassword(), true, true, true, true, getGrantedAuthorities(user.getRoles()));
}

public static List<SimpleGrantedAuthority> getGrantedAuthorities(List<Role> roles) {
    List<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
    for (Role role : roles) {
        authorities.add(new SimpleGrantedAuthority(role.getName()));
    }
    return authorities;
}

public UserDetails loadUserByUsername(字符串用户名)
抛出UsernameNotFoundException{
UserAccount user=userDao.findByUsername(用户名);
if(user==null){
返回null;
}
返回新用户(User.getUsername(),User.getPassword(),true,true,true,getGrantedAuthories(User.getRoles());
}
公共静态列表GetGrantedAuthories(列表角色){
列表权限=新建ArrayList();
for(角色:角色){
add(新的SimpleGrantedAuthority(role.getName());
}
返回当局;
}
任何帮助都将不胜感激。

我遇到过类似的问题,从web.xml中删除SecurityContextPersistenceFilter解决了我的问题。http配置元素使用自己的SecurityContextPersistenceFilter创建过滤器链,因此显式声明的过滤器会出现问题。 顺便说一下,您的web.xml中还存在一些其他Spring安全过滤器,因此您可能不仅需要删除此过滤器,还需要删除这些过滤器才能正常工作。
请参阅以获取有关默认注册的Spring安全筛选器的信息。

我遇到了类似的问题,从web.xml中删除SecurityContextPersistenceFilter解决了我的问题。http配置元素使用自己的SecurityContextPersistenceFilter创建过滤器链,因此显式声明的过滤器会出现问题。 顺便说一下,您的web.xml中还存在一些其他Spring安全过滤器,因此您可能不仅需要删除此过滤器,还需要删除这些过滤器才能正常工作。
请参阅以获取有关默认注册的Spring安全筛选器的信息。

您可以发布userdertails类吗?您可以发布userdertails类吗?