Java 带有Spring Security的华夫饼干在IE中失败
我在Spring引导应用程序中使用Spring安全性和华夫格。我已经使用基于Java的Spring配置配置了华夫饼干。(见下文。) 我已经将Spring Boot配置为使用Tomcat(默认)和SSL,但即使我恢复使用未加密的http连接,问题仍然存在 如果我使用Google Chrome访问该网站,我可以正确地进行身份验证,但在IE11中它以奇怪的方式失败。华夫格会生成以下日志:Java 带有Spring Security的华夫饼干在IE中失败,java,spring,internet-explorer,spring-security,waffle,Java,Spring,Internet Explorer,Spring Security,Waffle,我在Spring引导应用程序中使用Spring安全性和华夫格。我已经使用基于Java的Spring配置配置了华夫饼干。(见下文。) 我已经将Spring Boot配置为使用Tomcat(默认)和SSL,但即使我恢复使用未加密的http连接,问题仍然存在 如果我使用Google Chrome访问该网站,我可以正确地进行身份验证,但在IE11中它以奇怪的方式失败。华夫格会生成以下日志: [DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilte
[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52047
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - token buffer: 126 byte(s)
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - continue token: xxxx
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - continue required: true
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52047
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - token buffer: 121 byte(s)
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - continue token: xxxx
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - continue required: false
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - logged in user: DOMAIN\username (xxxx)
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - roles: DOMAIN\username, xxxx, xxxxxxxxxxxxxxxxxx
[INFO ] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - successfully logged in user: DOMAIN\username
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52047
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - token buffer: 121 byte(s)
[WARN ] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - error logging in user: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
因此,在我看来,身份验证似乎成功了,但由于某种原因,它尝试重新身份验证,但失败了
我通过Chrome访问站点时的日志类似,但成功登录后,它显示:
[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /index.html, contentlength: -1
[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /index.html, contentlength: -1
。。。从那里开始
IE案例中似乎也存在时间问题。有时,它会成功地从服务器加载一些内容:字体、图像等等,然后突然再次失败。这是不一致的,它在不同的时间停在不同的地方
这是华夫饼虫吗
我的Spring Boot基于Java的配置:
@Configuration
public class WaffleConfig {
@Bean
public WindowsAuthProviderImpl waffleWindowsAuthProvider() {
return new WindowsAuthProviderImpl();
}
@Bean
@Autowired
public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(
final WindowsAuthProviderImpl windowsAuthProvider) {
return new NegotiateSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public BasicSecurityFilterProvider basicSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
return new BasicSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(
final NegotiateSecurityFilterProvider negotiateSecurityFilterProvider,
final BasicSecurityFilterProvider basicSecurityFilterProvider) {
final SecurityFilterProvider[] securityFilterProviders = {
negotiateSecurityFilterProvider,
basicSecurityFilterProvider };
return new SecurityFilterProviderCollection(securityFilterProviders);
}
@Bean
@Autowired
public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(
final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint = new NegotiateSecurityFilterEntryPoint();
negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilterEntryPoint;
}
@Bean
@Autowired
public NegotiateSecurityFilter waffleNegotiateSecurityFilter(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilter;
}
}
以及:
你的情况和我遇到的相似吗?也许;我不确定。您是否看到服务器日志中抛出的异常?当我尝试通过IE(IE11)进行身份验证时,我看到服务器上的华夫格异常:“提供给函数的令牌无效”。但在此异常之前,如果我为华夫格启用调试日志记录,我会看到它已正确验证。似乎模仿了我所看到的,但不幸的是没有解决方案。似乎与Spring Boot有关,或者与使用基于Java的配置和基于XML的配置之间的一些未知差异有关。您可以向我们展示您的安全配置吗?我可以检查一下我的,看看有没有明显的区别。在我的实验室设置中,我的没有给出这样的华夫饼干例外。当然。我添加了相关的配置类。我很想听听你有没有发现什么不同。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig {
@Configuration
public static class ProductionConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)
.httpBasic()
.authenticationEntryPoint(entryPoint);
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("pa").roles("USER");
}
@Autowired
private NegotiateSecurityFilter negotiateSecurityFilter;
@Autowired
private NegotiateSecurityFilterEntryPoint entryPoint;
}
}