Java Spring预验证主体已更改为，并将重新验证_Java_Spring_Spring Security

Java Spring预验证主体已更改为，并将重新验证

java spring spring-security

Java Spring预验证主体已更改为，并将重新验证,java,spring,spring-security,Java,Spring,Spring Security,我正在使用带过滤器的spring security对用户进行身份验证。当多个用户在多线程环境中访问同一服务时，主体已更改并将进行重新身份验证。用户的密码不正确，无法进行身份验证。如何在多线程环境中使用预身份验证使用过滤器进行身份验证 <bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy" >

我正在使用带过滤器的spring security对用户进行身份验证。当多个用户在多线程环境中访问同一服务时，主体已更改并将进行重新身份验证。用户的密码不正确，无法进行身份验证。如何在多线程环境中使用预身份验证

使用过滤器进行身份验证

<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy" >
        <sec:filter-chain-map request-matcher="ant" >
            <sec:filter-chain pattern="/**" filters="requestContextFilter,securityContextFilter,exceptionTranslationFilter,userRoleProcessingFilter" />
        </sec:filter-chain-map>
    </bean>

    <bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>


     <bean id="securityContextFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
         <constructor-arg>
             <bean class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"></bean>
         </constructor-arg>
         <property name="forceEagerSessionCreation" value="false"/>
     </bean>
 <bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter" >                    
        <constructor-arg>
            <bean class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
        </constructor-arg>
    </bean>


        <bean id="userRoleProcessingFilter"
                class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
                <property name="principalRequestHeader" value="CUSTOM_USER" />
                <property name="credentialsRequestHeader" value="CUSTOM_CRED" />
                <property name="authenticationManager" ref="authenticationManager" />
                <property name="continueFilterChainOnUnsuccessfulAuthentication" value="false" />
                <property name="exceptionIfHeaderMissing" value="false"></property>
                <property name="checkForPrincipalChanges" value="true"></property>
        </bean>
         <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager" >
        <constructor-arg>
        <list>
                <ref bean="authenticationProvider"/>
        </list>
        </constructor-arg>
        </bean>

    <bean id="authenticationProvider" class="com.common.authorization.spring.custom.CustomAuthenticationProvider" >
        <property name="preAuthenticatedUserDetailsService">
            <bean class="com.common.authorization.spring.custom.CustomUserDetailsService">
            </bean>
        </property>
    </bean>


    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased" >
        <property name="allowIfAllAbstainDecisions" value="false"/>
        <constructor-arg>
        <list>
            <bean class="org.springframework.security.access.vote.RoleVoter">
                <property name="rolePrefix" value="" />
            </bean>
          </list>
        </constructor-arg>
    </bean>

“我正在使用带过滤器的spring security对用户进行身份验证”-更多信息required@DanielZ. 谢谢你的回复。我添加了applicationContext.xml文件中使用的过滤器部分。