Java Spring预验证主体已更改为,并将重新验证
我正在使用带过滤器的spring security对用户进行身份验证。当多个用户在多线程环境中访问同一服务时,主体已更改并将进行重新身份验证。用户的密码不正确,无法进行身份验证。 如何在多线程环境中使用预身份验证 使用过滤器进行身份验证Java Spring预验证主体已更改为,并将重新验证,java,spring,spring-security,Java,Spring,Spring Security,我正在使用带过滤器的spring security对用户进行身份验证。当多个用户在多线程环境中访问同一服务时,主体已更改并将进行重新身份验证。用户的密码不正确,无法进行身份验证。 如何在多线程环境中使用预身份验证 使用过滤器进行身份验证 <bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy" >
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy" >
<sec:filter-chain-map request-matcher="ant" >
<sec:filter-chain pattern="/**" filters="requestContextFilter,securityContextFilter,exceptionTranslationFilter,userRoleProcessingFilter" />
</sec:filter-chain-map>
</bean>
<bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>
<bean id="securityContextFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<constructor-arg>
<bean class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"></bean>
</constructor-arg>
<property name="forceEagerSessionCreation" value="false"/>
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter" >
<constructor-arg>
<bean class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
</constructor-arg>
</bean>
<bean id="userRoleProcessingFilter"
class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<property name="principalRequestHeader" value="CUSTOM_USER" />
<property name="credentialsRequestHeader" value="CUSTOM_CRED" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="continueFilterChainOnUnsuccessfulAuthentication" value="false" />
<property name="exceptionIfHeaderMissing" value="false"></property>
<property name="checkForPrincipalChanges" value="true"></property>
</bean>
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager" >
<constructor-arg>
<list>
<ref bean="authenticationProvider"/>
</list>
</constructor-arg>
</bean>
<bean id="authenticationProvider" class="com.common.authorization.spring.custom.CustomAuthenticationProvider" >
<property name="preAuthenticatedUserDetailsService">
<bean class="com.common.authorization.spring.custom.CustomUserDetailsService">
</bean>
</property>
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased" >
<property name="allowIfAllAbstainDecisions" value="false"/>
<constructor-arg>
<list>
<bean class="org.springframework.security.access.vote.RoleVoter">
<property name="rolePrefix" value="" />
</bean>
</list>
</constructor-arg>
</bean>
“我正在使用带过滤器的spring security对用户进行身份验证”-更多信息required@DanielZ. 谢谢你的回复。我添加了applicationContext.xml文件中使用的过滤器部分。