Fatal编程技术网
  • java/
  • Java Spring Security Ajax登录在以下请求中成功验证空

Java Spring Security Ajax登录在以下请求中成功验证空

java ajax spring rest spring-security

Java Spring Security Ajax登录在以下请求中成功验证空,java,ajax,spring,rest,spring-security,Java,Ajax,Spring,Rest,Spring Security,我们有一个很奇怪的问题。我们有一个1页的ajax应用程序(就像gmail一样),它使用和ajax身份验证。在正常情况下,它工作得很好。但是,我们注意到,您尝试登录时,对服务器的其他请求仍处于打开和运行状态。登录尝试成功,但当您再次调用服务器获取与用户相关的内容时,对象从会话中出来的身份验证为空 正如我所说,在尝试登录之前,当连接打开并运行时,总是会发生这种情况。如果登录是在一切正常工作时发生的唯一请求 下面是spring-security.xml <beans xmlns="http://

我们有一个很奇怪的问题。我们有一个1页的ajax应用程序(就像gmail一样),它使用和ajax身份验证。在正常情况下,它工作得很好。但是,我们注意到,您尝试登录时,对服务器的其他请求仍处于打开和运行状态。登录尝试成功,但当您再次调用服务器获取与用户相关的内容时,对象从会话中出来的身份验证为空

正如我所说,在尝试登录之前,当连接打开并运行时,总是会发生这种情况。如果登录是在一切正常工作时发生的唯一请求

下面是spring-security.xml

<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:c="http://www.springframework.org/schema/c"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd" default-lazy-init="true">

    <context:component-scan base-package="com.myProject"/> <!-- need this? -->

    <security:global-method-security secured-annotations="enabled" />

    <security:http pattern="/css/**" security="none" />
    <security:http pattern="/js/**" security="none" />
    <security:http pattern="/tmpl/**" security="none" />

    <security:http pattern="/**" use-expressions="true" entry-point-ref="authenticationEntryPoint">
        <security:custom-filter before="FORM_LOGIN_FILTER" ref="legacyAuthenticationProcessingFilter" /> 
        <security:custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/>
        <security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
        <security:custom-filter before="LOGOUT_FILTER" ref="legacyLogoutFilter" /> 
        <security:remember-me services-ref="#{applicationProperties['security.rememberMeServices']}" />
    </security:http>

    <security:authentication-manager alias="authenticationManager" erase-credentials="false">
        <security:authentication-provider ref="activeDirectoryAuthenticationProvider" />
        <security:authentication-provider ref="singleLogonAuthenticationProvider" />
        <security:authentication-provider ref="serviceAuthenticationProvider" />
        <security:authentication-provider ref="rememberMeAuthenticationProvider" />
    </security:authentication-manager>

    <!-- single logon remember me -->
    <bean id="singleLogonRememberMeServices" class="com.myProject.security.singlelogon.SingleLogonRememberMeServices" c:userDetailsService-ref="userDao" c:key="#{applicationProperties['security.rememberMeServices.key']}" p:parameter="rememberMe" />

    <!-- 'regular' remember me -->
    <bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices" c:userDetailsService-ref="userDao" c:key="#{applicationProperties['security.rememberMeServices.key']}" p:parameter="rememberMe" />

    <bean id="activeDirectoryAuthenticationProvider" class="com.myProject.security.activedirectory.ActiveDirectoryAuthenticationProvider" />
    <bean id="singleLogonAuthenticationProvider" class="com.myProject.security.singlelogon.SingleLogonAuthenticationProvider" />
    <bean id="serviceAuthenticationProvider" class="com.myProject.security.ServiceAuthenticationProvider" />
    <bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider" p:key="#{applicationProperties['security.rememberMeServices.key']}" />

    <!-- custom authentication processing filter that accepts json credentials -->  
    <bean id="authenticationProcessingFilter" class="com.myProject.security.AuthenticationProcessingFilter">
        <constructor-arg value="/login" />
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="rememberMeServices" ref="#{applicationProperties['security.rememberMeServices']}" />
        <property name="authenticationSuccessHandler"><bean class="com.myProject.security.AuthenticationSuccessHandler" /></property>
        <property name="authenticationFailureHandler"><bean class="com.myProject.security.AuthenticationFailureHandler" /></property>
    </bean>

    <!-- dummy implementation supplied to satisfy spring-security -->   
    <bean id="authenticationEntryPoint" class="com.myProject.security.AuthenticationEntryPoint" />

    <bean id="logoutSuccessHandler" class="com.myProject.security.LogoutSuccessHandler" />

    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />

    <!-- used by AuthenticationSuccess/FailureHandlers -->
    <bean class="org.codehaus.jackson.map.ObjectMapper" />

    <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize" value="100000000"/>
    </bean>



    <bean id="legacyAuthenticationProcessingFilter" class="com.myProject.security.LegacyAuthenticationProcessingFilter">
        <constructor-arg value="/j_security_check" />
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="authenticationSuccessHandler"><bean class="com.myProject.security.AuthenticationSuccessHandler" /></property>
        <property name="authenticationFailureHandler"><bean class="com.myProject.security.AuthenticationFailureHandler" /></property>
    </bean>

    <bean id="legacyLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
        <constructor-arg ref="logoutSuccessHandler" />
        <constructor-arg><bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /></constructor-arg>
        <property name="filterProcessesUrl" value="/Logout.html"></property>
    </bean>


</beans>
更新

日志附在下面作为另一个答案,因为它太长,无法放在这里。我们在开始时调用sleep来模拟另一个正在处理的ajax请求的行为。我们能够通过在启动登录之前发出此请求,每次都复制此登录错误。下面是应用程序流程的简要概述

/睡眠/15000

/blank-这是一个post请求,专门触发浏览器保存密码,因为它是一个ajax请求

/登录-实际登录脚本

/isauthenticated-检查用户是否实际登录(特定于应用程序)

/帐户/摘要-获取用户摘要(特定于应用程序)

/currentuser-获取当前用户(特定于应用程序)

/然后,sleep/1500将结束并清除会话。

[应用程序启动]

[application start]
[myapp] 04 Jun 2013 16:22:51,474 | INFO [main] SpringSecurityCoreVersion.<clinit>(33) | You are running with Spring Security Core 3.1.4.RELEASE
[myapp] 04 Jun 2013 16:22:51,478 | INFO [main] SecurityNamespaceHandler.<init>(59) | Spring Security 'config' module version is 3.1.4.RELEASE


[/sleep/15000] START
[myapp] 04 Jun 2013 16:27:00,767 | DEBUG [494291573@qtp-1995218271-0] AntPathRequestMatcher.matches(116) | Checking match of request : '/sleep/15000'; against '/css/**'
[myapp] 04 Jun 2013 16:27:00,780 | DEBUG [494291573@qtp-1995218271-0] AntPathRequestMatcher.matches(116) | Checking match of request : '/sleep/15000'; against '/js/**'
[myapp] 04 Jun 2013 16:27:00,781 | DEBUG [494291573@qtp-1995218271-0] AntPathRequestMatcher.matches(116) | Checking match of request : '/sleep/15000'; against '/tmpl/**'
[myapp] 04 Jun 2013 16:27:00,782 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[myapp] 04 Jun 2013 16:27:00,782 | DEBUG [494291573@qtp-1995218271-0] HttpSessionSecurityContextRepository.readSecurityContextFromSession(139) | HttpSession returned null object for SPRING_SECURITY_CONTEXT
[myapp] 04 Jun 2013 16:27:00,783 | DEBUG [494291573@qtp-1995218271-0] HttpSessionSecurityContextRepository.loadContext(85) | No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:1tqlu01iu4prct7j4tsirpkhx@863190940. A new one will be created.
[myapp] 04 Jun 2013 16:27:00,783 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/150000 at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myapp] 04 Jun 2013 16:27:00,783 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myapp] 04 Jun 2013 16:27:00,783 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 4 of 12 in additional filter chain; firing Filter: 'LegacyAuthenticationProcessingFilter'
[myapp] 04 Jun 2013 16:27:00,784 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 5 of 12 in additional filter chain; firing Filter: 'AuthenticationProcessingFilter'
[myapp] 04 Jun 2013 16:27:00,784 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 6 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[myapp] 04 Jun 2013 16:27:00,784 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 7 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[myapp] 04 Jun 2013 16:27:00,785 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 8 of 12 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
[myapp] 04 Jun 2013 16:27:00,785 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[myapp] 04 Jun 2013 16:27:00,786 | DEBUG [494291573@qtp-1995218271-0] AnonymousAuthenticationFilter.doFilter(102) | Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90545b24: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: ROLE_ANONYMOUS'
[myapp] 04 Jun 2013 16:27:00,787 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
[myapp] 04 Jun 2013 16:27:00,787 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[myapp] 04 Jun 2013 16:27:00,787 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(337) | /sleep/15000 at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[myapp] 04 Jun 2013 16:27:00,788 | DEBUG [494291573@qtp-1995218271-0] FilterSecurityInterceptor.beforeInvocation(185) | Public object - authentication not attempted
[myapp] 04 Jun 2013 16:27:00,788 | DEBUG [494291573@qtp-1995218271-0] FilterChainProxy.doFilter(323) | /sleep/15000 reached end of additional filter chain; proceeding with original chain


[/BLANK] START
[myApp] 04 Jun 2013 16:27:05,937 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/blank'; against '/css/**'
[myApp] 04 Jun 2013 16:27:05,937 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/blank'; against '/js/**'
[myApp] 04 Jun 2013 16:27:05,938 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/blank'; against '/tmpl/**'
[myApp] 04 Jun 2013 16:27:05,938 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[myApp] 04 Jun 2013 16:27:05,939 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.readSecurityContextFromSession(139) | HttpSession returned null object for SPRING_SECURITY_CONTEXT
[myApp] 04 Jun 2013 16:27:05,940 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.loadContext(85) | No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:1tqlu01iu4prct7j4tsirpkhx@863190940. A new one will be created.
[myApp] 04 Jun 2013 16:27:05,941 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:05,942 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:05,943 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 4 of 12 in additional filter chain; firing Filter: 'LegacyAuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:05,944 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 5 of 12 in additional filter chain; firing Filter: 'AuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:05,945 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 6 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[myApp] 04 Jun 2013 16:27:05,945 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 7 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[myApp] 04 Jun 2013 16:27:05,945 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 8 of 12 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:05,946 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:05,946 | DEBUG [319749910@qtp-1995218271-4] AnonymousAuthenticationFilter.doFilter(102) | Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90545b24: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: ROLE_ANONYMOUS'
[myApp] 04 Jun 2013 16:27:05,947 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
[myApp] 04 Jun 2013 16:27:05,947 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[myApp] 04 Jun 2013 16:27:05,947 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /blank at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[myApp] 04 Jun 2013 16:27:05,948 | DEBUG [319749910@qtp-1995218271-4] FilterSecurityInterceptor.beforeInvocation(185) | Public object - authentication not attempted
[myApp] 04 Jun 2013 16:27:05,948 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(323) | /blank reached end of additional filter chain; proceeding with original chain
[myApp] 04 Jun 2013 16:27:06,160 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.saveContext(269) | SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[myApp] 04 Jun 2013 16:27:06,162 | DEBUG [319749910@qtp-1995218271-4] ExceptionTranslationFilter.doFilter(115) | Chain processed normally
[myApp] 04 Jun 2013 16:27:06,162 | DEBUG [319749910@qtp-1995218271-4] SecurityContextPersistenceFilter.doFilter(97) | SecurityContextHolder now cleared, as request processing completed

[/LOGIN] START
[myApp] 04 Jun 2013 16:27:06,195 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/login'; against '/css/**'
[myApp] 04 Jun 2013 16:27:06,196 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/login'; against '/js/**'
[myApp] 04 Jun 2013 16:27:06,197 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/login'; against '/tmpl/**'
[myApp] 04 Jun 2013 16:27:06,198 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /login?_=1370377626193 at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[myApp] 04 Jun 2013 16:27:06,271 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.readSecurityContextFromSession(139) | HttpSession returned null object for SPRING_SECURITY_CONTEXT
[myApp] 04 Jun 2013 16:27:06,272 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.loadContext(85) | No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:1tqlu01iu4prct7j4tsirpkhx@863190940. A new one will be created.
[myApp] 04 Jun 2013 16:27:06,272 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /login?_=1370377626193 at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:06,272 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /login?_=1370377626193 at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:06,273 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /login?_=1370377626193 at position 4 of 12 in additional filter chain; firing Filter: 'LegacyAuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:06,273 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /login?_=1370377626193 at position 5 of 12 in additional filter chain; firing Filter: 'AuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:06,293 | DEBUG [319749910@qtp-1995218271-4] ProviderManager.authenticate(152) | Authentication attempt using com.myproject.security.activedirectory.ActiveDirectoryAuthenticationProvider
[myApp] 04 Jun 2013 16:27:06,323 | DEBUG [319749910@qtp-1995218271-4] DefaultSpringSecurityContextSource.setupEnvironment(76) | Removing pooling flag for user admin@myproject.com
[myApp] 04 Jun 2013 16:27:06,500 | DEBUG [319749910@qtp-1995218271-4] ProviderManager.authenticate(152) | Authentication attempt using com.sun.proxy.$Proxy194
[myApp] 04 Jun 2013 16:27:06,503 | DEBUG [319749910@qtp-1995218271-4] ProviderManager.authenticate(152) | Authentication attempt using com.sun.proxy.$Proxy194
[myApp] 04 Jun 2013 16:27:11,513 | DEBUG [319749910@qtp-1995218271-4] TokenBasedRememberMeServices.rememberMeRequested(296) | Did not send remember-me cookie (principal did not set parameter 'rememberMe')
[myApp] 04 Jun 2013 16:27:11,514 | DEBUG [319749910@qtp-1995218271-4] TokenBasedRememberMeServices.loginSuccess(254) | Remember-me login not requested.
[myApp] 04 Jun 2013 16:27:11,531 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.saveContext(292) | SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@509b64dc: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,532 | DEBUG [319749910@qtp-1995218271-4] SecurityContextPersistenceFilter.doFilter(97) | SecurityContextHolder now cleared, as request processing completed


[/isauthenticated] START
[myApp] 04 Jun 2013 16:27:11,539 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/isauthenticated'; against '/css/**'
[myApp] 04 Jun 2013 16:27:11,540 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/isauthenticated'; against '/js/**'
[myApp] 04 Jun 2013 16:27:11,540 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/isauthenticated'; against '/tmpl/**'
[myApp] 04 Jun 2013 16:27:11,540 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[myApp] 04 Jun 2013 16:27:11,541 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.readSecurityContextFromSession(158) | Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@509b64dc: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,541 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:11,542 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:11,542 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 4 of 12 in additional filter chain; firing Filter: 'LegacyAuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:11,542 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 5 of 12 in additional filter chain; firing Filter: 'AuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:11,542 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 6 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[myApp] 04 Jun 2013 16:27:11,543 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 7 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[myApp] 04 Jun 2013 16:27:11,543 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 8 of 12 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:11,543 | DEBUG [319749910@qtp-1995218271-4] RememberMeAuthenticationFilter.doFilter(142) | SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,544 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:11,544 | DEBUG [319749910@qtp-1995218271-4] AnonymousAuthenticationFilter.doFilter(107) | SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,545 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
[myApp] 04 Jun 2013 16:27:11,545 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[myApp] 04 Jun 2013 16:27:11,545 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /isAuthenticated?_=1370377631538 at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[myApp] 04 Jun 2013 16:27:11,546 | DEBUG [319749910@qtp-1995218271-4] FilterSecurityInterceptor.beforeInvocation(185) | Public object - authentication not attempted
[myApp] 04 Jun 2013 16:27:11,546 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(323) | /isAuthenticated?_=1370377631538 reached end of additional filter chain; proceeding with original chain
[myApp] 04 Jun 2013 16:27:11,573 | DEBUG [319749910@qtp-1995218271-4] ExceptionTranslationFilter.doFilter(115) | Chain processed normally
[myApp] 04 Jun 2013 16:27:11,574 | DEBUG [319749910@qtp-1995218271-4] SecurityContextPersistenceFilter.doFilter(97) | SecurityContextHolder now cleared, as request processing completed

[/account/summary] START
[removing this to save space, its redundant ]

[/currentuser] START
[myApp] 04 Jun 2013 16:27:11,949 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/currentuser'; against '/css/**'
[myApp] 04 Jun 2013 16:27:11,950 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/currentuser'; against '/js/**'
[myApp] 04 Jun 2013 16:27:11,950 | DEBUG [319749910@qtp-1995218271-4] AntPathRequestMatcher.matches(116) | Checking match of request : '/currentuser'; against '/tmpl/**'
[myApp] 04 Jun 2013 16:27:11,950 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[myApp] 04 Jun 2013 16:27:11,950 | DEBUG [319749910@qtp-1995218271-4] HttpSessionSecurityContextRepository.readSecurityContextFromSession(158) | Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@509b64dc: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,951 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:11,951 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
[myApp] 04 Jun 2013 16:27:11,951 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 4 of 12 in additional filter chain; firing Filter: 'LegacyAuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:11,951 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 5 of 12 in additional filter chain; firing Filter: 'AuthenticationProcessingFilter'
[myApp] 04 Jun 2013 16:27:11,952 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 6 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[myApp] 04 Jun 2013 16:27:11,952 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 7 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[myApp] 04 Jun 2013 16:27:11,952 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 8 of 12 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:11,953 | DEBUG [319749910@qtp-1995218271-4] RememberMeAuthenticationFilter.doFilter(142) | SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,953 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[myApp] 04 Jun 2013 16:27:11,953 | DEBUG [319749910@qtp-1995218271-4] AnonymousAuthenticationFilter.doFilter(107) | SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@509b64dc: Principal: User[username=admin,enabled=true,accountExpired=false,credentialsExpired=false,accountLocked=false,Granted Authorities: Role(name=ROLE_ADMIN), Role(name=ROLE_USER)]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 1tqlu01iu4prct7j4tsirpkhx; Granted Authorities: Role(name=ROLE_CONFIG_ADMIN_ADMIN), Role(name=ROLE_USER)'
[myApp] 04 Jun 2013 16:27:11,954 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
[myApp] 04 Jun 2013 16:27:11,954 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[myApp] 04 Jun 2013 16:27:11,954 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(337) | /currentUser?_=1370377631948 at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[myApp] 04 Jun 2013 16:27:11,954 | DEBUG [319749910@qtp-1995218271-4] FilterSecurityInterceptor.beforeInvocation(185) | Public object - authentication not attempted
[myApp] 04 Jun 2013 16:27:11,955 | DEBUG [319749910@qtp-1995218271-4] FilterChainProxy.doFilter(323) | /currentUser?_=1370377631948 reached end of additional filter chain; proceeding with original chain
[myApp] 04 Jun 2013 16:27:12,016 | DEBUG [319749910@qtp-1995218271-4] ExceptionTranslationFilter.doFilter(115) | Chain processed normally
[myApp] 04 Jun 2013 16:27:12,018 | DEBUG [319749910@qtp-1995218271-4] SecurityContextPersistenceFilter.doFilter(97) | SecurityContextHolder now cleared, as request processing completed
















[myApp] 04 Jun 2013 16:27:15,822 | DEBUG [494291573@qtp-1995218271-0] HttpSessionSecurityContextRepository.saveContext(269) | SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[myApp] 04 Jun 2013 16:27:15,823 | DEBUG [494291573@qtp-1995218271-0] HttpSessionSecurityContextRepository.saveContext(269) | SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[myApp] 04 Jun 2013 16:27:15,824 | DEBUG [494291573@qtp-1995218271-0] ExceptionTranslationFilter.doFilter(115) | Chain processed normally
[myApp] 04 Jun 2013 16:27:15,825 | DEBUG [494291573@qtp-1995218271-0] SecurityContextPersistenceFilter.doFilter(97) | SecurityContextHolder now cleared, as request processing completed


[myapp]04 Jun 2013 16:22:51474 |信息[main]SpringSecurityCoreVersion.(33)|您正在运行SpringSecurity核心3.1.4.0版本
[myapp]04 Jun 2013 16:22:51478 | INFO[main]SecurityNamespaceHandler.(59)| Spring安全“配置”模块版本为3.1.4.0版本
[/sleep/15000]开始
[myapp]2013年6月4日16:27:00767 |调试[494291573@qtp-1995218271-0]AntPathRequestMatcher.matches(116)|检查请求的匹配:'/sleep/15000';反对“/css/**”
[myapp]2013年6月4日16:27:00780 |调试[494291573@qtp-1995218271-0]AntPathRequestMatcher.matches(116)|检查请求的匹配:'/sleep/15000';针对“/js/**”
[myapp]2013年6月4日16:27:00781 |调试[494291573@qtp-1995218271-0]AntPathRequestMatcher.matches(116)|检查请求的匹配:'/sleep/15000';针对“/tmpl/**”
[myapp]2013年6月4日16:27:00782 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/sleep/15000位于附加过滤链中12个位置中的第1个位置;正在启动筛选器:“SecurityContextPersistenceFilter”
[myapp]2013年6月4日16:27:00782 |调试[494291573@qtp-1995218271-0]HttpSessionSecurityContextRepository.readSecurityContextFromSession(139)| HttpSession为SPRING_SECURITY_上下文返回空对象
[myapp]2013年6月4日16:27:00783 |调试[494291573@qtp-1995218271-0]HttpSessionSecurityContextRepository.loadContext(85)| HttpSession中没有可用的SecurityContext:org.mortbay.jetty.servlet.HashSessionManager$会话:1tqlu01iu4prct7j4tsirpkhx@863190940. 将创建一个新的。
[myapp]2013年6月4日16:27:00783 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/sleep/150000位于附加过滤器链中12个位置中的第2个位置;正在启动筛选器:“注销筛选器”
[myapp]2013年6月4日16:27:00783 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/sleep/15000位于附加过滤链中12个位置的第3处;正在启动筛选器:“注销筛选器”
[myapp]2013年6月4日16:27:00783 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/sleep/15000位于附加过滤链中12个位置的第4处;正在启动筛选器:“LegacyAuthenticationProcessingFilter”
[myapp]2013年6月4日16:27:00784 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/sleep/15000位于附加过滤链中12个位置的第5处;正在启动筛选器:“AuthenticationProcessingFilter”
[myapp]2013年6月4日16:27:00784 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/sleep/15000位于附加过滤链中12个位置中的第6个位置;正在启动筛选器:“RequestCacheAwarRefilter”
[myapp]2013年6月4日16:27:00784 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/sleep/15000位于附加过滤链中12个位置中的第7个位置;正在启动筛选器:“SecurityContextHolderAwareRequestFilter”
[myapp]2013年6月4日16:27:00785 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/sleep/15000位于附加过滤链中12的位置8处;正在启动筛选器:“RememberMeAuthenticationFilter”
[myapp]2013年6月4日16:27:00785 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/sleep/15000位于附加过滤链中12个位置的9处;正在启动筛选器:“匿名身份验证筛选器”
[myapp]2013年6月4日16:27:00786 |调试[494291573@qtp-1995218271-0]AnonymousAuthenticationFilter.doFilter(102)|使用匿名令牌填充SecurityContextHolder:'org.springframework.security.authentication。AnonymousAuthenticationToken@90545b24:委托人:匿名用户;凭据:[受保护];认证:正确;详细信息:org.springframework.security.web.authentication。WebAuthenticationDetails@12afc:RemoteIP地址:127.0.0.1;会话ID:1tqlu01iu4prct7j4tsirpkhx;授予的权限:角色\u匿名'
[myapp]2013年6月4日16:27:00787 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/sleep/15000位于附加过滤链中12个位置的10处;正在启动筛选器:“SessionManagementFilter”
[myapp]2013年6月4日16:27:00787 |调试[494291573@qtp-1995218271-0]FilterChainProxy.doFilter(337)|/s