Spring boot 使用基本身份验证和无状态会话的牵引下无效会话
我有一个Grails4(基于SpringBoot)应用程序正在经历零星的故障。在这一点上,我找不到任何东西,甚至无法指出问题所在,希望有人能提供帮助 发生错误的场景是一个应用程序对另一个应用程序进行REST调用。这些都是使用通过基本身份验证提供的通用用户名和密码创建的。在应用程序成功运行后的某个时间点(到目前为止,大多数情况下超过12小时),这些调用开始失败,并出现以下错误:Spring boot 使用基本身份验证和无状态会话的牵引下无效会话,spring-boot,grails,spring-security,undertow,Spring Boot,Grails,Spring Security,Undertow,我有一个Grails4(基于SpringBoot)应用程序正在经历零星的故障。在这一点上,我找不到任何东西,甚至无法指出问题所在,希望有人能提供帮助 发生错误的场景是一个应用程序对另一个应用程序进行REST调用。这些都是使用通过基本身份验证提供的通用用户名和密码创建的。在应用程序成功运行后的某个时间点(到目前为止,大多数情况下超过12小时),这些调用开始失败,并出现以下错误: org.springframework.web.util.NestedServletException: Request
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalStateException: UT000010: Session is invalid XVBnzVaxVhijSIz2xk_Tl5fqsJD9n30ggd_614iF
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:209)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:251)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:186)
at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:501)
at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:427)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:308)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalStateException: UT000010: Session is invalid XVBnzVaxVhijSIz2xk_Tl5fqsJD9n30ggd_614iF
at io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:512)
at io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122)
at org.springframework.web.servlet.support.SessionFlashMapManager.retrieveFlashMaps(SessionFlashMapManager.java:49)
at org.springframework.web.servlet.support.AbstractFlashMapManager.retrieveAndUpdate(AbstractFlashMapManager.java:94)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:934)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
使用来自Postman的相同基本身份验证调用同一端点成功
对于这些呼叫,安全性配置如下:
http
.headers().frameOptions().sameOrigin().and()
.csrf().disable()
.requestMatcher(basicAuthMatcher)
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
我怀疑的部分是堆栈跟踪来自SessionFlashMapManager
。据我所知,不应该举行会议。我当然没有打算使用的
以前有没有人见过这样的错误,或者对如何诊断有什么建议