Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/spring-mvc/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring mvc Spring java.lang.IllegalStateException:在提交响应后无法创建会话_Spring Mvc_Spring Security_Spring Cloud Netflix - Fatal编程技术网
Fatal编程技术网
  • spring-mvc/
  • Spring mvc Spring java.lang.IllegalStateException:在提交响应后无法创建会话

Spring mvc Spring java.lang.IllegalStateException:在提交响应后无法创建会话

spring-mvc spring-security

Spring mvc Spring java.lang.IllegalStateException:在提交响应后无法创建会话,spring-mvc,spring-security,spring-cloud-netflix,Spring Mvc,Spring Security,Spring Cloud Netflix,我们已经使用spring{boot,security and cloud(Netflix API)}编写了一个web应用程序 在这个web应用程序中,我们通过JWT令牌(参考)解决身份验证和授权的需求 在当前的实现中,我们看到异常“java.lang.IllegalStateException:在提交响应后无法创建会话” 我们也在没有安全配置的情况下进行了测试,在这种情况下,我们可以毫无例外地看到JSP输出 非常感谢,如果我们在这里得到一些专家的意见,以防您看到我们做了任何错误的事情 来自控制台

我们已经使用spring{boot,security and cloud(Netflix API)}编写了一个web应用程序

在这个web应用程序中,我们通过JWT令牌(参考)解决身份验证和授权的需求

在当前的实现中,我们看到异常“java.lang.IllegalStateException:在提交响应后无法创建会话”

我们也在没有安全配置的情况下进行了测试,在这种情况下,我们可以毫无例外地看到JSP输出

非常感谢,如果我们在这里得到一些专家的意见,以防您看到我们做了任何错误的事情

来自控制台的代码片段

subscriptionID : 7abdfcd3-93f4-452f-ae23-9b7dea1762cc
month : 4
year : 2017
2017-07-04 09:02:44.274 ERROR 8996 --- [nio-8010-exec-1] o.a.c.c.C.[.[localhost].[/].[jsp]        : Servlet.service() for servlet [jsp] threw exception
java.lang.IllegalStateException: Cannot create a session after the response has been committed
at org.apache.catalina.connector.Request.doGetSession(Request.java:2998) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.connector.Request.getSession(Request.java:2437) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:896) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:231) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:594) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:539) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:137) ~[tomcat-embed-jasper-8.5.15.jar:8.5.15]
at org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl.java:109) ~[tomcat-embed-jasper-8.5.15.jar:8.5.15]
at org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:60) ~[tomcat-embed-jasper-8.5.15.jar:8.5.15]
at org.apache.jsp.WEB_002dINF.view.jsp.invoice_jsp._jspService(invoice_jsp.java:100) ~[na:na]
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) ~[tomcat-embed-jasper-8.5.15.jar:8.5.15]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:443) ~[tomcat-embed-jasper-8.5.15.jar:8.5.15]
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385) ~[tomcat-embed-jasper-8.5.15.jar:8.5.15]
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329) ~[tomcat-embed-jasper-8.5.15.jar:8.5.15]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at com.ekanna.martmonkey.web.security.filter.JwtAuthenticationFilter.successfulAuthentication(JwtAuthenticationFilter.java:58) [classes/:na]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:240) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:84) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at com.ekanna.martmonkey.web.security.filter.JwtAuthenticationFilter.successfulAuthentication(JwtAuthenticationFilter.java:58) [classes/:na]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:240) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:590) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:524) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:160) [spring-webmvc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:303) [spring-webmvc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1286) [spring-webmvc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1041) [spring-webmvc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:984) [spring-webmvc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) [spring-webmvc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) [spring-webmvc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) [spring-webmvc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) [spring-webmvc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-embed-websocket-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at com.ekanna.martmonkey.web.security.filter.JwtAuthenticationFilter.successfulAuthentication(JwtAuthenticationFilter.java:58) [classes/:na]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:240) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at com.ekanna.martmonkey.web.security.filter.JwtAuthenticationFilter.successfulAuthentication(JwtAuthenticationFilter.java:58) [classes/:na]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:240) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.15.jar:8.5.15]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_111]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.15.jar:8.5.15]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_111]
安全配置

@SuppressWarnings("SpringJavaAutowiringInspection")
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
private JwtAuthenticationProvider jwtAuthenticationProvider;
@Autowired
private AccessDeniedHandler accessDeniedHandler;
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@Bean
public JwtAuthenticationFilter authenticationTokenFilterBean() throws Exception
{
    JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter();
    jwtAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
    return jwtAuthenticationFilter;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
    auth.authenticationProvider(jwtAuthenticationProvider);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
{
    List<AuthenticationProvider> authenticationProviderList = new ArrayList<AuthenticationProvider>();
    authenticationProviderList.add(jwtAuthenticationProvider());
    AuthenticationManager authenticationManager = new ProviderManager(authenticationProviderList);
    return super.authenticationManagerBean();
}
@Bean
public JwtAuthenticationProvider jwtAuthenticationProvider()
{
    JwtAuthenticationProvider jwtAuthenticationProvider = new JwtAuthenticationProvider();
    return jwtAuthenticationProvider;
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception
{
    httpSecurity
            .csrf().disable()
            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
            .accessDeniedHandler(accessDeniedHandler).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests()
            .antMatchers(HttpMethod.GET, "/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js")
            .permitAll().antMatchers("/auth/**").permitAll().anyRequest().authenticated();
    httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
    httpSecurity.headers().cacheControl();
}

@SuppressWarnings(“SpringJavaAutowiringInspection”)
@配置
@启用Web安全性
@EnableGlobalMethodSecurity(Prespenabled=true)
公共类WebSecurityConfig扩展了WebSecurityConfigureAdapter
{
@自动连线
私有JwtAuthenticationProvider JwtAuthenticationProvider;
@自动连线
私有AccessDeniedHandler AccessDeniedHandler;
@自动连线
私有JwtAuthenticationEntryPoint未经授权的处理程序;
@豆子
公共JwtAuthenticationFilter authenticationTokenFilterBean()引发异常
{
JwtAuthenticationFilter JwtAuthenticationFilter=新JwtAuthenticationFilter();
setAuthenticationManager(authenticationManagerBean());
返回jwtAuthenticationFilter;
}
@凌驾
受保护的无效配置(AuthenticationManagerBuilder auth)引发异常
{
authenticationProvider(jwtAuthenticationProvider);
}
@豆子
@凌驾
公共AuthenticationManager authenticationManagerBean()引发异常
{
List authenticationProviderList=新建ArrayList();
添加(jwtAuthenticationProvider());
AuthenticationManager AuthenticationManager=新的ProviderManager(authenticationProviderList);
返回super.authenticationManagerBean();
}
@豆子
公共JwtAuthenticationProvider JwtAuthenticationProvider()
{
JwtAuthenticationProvider JwtAuthenticationProvider=新的JwtAuthenticationProvider();
返回jwtAuthenticationProvider;
}
@凌驾
受保护的无效配置(HttpSecurity HttpSecurity)引发异常
{
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(未经授权的Handler)
.accessDeniedHandler(accessDeniedHandler).和()
.sessionManagement().sessionCreationPolicy(sessionCreationPolicy.STATELESS)和()
.授权请求()
.antMatchers(HttpMethod.GET、“/”、“/*.html”、“/favicon.ico”、“/***.html”、“/***.css”、“/***.js”)
.permitAll().antMatchers(“/auth/**”).permitAll().anyRequest().authenticated();
httpSecurity.addFilterBefore(authenticationTokenFilterBean(),UsernamePasswordAuthenticationFilter.class);
httpSecurity.headers().cacheControl();
}
}

身份验证提供程序

在我们的身份验证提供者中,我们调用远程API来验证JWT令牌。 但出于调查目的,我们已经注释掉了该调用,并假设令牌验证成功

import com.web.security.services.RemoteSecurityAPI;
@Component
public class JwtAuthenticationProvider implements AuthenticationProvider
{
@Autowired
RemoteSecurityAPI remoteSecurityAPI;
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException
{
    final JwtAuthenticationToken jwtToken = (JwtAuthenticationToken) authentication;

    // Call security rest API for validating token.
    //final MyJwtUser jwtUser = remoteSecurityAPI.validateJWTToken(jwtToken.getToken());
    final JwtUser jwtUser = new JwtUser(
            null, "98816123456", "amit", "jain",
            "a@a.com", "123456",
            mapToGrantedAuthorities(), true,
            null
    );
    if (jwtUser != null)
    {
        Collection<? extends GrantedAuthority> authorities = jwtUser.getAuthorities();
        final Authentication auth = new UsernamePasswordAuthenticationToken(jwtUser, null, authorities);
        SecurityContextHolder.getContext().setAuthentication(auth);
        return auth;
    }
    throw new BadCredentialsException("Token is not valid...");
}
private Collection<? extends GrantedAuthority> mapToGrantedAuthorities(
        Collection<? extends GrantedAuthority> authorities
)
{
    List<GrantedAuthority> authority = new ArrayList<GrantedAuthority>();
    Iterator<? extends GrantedAuthority> i = authorities.iterator();
    while (i.hasNext())
    {
        final LinkedHashMap<String, String> name = (LinkedHashMap<String, String>) i.next();
        final SimpleGrantedAuthority simpleAuthority = new SimpleGrantedAuthority(name.get("authority"));
        authority.add(simpleAuthority);
    }
    return authority;
}

private static List<GrantedAuthority> mapToGrantedAuthorities()
{
    List<GrantedAuthority> authority = new ArrayList<GrantedAuthority>();
    authority.add(new SimpleGrantedAuthority("ROLE_USER"));
    authority.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
    return authority;
}
@Override
public boolean supports(Class<?> c)
{
    return true;
}
}

导入com.web.security.services.RemoteSecurityAPI;
@组成部分
公共类JwtAuthenticationProvider实现AuthenticationProvider
{
@自动连线
RemoteSecurityAPI RemoteSecurityAPI;
@凌驾
公共身份验证(最终身份验证)引发AuthenticationException
{
最终JwtAuthenticationToken jwtToken=(JwtAuthenticationToken)身份验证;
//调用安全rest API以验证令牌。
//final MyJwtUser jwtUser=remoteSecurityAPI.validateJWTToken(jwtToken.getToken());
最终JwtUser JwtUser=新JwtUser(
空,“98816123456”、“amit”、“jain”,
"a@a.com", "123456",
mapToGrantedAuthorities(),true,
无效的
);
if(jwtUser!=null)
{

集合我也有类似的问题,并发现
AuthenticationFailureHandler
中的
allowSessionCreation
标志设置为true


@Autowired
public JWTAuthenticationFailureHandler(ObjectMapper mapper) {
    this.mapper = mapper;
    setAllowSessionCreation(false); // This will stop creating session
}



protected JwtAuthenticationFilter build JwtAuthenticationFilter() throws Exception {
    JwtAuthenticationFilter filter = new JwtAuthenticationFilter(matcher, successHandler, failureHandler);
    filter.setAuthenticationManager(this.authenticationManager);
    return filter;
}


查看是否可以在
JwtAuthenticationFilter
中提供成功和失败处理程序


@Autowired
public JWTAuthenticationFailureHandler(ObjectMapper mapper) {
    this.mapper = mapper;
    setAllowSessionCreation(false); // This will stop creating session
}



protected JwtAuthenticationFilter build JwtAuthenticationFilter() throws Exception {
    JwtAuthenticationFilter filter = new JwtAuthenticationFilter(matcher, successHandler, failureHandler);
    filter.setAuthenticationManager(this.authenticationManager);
    return filter;
}


然后设置这些处理器


public JwtAuthenticationFilter(String defaultProcessUrl, AuthenticationSuccessHandler successHandler,
                                  AuthenticationFailureHandler failureHandler) {
    super(defaultProcessUrl);
    setAuthenticationSuccessHandler(successHandler); // Respond as 200, instead of 302
    setAuthenticationFailureHandler(failureHandler); // Respond as 401
}



我也有类似的问题,发现
AuthenticationFailureHandler
中的
allowSessionCreation
标志设置为true


@Autowired
public JWTAuthenticationFailureHandler(ObjectMapper mapper) {
    this.mapper = mapper;
    setAllowSessionCreation(false); // This will stop creating session
}



protected JwtAuthenticationFilter build JwtAuthenticationFilter() throws Exception {
    JwtAuthenticationFilter filter = new JwtAuthenticationFilter(matcher, successHandler, failureHandler);
    filter.setAuthenticationManager(this.authenticationManager);
    return filter;
}


查看是否可以在
JwtAuthenticationFilter
中提供成功和失败处理程序


@Autowired
public JWTAuthenticationFailureHandler(ObjectMapper mapper) {
    this.mapper = mapper;
    setAllowSessionCreation(false); // This will stop creating session
}



protected JwtAuthenticationFilter build JwtAuthenticationFilter() throws Exception {
    JwtAuthenticationFilter filter = new JwtAuthenticationFilter(matcher, successHandler, failureHandler);
    filter.setAuthenticationManager(this.authenticationManager);
    return filter;
}


然后设置这些处理器


public JwtAuthenticationFilter(String defaultProcessUrl, AuthenticationSuccessHandler successHandler,
                                  AuthenticationFailureHandler failureHandler) {
    super(defaultProcessUrl);
    setAuthenticationSuccessHandler(successHandler); // Respond as 200, instead of 302
    setAuthenticationFailureHandler(failureHandler); // Respond as 401
}



在异常日志片段中,如果我们看到自定义筛选器JwtAuthenticationFilter有多次调用,我们尝试使用rest流,但也失败了,错误为@RestController公共类InvoiceRestController{@RequestMapping(value=“/invoiceRest”,method=RequestMethod.GET)公共字符串invoiceRest(){return“invoice rest”;}}在调试日志中,我们可以看到两次调用请求的路径不同:o.s.web.servlet.DispatcherServlet:DispatcherServlet,名称为'DispatcherServlet',处理[/invoicesrest]的GET请求,DispatcherServlet,名称为'DispatcherServlet'处理[/]的GET请求在异常日志片段中,如果我们看到自定义筛选器JwtAuthenticationFilter有多次调用,我们尝试使用rest流,但也失败了,错误为@RestController公共类InvoiceRestController{@RequestMapping(value=“/invoiceRest”,method=RequestMethod.GET)公共字符串invoiceRest(){return“invoice rest”;}}在调试日志中,我们可以看到两次调用请求的路径不同:o.s.web.servlet.DispatcherServlet:DispatcherServlet,名称为'DispatcherServlet',处理[/invoicesrest]的GET请求,DispatcherServlet,名称为'DispatcherServlet'处理[/]的GET请求