Spring security Spring安全登录/注销问题
我已经编写了自定义UserDetails服务来验证数据库中的用户。第一次它工作正常,但当同一用户在第二次注销后尝试登录时,它给出了错误。我的应用程序基于 Spring3.1,Tomcat7上的SpringSecurity与漂亮面孔Spring security Spring安全登录/注销问题,spring-security,Spring Security,我已经编写了自定义UserDetails服务来验证数据库中的用户。第一次它工作正常,但当同一用户在第二次注销后尝试登录时,它给出了错误。我的应用程序基于 Spring3.1,Tomcat7上的SpringSecurity与漂亮面孔 org.springframework.security.authentication.BadCredentialsException: Bad credentials 以下是我的配置详细信息web.xml <?xml version="1.0" encodi
org.springframework.security.authentication.BadCredentialsException: Bad credentials
以下是我的配置详细信息web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5" metadata-complete="true">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/application-context.xml,
/WEB-INF/spring/application-context-security.xml
</param-value>
</context-param>
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>redmond</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/application-context.xml,
/WEB-INF/spring/application-context-security.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/jcsb</url-pattern>
</servlet-mapping>
<!-- Pretty Face -->
<filter>
<filter-name>Pretty Filter</filter-name>
<filter-class>com.ocpsoft.pretty.PrettyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Pretty Filter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>true</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<error-page>
<exception-type>org.springframework.security.access.AccessDeniedException</exception-type>
<location>/login.xhtml</location>
</error-page>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/index.html</location>
</error-page>
从Spring 3.1开始,通常会导致一些问题。我通过关闭上述功能解决了这个问题
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="eraseCredentialsAfterAuthentication" value="false"/>
</bean>
如果您使用的是名称空间,则可以使用
<authentication-manager erase-credentials="false">
从Spring 3.1开始,通常会导致一些问题。我通过关闭上述功能解决了这个问题
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="eraseCredentialsAfterAuthentication" value="false"/>
</bean>
如果您使用的是名称空间,则可以使用
<authentication-manager erase-credentials="false">
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="eraseCredentialsAfterAuthentication" value="false"/>
</bean>
<authentication-manager erase-credentials="false">