Fatal编程技术网
  • spring-security/
  • Spring security 身份验证失败spring security wildfly

Spring security 身份验证失败spring security wildfly

spring-security

Spring security 身份验证失败spring security wildfly,spring-security,wildfly,Spring Security,Wildfly,我正在尝试将我的spring应用程序从tomcat迁移到wildfly。我不能再登录了。最初成功的身份验证似乎丢失或被过度写入,然后创建了一个匿名会话 spring security:4.0.1.0版本 wildfly 8.2.0 我被卡住了,想不出来。如有任何帮助或建议,将不胜感激 谢谢 以下是日志摘录: 成功的身份验证: 17:13:43,182 FINE [org.springframework.security.web.authentication.UsernamePasswordAu

我正在尝试将我的spring应用程序从tomcat迁移到wildfly。我不能再登录了。最初成功的身份验证似乎丢失或被过度写入,然后创建了一个匿名会话

spring security:4.0.1.0版本 wildfly 8.2.0

我被卡住了,想不出来。如有任何帮助或建议,将不胜感激

谢谢

以下是日志摘录:

成功的身份验证:

17:13:43,182 FINE  [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] (default task-6) Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fc115a3: Principal: myapp.springSupport.AccountUser@bb94ce99: Username: test1976; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_sysadmin,user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_sysadmin, user
17:13:43,183 FINE  [org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler] (default task-6) Using default Url: /
17:13:43,183 FINE  [org.springframework.security.web.DefaultRedirectStrategy] (default task-6) Redirecting to '/myapp/'
17:13:43,183 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-6) HttpSession being created as SecurityContext is non-default
17:13:43,184 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-6) SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@fc115a3: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fc115a3: Principal: myapp.springSupport.AccountUser@bb94ce99: Username: test1976; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_sysadmin,user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_sysadmin, user' stored to HttpSession: 'io.undertow.servlet.spec.HttpSessionImpl@725caa25
17:13:43,186 FINE  [org.springframework.security.web.context.SecurityContextPersistenceFilter] (default task-6) SecurityContextHolder now cleared, as request processing completed
17:13:43,202 FINE  [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
17:13:43,202 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) No HttpSession currently exists
17:13:43,202 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) No SecurityContext was available from the HttpSession: null. A new one will be created.
以下是创建匿名会话的位置:

17:13:43,205 FINE  [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] (default task-9) Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
17:13:43,205 FINE  [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
17:13:43,205 FINE  [org.springframework.security.web.session.SessionManagementFilter] (default task-9) Requested session ID 4B9EACEB7190B99CC7A1E248D8E4495B is invalid.
17:13:43,205 FINE  [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
17:13:43,206 FINE  [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
17:13:43,206 FINE  [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (default task-9) Checking match of request : '/index.jsp'; against '/srv/private/**'
17:13:43,206 FINE  [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] (default task-9) Public object - authentication not attempted
17:13:43,206 FINE  [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp reached end of additional filter chain; proceeding with original chain
17:13:43,207 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
17:13:43,207 FINE  [org.springframework.security.web.access.ExceptionTranslationFilter] (default task-9) Chain processed normally
17:13:43,207 FINE  [org.springframework.security.web.context.SecurityContextPersistenceFilter] (default task-9) SecurityContextHolder now cleared, as request processing completed
17:13:43,211 FINE  [org.springframework.security.web.FilterChainProxy] (default task-12) /srv/home at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
17:13:43,211 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-12) No HttpSession currently exists
17:13:43,211 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-12) No SecurityContext was available from the HttpSession: null. A new one will be created.
我的spring安全配置:

<security:http auto-config="true"> 
    <security:intercept-url pattern="/srv/private/**"
        access="hasAuthority('user')"/>
    <!-- enable csrf protection -->
    <security:csrf disabled="true"/> 
</security:http>
哦,我觉得有点像把手上的东西

事实证明,当我使用chrome而不是firefox时,我不会遇到这个问题

Firefox正在破坏JSSessionID

这是因为我一直忙于升级我的ubuntu,而我使用的是非常过时的firefox浏览器

我说过我感觉自己像个旋钮吗