Web services 调试[FilterSecurityInterceptor]以前经过身份验证_Web Services_Soap_Spring Security_Basic Authentication

Web services 调试[FilterSecurityInterceptor]以前经过身份验证

web-services soap spring-security

Web services 调试[FilterSecurityInterceptor]以前经过身份验证,web-services,soap,spring-security,basic-authentication,Web Services,Soap,Spring Security,Basic Authentication,我正在使用https通道开发一个soap web服务。用户凭据和角色在属性文件中定义 <security:http authentication-manager-ref="basicauthenticationManager" pattern="/webservice" entry-point-ref="basicAuthEntryPoint" access-denied-page="/WEB-INF/views/ws404.html" use-expressions="true">

我正在使用https通道开发一个soap web服务。用户凭据和角色在属性文件中定义

<security:http  authentication-manager-ref="basicauthenticationManager" pattern="/webservice" entry-point-ref="basicAuthEntryPoint" access-denied-page="/WEB-INF/views/ws404.html" use-expressions="true">
    <security:intercept-url pattern="/webservice/*" access="hasAnyRole('ROLE_USER')"  requires-channel="https"/>
    <security:intercept-url pattern="/webservice" access="hasAnyRole('ROLE_USER')" requires-channel="https"/>
    <security:custom-filter ref="basicAuthenticationFilter" after="BASIC_AUTH_FILTER" />
</security:http>

<security:authentication-manager id="basicauthenticationManager">
   <security:authentication-provider >
        <security:user-service properties="classpath:users.properties">             
        </security:user-service>        
   </security:authentication-provider>
</security:authentication-manager>

<security:authentication-manager id="basicauthenticationManager">
   <security:authentication-provider >
        <security:user-service properties="classpath:users.properties">             
        </security:user-service>        
   </security:authentication-provider>
</security:authentication-manager>

当我只调用一次web服务时，我不会得到任何调试错误消息，但当在循环中调用时，会得到以下错误

<security:authentication-manager id="basicauthenticationManager">
   <security:authentication-provider >
        <security:user-service properties="classpath:users.properties">             
        </security:user-service>        
   </security:authentication-provider>
</security:authentication-manager>

错误 11:53:13721调试[FilterSecurityInterceptor]以前经过身份验证：org.springframework.security.authenti 阳离子。AnonymousAuthenticationToken@90556c3e：委托人：匿名用户；凭据：[受保护]；证明…是真实的 d:对；详细信息：org.springframework.security.web.authentication。WebAuthenticationDetails@1de6：RemoteIPAddress ss:10.11.160.39；SessionId:null；授予的权限：角色\u匿名 11:53:13722调试[基于确认]投票者：org.springframework.security.web.access.expression.WebExpressionV oter@19c0b5c，返回：-1 11:53:13723调试[ExceptionTranslationFilter]访问被拒绝（用户是匿名的）；重定向到真实的反渗透入口点 org.springframework.security.access.AccessDeniedException:访问被拒绝位于org.springframework.security.access.vote.AffirmativeBased.decise（AffirmativeBased.java:83）在org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation（抽象 SecurityInterceptor.java:205）

<security:authentication-manager id="basicauthenticationManager">
   <security:authentication-provider >
        <security:user-service properties="classpath:users.properties">             
        </security:user-service>        
   </security:authentication-provider>
</security:authentication-manager>

服务器成功处理请求，如何抑制或避免此调试消息。

如中所述，这不是错误，而是在调试级别记录的

<security:authentication-manager id="basicauthenticationManager">
   <security:authentication-provider >
        <security:user-service properties="classpath:users.properties">             
        </security:user-service>        
   </security:authentication-provider>
</security:authentication-manager>

如果您想抑制它，只需禁用Spring安全包的调试级别日志记录。例如，如果您正在使用logback进行日志记录（如Spring Security示例应用程序中所使用的），请将

DEBUG

更改为

INFO

打开

<security:authentication-manager id="basicauthenticationManager">
   <security:authentication-provider >
        <security:user-service properties="classpath:users.properties">             
        </security:user-service>        
   </security:authentication-provider>
</security:authentication-manager>