5

spring security 3.1.4 でセキュリティ同時実行セッションを使用しようとしています。しかし、それは機能していません。理由がわかりません。Tomcat https は http 要求をリダイレクトするように構成されていますが、実際の問題で役割を果たしているかどうかはわかりません。

これについて手を貸してもらえますか?

ありがとう。

これは私の春のセキュリティ xml です。

 <security:http auto-config="true" use-expressions="true" disable-url-rewriting="true">
     <security:intercept-url pattern="/Loginsucess*" access="isAuthenticated()"  />
     <security:intercept-url pattern="/Login" access="hasRole('ROLE_ANONYMOUS')" />   
     <security:intercept-url pattern="/Login/Error" access="hasRole('ROLE_ANONYMOUS')" />    
     <security:form-login  login-page="/Login"  login-processing-url="/j_spring_security_check"  authentication-failure-url="/Login/Error" default-target-url="/Loginsucess" />
     <security:logout logout-url="/j_spring_security_logout" logout-success-url="/Login" delete-cookies="JSESSIONID"  invalidate-session="true"/>
     <security:anonymous/>
     <security:session-management invalid-session-url="/Login" >
        <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"  />
     </security:session-management>
     <security:port-mappings>
      <security:port-mapping http="8086" https="8443"/>
     </security:port-mappings>
</security:http>

私はすでにこれを私の web.xml に追加しています:

<listener>
<listener-class>
  org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>

編集 :

1 台のマシンでの最初のログイン:

> 17:57:17,116 DEBUG FilterChainProxy:337 - /j_spring_security_check at
> position 1 of 11 in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 17:57:17,117 DEBUG
> HttpSessionSecurityContextRepository:139 - HttpSession returned null
> object for SPRING_SECURITY_CONTEXT 17:57:17,117 DEBUG
> HttpSessionSecurityContextRepository:85 - No SecurityContext was
> available from the HttpSession:
> org.apache.catalina.session.StandardSessionFacade@1a60232c. A new one
> will be created. 17:57:17,117 DEBUG FilterChainProxy:337 -
> /j_spring_security_check at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 17:57:17,117 DEBUG
> FilterChainProxy:337 - /j_spring_security_check at position 3 of 11 in
> additional filter chain; firing Filter: 'LogoutFilter' 17:57:17,117
> DEBUG FilterChainProxy:337 - /j_spring_security_check at position 4 of
> 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 17:57:17,117 DEBUG
> UsernamePasswordAuthenticationFilter:189 - Request is to process
> authentication 17:57:17,118 DEBUG ProviderManager:152 - Authentication
> attempt using
> org.springframework.security.authentication.dao.DaoAuthenticationProvider
> Hibernate: select user0_.id as id1_13_, user0_.username as
> username2_13_, user0_.firstname as firstnam3_13_, user0_.lastname as
> lastname4_13_, user0_.password as password5_13_, user0_.email as
> email6_13_, user0_.enabled as enabled7_13_ from biomoltracker.LOG_user
> user0_ where user0_.username=? Hibernate: select roles1_.role_name as
> col_0_0_ from biomoltracker.LOG_user user0_ inner join
> biomoltracker.LOG_role roles1_ on user0_.id=roles1_.id_user_fk where
> user0_.id=? 17:57:17,355 DEBUG ConcurrentSessionControlStrategy:88 -
> Invalidating session with Id '4A09DE3E6ACDE04373284600DACDBE39' and
> migrating attributes. 17:57:17,355 DEBUG HttpSessionEventPublisher:83
> - Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@1a60232c]
> 17:57:17,356 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@60e9ebe1]
> 17:57:17,356 DEBUG ConcurrentSessionControlStrategy:98 - Started new
> session: 7431CCBD3008FC59A2AF1C44632F33F0 17:57:17,356 DEBUG
> SessionRegistryImpl:107 - Registering session
> 7431CCBD3008FC59A2AF1C44632F33F0, for principal
> com.clb.genomic.lyon.model.User@654f8017 17:57:17,356 DEBUG
> UsernamePasswordAuthenticationFilter:317 - Authentication success.
> Updating SecurityContextHolder to contain:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 17:57:17,357 DEBUG
> SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url:
> /Loginsucess 17:57:17,357 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Loginsucess' 17:57:17,357 DEBUG
> HttpSessionSecurityContextRepository:292 - SecurityContext stored to
> HttpSession:
> 'org.springframework.security.core.context.SecurityContextImpl@ff2ffd00:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,357 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 17:57:17,360 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 1 of 11 in additional
> filter chain; firing Filter: 'SecurityContextPersistenceFilter'
> 17:57:17,361 DEBUG HttpSessionSecurityContextRepository:158 - Obtained
> a valid SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@ff2ffd00:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,361 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 2 of 11 in additional filter chain; firing
> Filter: 'ConcurrentSessionFilter' 17:57:17,361 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 3 of 11 in additional
> filter chain; firing Filter: 'LogoutFilter' 17:57:17,361 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 4 of 11 in additional
> filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
> 17:57:17,361 DEBUG FilterChainProxy:337 - /Loginsucess at position 5
> of 11 in additional filter chain; firing Filter:
> 'BasicAuthenticationFilter' 17:57:17,361 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 6 of 11 in additional filter chain; firing
> Filter: 'RequestCacheAwareFilter' 17:57:17,362 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 7 of 11 in additional
> filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 17:57:17,362 DEBUG FilterChainProxy:337 - /Loginsucess at position 8
> of 11 in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 17:57:17,362 DEBUG
> AnonymousAuthenticationFilter:107 - SecurityContextHolder not
> populated with anonymous token, as it already contained:
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,362 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 9 of 11 in additional filter chain; firing
> Filter: 'SessionManagementFilter' 17:57:17,362 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 10 of 11 in additional
> filter chain; firing Filter: 'ExceptionTranslationFilter' 17:57:17,362
> DEBUG FilterChainProxy:337 - /Loginsucess at position 11 of 11 in
> additional filter chain; firing Filter: 'FilterSecurityInterceptor'
> 17:57:17,362 DEBUG AntPathRequestMatcher:116 - Checking match of
> request : '/loginsucess'; against '/loginsucess*' 17:57:17,363 DEBUG
> FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL:
> /Loginsucess; Attributes: [isAuthenticated()] 17:57:17,363 DEBUG
> FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 17:57:17,363 DEBUG AffirmativeBased:65 -
> Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 17:57:17,363 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 17:57:17,363 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 17:57:17,364 DEBUG FilterChainProxy:323 -
> /Loginsucess reached end of additional filter chain; proceeding with
> original chain 17:57:17,469 DEBUG ExceptionTranslationFilter:115 -
> Chain processed normally 17:57:17,469 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed

同じ(ユーザー名/パスワード)を持つ2番目のユーザーが別のマシンからログインしたとき。

> 8:01:47,309 DEBUG FilterChainProxy:337 - /j_spring_security_check at
> position 1 of 11 in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:47,310 DEBUG
> HttpSessionSecurityContextRepository:139 - HttpSession returned null
> object for SPRING_SECURITY_CONTEXT 18:01:47,310 DEBUG
> HttpSessionSecurityContextRepository:85 - No SecurityContext was
> available from the HttpSession:
> org.apache.catalina.session.StandardSessionFacade@67a53697. A new one
> will be created. 18:01:47,310 DEBUG FilterChainProxy:337 -
> /j_spring_security_check at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 18:01:47,310 DEBUG
> FilterChainProxy:337 - /j_spring_security_check at position 3 of 11 in
> additional filter chain; firing Filter: 'LogoutFilter' 18:01:47,310
> DEBUG FilterChainProxy:337 - /j_spring_security_check at position 4 of
> 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 18:01:47,310 DEBUG
> UsernamePasswordAuthenticationFilter:189 - Request is to process
> authentication 18:01:47,310 DEBUG ProviderManager:152 - Authentication
> attempt using
> org.springframework.security.authentication.dao.DaoAuthenticationProvider
> Hibernate: select user0_.id as id1_13_, user0_.username as
> username2_13_, user0_.firstname as firstnam3_13_, user0_.lastname as
> lastname4_13_, user0_.password as password5_13_, user0_.email as
> email6_13_, user0_.enabled as enabled7_13_ from biomoltracker.LOG_user
> user0_ where user0_.username=? Hibernate: select roles1_.role_name as
> col_0_0_ from biomoltracker.LOG_user user0_ inner join
> biomoltracker.LOG_role roles1_ on user0_.id=roles1_.id_user_fk where
> user0_.id=? 18:01:47,317 DEBUG ConcurrentSessionControlStrategy:88 -
> Invalidating session with Id 'E644740185BC8E28272BD4F80751D445' and
> migrating attributes. 18:01:47,318 DEBUG HttpSessionEventPublisher:83
> - Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@67a53697]
> 18:01:47,318 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@65447c32]
> 18:01:47,318 DEBUG ConcurrentSessionControlStrategy:98 - Started new
> session: 3694308C7FCA68AC5FFD1E442464FE50 18:01:47,318 DEBUG
> SessionRegistryImpl:107 - Registering session
> 3694308C7FCA68AC5FFD1E442464FE50, for principal
> com.clb.genomic.lyon.model.User@1b2c4d8f 18:01:47,319 DEBUG
> UsernamePasswordAuthenticationFilter:317 - Authentication success.
> Updating SecurityContextHolder to contain:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 18:01:47,319 DEBUG
> SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url:
> /Loginsucess 18:01:47,319 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Loginsucess' 18:01:47,319 DEBUG
> HttpSessionSecurityContextRepository:292 - SecurityContext stored to
> HttpSession:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,320 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 18:01:47,324 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 1 of 11 in additional
> filter chain; firing Filter: 'SecurityContextPersistenceFilter'
> 18:01:47,324 DEBUG HttpSessionSecurityContextRepository:158 - Obtained
> a valid SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,324 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 2 of 11 in additional filter chain; firing
> Filter: 'ConcurrentSessionFilter' 18:01:47,324 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 3 of 11 in additional
> filter chain; firing Filter: 'LogoutFilter' 18:01:47,325 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 4 of 11 in additional
> filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
> 18:01:47,325 DEBUG FilterChainProxy:337 - /Loginsucess at position 5
> of 11 in additional filter chain; firing Filter:
> 'BasicAuthenticationFilter' 18:01:47,325 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 6 of 11 in additional filter chain; firing
> Filter: 'RequestCacheAwareFilter' 18:01:47,325 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 7 of 11 in additional
> filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 18:01:47,325 DEBUG FilterChainProxy:337 - /Loginsucess at position 8
> of 11 in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 18:01:47,325 DEBUG
> AnonymousAuthenticationFilter:107 - SecurityContextHolder not
> populated with anonymous token, as it already contained:
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,326 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 9 of 11 in additional filter chain; firing
> Filter: 'SessionManagementFilter' 18:01:47,326 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 10 of 11 in additional
> filter chain; firing Filter: 'ExceptionTranslationFilter' 18:01:47,326
> DEBUG FilterChainProxy:337 - /Loginsucess at position 11 of 11 in
> additional filter chain; firing Filter: 'FilterSecurityInterceptor'
> 18:01:47,326 DEBUG AntPathRequestMatcher:116 - Checking match of
> request : '/loginsucess'; against '/loginsucess*' 18:01:47,326 DEBUG
> FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL:
> /Loginsucess; Attributes: [isAuthenticated()] 18:01:47,326 DEBUG
> FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 18:01:47,327 DEBUG AffirmativeBased:65 -
> Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 18:01:47,327 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 18:01:47,327 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 18:01:47,327 DEBUG FilterChainProxy:323 -
> /Loginsucess reached end of additional filter chain; proceeding with
> original chain 18:01:47,427 DEBUG ExceptionTranslationFilter:115 -
> Chain processed normally 18:01:47,427 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 18:01:56,039 DEBUG
> FilterChainProxy:337 - /j_spring_security_logout at position 1 of 11
> in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:56,040 DEBUG
> HttpSessionSecurityContextRepository:158 - Obtained a valid
> SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:56,040 DEBUG FilterChainProxy:337 -
> /j_spring_security_logout at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 18:01:56,040 DEBUG
> FilterChainProxy:337 - /j_spring_security_logout at position 3 of 11
> in additional filter chain; firing Filter: 'LogoutFilter' 18:01:56,040
> DEBUG LogoutFilter:93 - Logging out user
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' and transferring to logout destination
> 18:01:56,040 DEBUG SecurityContextLogoutHandler:62 - Invalidating
> session: 3694308C7FCA68AC5FFD1E442464FE50 18:01:56,040 DEBUG
> HttpSessionEventPublisher:83 - Publishing event:
> org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@65447c32]
> 18:01:56,041 DEBUG SessionRegistryImpl:156 - Removing session
> 3694308C7FCA68AC5FFD1E442464FE50 from principal's set of registered
> sessions 18:01:56,041 DEBUG SessionRegistryImpl:164 - Removing
> principal com.clb.genomic.lyon.model.User@1b2c4d8f from registry
> 18:01:56,041 DEBUG SimpleUrlLogoutSuccessHandler:107 - Using default
> Url: /Login 18:01:56,041 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Login' 18:01:56,041 DEBUG
> HttpSessionSecurityContextRepository:269 - SecurityContext is empty or
> contents are anonymous - context will not be stored in HttpSession.
> 18:01:56,042 DEBUG SecurityContextPersistenceFilter:97 -
> SecurityContextHolder now cleared, as request processing completed
> 18:01:56,045 DEBUG FilterChainProxy:337 - /Login at position 1 of 11
> in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:56,045 DEBUG
> HttpSessionSecurityContextRepository:127 - No HttpSession currently
> exists 18:01:56,045 DEBUG HttpSessionSecurityContextRepository:85 - No
> SecurityContext was available from the HttpSession: null. A new one
> will be created. 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at
> position 2 of 11 in additional filter chain; firing Filter:
> 'ConcurrentSessionFilter' 18:01:56,046 DEBUG FilterChainProxy:337 -
> /Login at position 3 of 11 in additional filter chain; firing Filter:
> 'LogoutFilter' 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at
> position 4 of 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 5 of 11 in additional filter
> chain; firing Filter: 'BasicAuthenticationFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 6 of 11 in additional filter
> chain; firing Filter: 'RequestCacheAwareFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 7 of 11 in additional filter
> chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at position 8 of 11
> in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 18:01:56,047 DEBUG
> AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder
> with anonymous token:
> 'org.springframework.security.authentication.AnonymousAuthenticationToken@90554a14:
> Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated:
> true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@3bcc:
> RemoteIpAddress: 192.168.154.20; SessionId: null; Granted Authorities:
> ROLE_ANONYMOUS' 18:01:56,047 DEBUG FilterChainProxy:337 - /Login at
> position 9 of 11 in additional filter chain; firing Filter:
> 'SessionManagementFilter' 18:01:56,047 DEBUG FilterChainProxy:337 -
> /Login at position 10 of 11 in additional filter chain; firing Filter:
> 'ExceptionTranslationFilter' 18:01:56,047 DEBUG FilterChainProxy:337 -
> /Login at position 11 of 11 in additional filter chain; firing Filter:
> 'FilterSecurityInterceptor' 18:01:56,047 DEBUG
> AntPathRequestMatcher:116 - Checking match of request : '/login';
> against '/loginsucess*' 18:01:56,047 DEBUG AntPathRequestMatcher:116 -
> Checking match of request : '/login'; against '/login' 18:01:56,048
> DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation:
> URL: /Login; Attributes: [hasRole('ROLE_ANONYMOUS')] 18:01:56,048
> DEBUG FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.AnonymousAuthenticationToken@90554a14:
> Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated:
> true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@3bcc:
> RemoteIpAddress: 192.168.154.20; SessionId: null; Granted Authorities:
> ROLE_ANONYMOUS 18:01:56,048 DEBUG AffirmativeBased:65 - Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 18:01:56,048 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 18:01:56,049 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 18:01:56,049 DEBUG FilterChainProxy:323 - /Login
> reached end of additional filter chain; proceeding with original chain
> 18:01:56,145 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@2fa28842]
> 18:01:56,152 DEBUG HttpSessionSecurityContextRepository:269 -
> SecurityContext is empty or contents are anonymous - context will not
> be stored in HttpSession. 18:01:56,152 DEBUG
> ExceptionTranslationFilter:115 - Chain processed normally 18:01:56,152
> DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed
4

1 に答える 1

10

キーとして使用されるカスタム プリンシパル オブジェクト (タイプcom.clb.genomic.lyon.model.User) がありSessionRegistryます。表示されている理由として最も可能性が高いのは、このクラスに対してhashcodeおよびequalsを実装していないため、2 つのインスタンスが同じプリンシパルに対するものであることをレジストリが認識していないことです。

問題を起こさずにこれを行う最善の方法は、ユーザー名を唯一のデータとして使用してメソッドを実装することです (User例については、デフォルト オブジェクトを参照してください)。

toStringデバッグログを読みやすくするため、少なくともユーザー名を出力するように実装する必要があります。

于 2013-10-11T17:19:06.640 に答える