1. 首頁
  2. 問答
  3. 升級到Spring Security 4,現在我無法登錄

升級到Spring Security 4,現在我無法登錄

2017-06-13 81 views
0

我剛升級到Spring Security 4.2.3.RELEASE,現在我無法登錄。具體而言,當我登錄,提交這些參數升級到Spring Security 4,現在我無法登錄

OWASP_CSRFTOKEN ZLCK-J3VV-OJTK-8GZW-H68V-C8N6-CE6G-U6AQ 
j_password aaa 
j_username mouser

我得到的錯誤

Could not verify the provided CSRF token because your session was not found.

你可以清楚地看到從它上面是存在的。以下是我的Spring安全配置。我還需要檢查什麼才能使其工作?

<beans:bean id="mycoUsernamePasswordUrlAuthenticationFilter" 
    class="org.collegeboard.myco.core.security.mycoUsernamePasswordUrlAuthenticationFilter"> 
    <beans:property name="filterProcessesUrl" value="/j_spring_security_check" /> 
    <beans:property name="authenticationManager" ref="authenticationManager" /> 
    <beans:property name="authenticationFailureHandler"> 
     <beans:bean 
      class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler"> 
      <beans:property name="defaultFailureUrl" value="/login/failure" /> 
      <beans:property name="exceptionMappings" ref="exceptionMappings" /> 
     </beans:bean> 
    </beans:property> 
    <beans:property name="authenticationSuccessHandler"> 
     <beans:bean 
      class="org.collegeboard.myco.security.mycoAuthenticationSuccessHandler"> 
      <beans:property name="defaultTargetUrl" value="/authenticate" /> 
      <beans:property name="sessionService" ref="sessionService" /> 
     </beans:bean> 
    </beans:property> 
</beans:bean> 

...  
<beans:bean id="loginUrlAuthenticationEntryPoint" 
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> 
    <beans:constructor-arg name="loginFormUrl" value="/login" /> 
</beans:bean> 


<http name="defaultSecurity" security-context-repository-ref="mycoSecurityContextRepository" 
    auto-config="false" use-expressions="true" authentication-manager-ref="authenticationManager" 
    entry-point-ref="loginUrlAuthenticationEntryPoint"> 
    <!-- <access-denied-handler error-page="/denied"/> --> 
    <custom-filter position="FORM_LOGIN_FILTER" 
     ref="mycoUsernamePasswordUrlAuthenticationFilter" /> 
    <intercept-url pattern="/lti/launch" access="permitAll" /> 
    <intercept-url pattern="/login" access="permitAll" /> 
    <intercept-url pattern="/status" access="permitAll" /> 
    <intercept-url pattern="/termsOfUse" access="permitAll" /> 
    <intercept-url pattern="/privacyPolicy" access="permitAll" /> 
    <intercept-url pattern="/contactUs" access="permitAll" /> 
    <intercept-url pattern="/legal" access="permitAll" /> 
    <intercept-url pattern="/logout" access="permitAll" /> 
... 
    <intercept-url pattern="/dwrsetcookie" access="isFullyAuthenticated()" /> 
    <intercept-url pattern="/dwrpageid" access="permitAll" /> 
    <logout invalidate-session="true" logout-success-url="/logout" logout-url="/j_spring_security_logout" /> 
</http> 

<authentication-manager alias="authenticationManager" id="authenticationManager"> 
    <authentication-provider user-service-ref="sbdUserDetailsService"> 
     <password-encoder ref="passwordEncoder" /> 
    </authentication-provider> 
</authentication-manager>

來源

2017-06-13 Dave

回答

2

試圖通過添加以下到http標籤添加以下CSRF輸入你的登錄JSP,

<input type="hidden" name="${_csrf.parameterName}"value="${_csrf.token}"/>

或禁用CSRF

<csrf disabled="true"/>

來源

2017-06-14 09:24:21 softus

+0

呀禁用它是要走的路。我已經有了自己的CSRF。 – Dave

相關問題

 相關問題