1. 首頁
  2. 問答
  3. 彈簧安全怪異行爲

彈簧安全怪異行爲

2012-10-31 41 views
0

我使用spring security和MongoDB進行測試,所以我使用MongoDB構建了一個自定義的UserDetailService,並且我得到了它的工作,但突然它開始拋出一個異常,我試圖解決這個問題,但是我不能這麼回覆我的代碼在實現自定義的UserDetailService之前先前的狀態,並且它再次開始工作,我重新實現了UserDetailService,發生了完全相同的事情,它只是停止工作,甚至不改變任何東西,只是停止並重新啓動tomcat。彈簧安全怪異行爲

這裏是我的web.xml

<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
<web-app xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.0" 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> 
<display-name /> 
<listener> 
    <listener-class> 
     org.springframework.web.context.request.RequestContextListener 
    </listener-class> 
</listener> 
<listener> 
    <listener-class> 
     org.springframework.web.context.ContextLoaderListener 
    </listener-class> 
</listener> 
<filter> 
    <description> 
     generated-spring-security-session-integration-filter 
    </description> 
    <filter-name> 
     SpringSecuritySessionIntegrationFilter 
    </filter-name> 
    <filter-class> 
     org.springframework.security.web.context.SecurityContextPersistenceFilter 
    </filter-class> 
</filter> 
<filter> 
    <description>generated-sitemesh-filter</description> 
    <filter-name>Sitemesh Filter</filter-name> 
    <filter-class> 
     com.opensymphony.module.sitemesh.filter.PageFilter 
    </filter-class> 
</filter> 
<filter> 
    <description>generated-spring-security-filter</description> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class> 
     org.springframework.web.filter.DelegatingFilterProxy 
    </filter-class> 
</filter> 
<filter-mapping> 
    <filter-name> 
     SpringSecuritySessionIntegrationFilter 
    </filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 
<filter-mapping> 
    <filter-name>Sitemesh Filter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 
<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 
<servlet> 
    <description>generated-servlet</description> 
    <servlet-name>MongoSecurity Servlet</servlet-name> 
    <servlet-class> 
     org.springframework.web.servlet.DispatcherServlet 
    </servlet-class> 
    <init-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value> 
      classpath:MongoSecurity-web-context.xml 
     </param-value> 
    </init-param> 
    <load-on-startup>1</load-on-startup> 
</servlet> 
<servlet> 
    <description>generated-resources-servlet</description> 
    <servlet-name>Resource Servlet</servlet-name> 
    <servlet-class> 
     org.springframework.js.resource.ResourceServlet 
    </servlet-class> 
    <load-on-startup>1</load-on-startup> 
</servlet> 
<servlet-mapping> 
    <servlet-name>Resource Servlet</servlet-name> 
    <url-pattern>/resources/*</url-pattern> 
</servlet-mapping> 
<servlet-mapping> 
    <servlet-name>MongoSecurity Servlet</servlet-name> 
    <url-pattern>/</url-pattern> 
</servlet-mapping>

和異常我越來越:

java.lang.ClassCastException: org.springframework.security.web.firewall.FirewalledResponse cannot be cast to org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper 
org.springframework.security.web.context.HttpSessionSecurityContextRepository.saveContext(HttpSessionSecurityContextRepository.java:99) 
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:87) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:139) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:65) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) 
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) 
com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129) 
com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77) 
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)

這裏是我的安全context.xml中:

<http auto-config="true"> 
    <intercept-url pattern="/pages/login.jsp" /> 
    <intercept-url access="ROLE_ADMIN" pattern="/secure/**" /> 
    <form-login authentication-failure-url="/pages/login.jsp?login_error=true" login-page="/pages/login.jsp" /> 
<logout invalidate-session="true" logout-success-url="/pages/logout-redirect.jsp" /> 
    <remember-me key="formsRMKey" user-service-ref="userDetailsService" /> 
</http> 
<authentication-manager alias="authenticationManager"> 
    <authentication-provider user-service-ref="userDetailsService"> 
     <password-encoder hash="sha" /> 
    </authentication-provider> 
</authentication-manager> 
<beans:bean id="userDetailsService" class="com.realestate.service.MongoUserDetailService" />

並執行Mon goUserDetailService:

public UserDetails loadUserByUsername(String username) 
     throws UsernameNotFoundException { 
    UserAccount user = userDao.findByUsername(username); 
    if(user == null){ 
     return null; 
    } 
    return new User(user.getUsername(), user.getPassword(), true, true, true, true, getGrantedAuthorities(user.getRoles())); 
} 

public static List<SimpleGrantedAuthority> getGrantedAuthorities(List<Role> roles) { 
    List<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>(); 
    for (Role role : roles) { 
     authorities.add(new SimpleGrantedAuthority(role.getName())); 
    } 
    return authorities; 
}

任何幫助,將不勝感激。

來源

2012-10-31 Eric

+0

你可以發佈你的userdertails類嗎? – shazinltc

回答

4

我有類似的問題,並從web.xml中刪除SecurityContextPersistenceFilter解決了我的問題。 http-config元素使用它自己的SecurityContextPersistenceFilter創建過濾器鏈,因此顯式聲明的過濾器出現亂序。 順便說一下,你的web.xml中還有一些其他的Spring Security Filters,所以你可能需要刪除這個過濾器才能正常工作。 請參閱Spring Security Core Filters Documentation以獲取有關默認註冊的Spring Security過濾器的信息。

來源

2012-11-01 12:35:19 serezqa

相關問題

 相關問題