0
我正在使用Spring Security 3.0.5進行身份驗證,我也使用記住我。目前,登錄頁面是一個https頁面,我重定向到成功認證的頁面是一個http頁面。我使用的是https下的所有東西,但是我們的網站上有一些東西不能在IE8的https下運行,所以我想我會嘗試這種方式。下面的調試日誌似乎表明,cookie不能從https寫入http,有沒有辦法做到這一點?春季安全記住我從https到http cookie認證失敗的身份驗證
調試跟蹤:
15:13:53,373 DEBUG UsernamePasswordAuthenticationFilter:289 - Authentication success. Updating SecurityContextHolder to contain: org.springframew[email protected]b7fef7f9: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffd148a: RemoteIpAddress: 204.17.229.254; SessionId: 1C083D7977FDD3C8D1FA94BEA6665C54; Granted Authorities: [email protected]
15:13:53,373 DEBUG TokenBasedRememberMeServices:271 - Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me')
15:13:53,374 DEBUG TokenBasedRememberMeServices:229 - Remember-me login not requested.
15:13:53,374 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'eventDispatcher'
15:13:53,375 DEBUG SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url: /registered/home.html
15:13:53,375 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/dreamcatcher/registered/home.html'
春季安全配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:annotation-config />
<context:component-scan base-package="dc" />
<global-method-security />
<http access-denied-page="/auth/denied.html">
<intercept-url filters="none" pattern="/javax.faces.resource/**" />
<intercept-url filters="none" pattern="/services/rest-api/1.0/**" />
<intercept-url filters="none" pattern="/preregistered/*"/>
<intercept-url
pattern="/**/*.xhtml"
access="ROLE_NONE_GETS_ACCESS" />
<intercept-url
pattern="/auth/**"
access="ROLE_ANONYMOUS,ROLE_USER" />
<intercept-url
pattern="/auth/*"
access="ROLE_ANONYMOUS" />
<intercept-url
pattern="/registered/*"
access="ROLE_USER" />
<intercept-url
pattern="/*"
access="ROLE_ANONYMOUS" />
<form-login
login-processing-url="/j_spring_security_check.html"
login-page="/auth/login.html"
default-target-url="/registered/home.html"
authentication-failure-url="/auth/login.html" />
<logout invalidate-session="true"
logout-url="/auth/logout.html"
success-handler-ref="DCLogoutSuccessHandler"/>
<anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
<remember-me user-service-ref="userManager" key="keyvaluehere"/>
<custom-filter after="FORM_LOGIN_FILTER" ref="xmlAuthenticationFilter"/>
</http>
<!-- Configure the authentication provider -->
<authentication-manager alias="am">
<authentication-provider user-service-ref="userManager">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
<authentication-provider ref="xmlAuthenticationProvider" />
</authentication-manager>
</beans:beans>
感謝拉爾夫,那差不多就是我的想法。不幸的是,該資源在https下不可用。我們使用的不是https服務器映像的閃爍圖像搜索,而且api不能通過https訪問。猜猜我們會切換圖片搜索..感謝您的迴應! – c12 2011-04-05 07:31:46