0
我有彈簧security.xml文件下面的代碼無法成功登錄使用Spring的OpenID
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http security="none" pattern="/openid.jsp" />
<security:http security="none" pattern="/logout.jsp" />
<security:http security="none" pattern="/success.jsp" />
<security:http auto-config="true"
authentication-manager-ref="authManager">
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<security:openid-login login-page="/openid.jsp"
authentication-failure-url="/logout.jsp"
default-target-url="/success.jsp" >
</security:openid-login>
</security:http>
<security:authentication-manager id="authManager">
<security:authentication-provider>
<security:user-service>
<security:user name="spring" password="spring"
authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
Tomcat的訪問日誌也顯示,谷歌已經認證了的OpenID但我依然打logout.jsp允許訪問後來自Google開放ID頁面。
127.0.0.1 - - [13/Dec/2012:22:55:44 +0530] "GET /SpringWebSecurityOpenID/getEmp.do/10 HTTP/1.1" 302 35
127.0.0.1 - - [13/Dec/2012:22:55:44 +0530] "GET /SpringWebSecurityOpenID/openid.jsp HTTP/1.1" 200 258
127.0.0.1 - - [13/Dec/2012:22:55:49 +0530] "POST /SpringWebSecurityOpenID/j_spring_openid_security_check HTTP/1.1" 302 35
127.0.0.1 - - [13/Dec/2012:22:55:50 +0530] "GET /SpringWebSecurityOpenID/j_spring_openid_security_check?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2012-12-13T17cwcwc4rf32dwfdwGJ5oVQ_g&openid.return_to=http%3A%2F%2Flocalhost%3A8080%2FSpringWebSecurityOpenID%2Fj_spring_openid_security_check&openid.assoc_handle=AMlYA9UzE_QF5BKDYtD-k3_TbEdofnp7-43i9om-guRWh1TG5LhzEN7lzPyJ0IXzTjtNDbZz&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=4MN6wuiKCWkuNwfwfwfd32dddqwg%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%cwcwc34r2dwefreWzH1fBOWj5v4U&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid432432EdewedrUfrp0nP3AWzH1fBOWj5v4U HTTP/1.1" 302 35
127.0.0.1 - - [13/Dec/2012:22:55:50 +0530] "GET /SpringWebSecurityOpenID/logout.jsp HTTP/1.1" 200 102
請提供。幫助解決這個問題。如果我刪除openid登錄頁面屬性並使用由Spring生成的默認開放標識形式,那麼我可以很容易地進行身份驗證並點擊請求的URL。
有更新上面的spring-security.xml代碼。在日誌中看到的唯一的例外是:
2012-12-16 11:26:32,430{HH:mm:ss} DEBUG [http-bio-8080-exec-4] (ConsumerManager.java:1788)
- Local signature verification succeeded.
2012-12-16 11:26:32,430{HH:mm:ss} INFO [http-bio-8080-exec-4] (ConsumerManager.java:1848)
- Verification succeeded for: https://www.google.com/accounts/o8/id?id=AItOawl2FdNxxWJLrUfrp0nP3AWzH1fBOWj5v4U
2012-12-16 11:26:32,433{HH:mm:ss} DEBUG [http-bio-8080-exec-4] (ProviderManager.java:152) -
Authentication attempt using org.springframework.security.openid.OpenIDAuthenticationProvider
2012-12-16 11:26:32,434{HH:mm:ss} DEBUG [http-bio-8080-exec-4] (AbstractAuthenticationProcessingFil
ter.java:340) - Authentication request failed: org.springframework.security.core.userdetails.UsernameNotFoundException: h
ttps://www.google.com/accounts/o8/id?id=AItOawl2FdNxxWJLrUfrp0nP3AWzH1fBOWj5v4U
2012-12-16 11:26:32,434{HH:mm:ss} DEBUG [http-bio-8080-exec-4] (AbstractAuthenticationProcessingFil
ter.java:341) - Updated SecurityContextHolder to contain null Authentication
2012-12-16 11:26:32,435{HH:mm:ss} DEBUG [http-bio-8080-exec-4] (AbstractAuthenticationProcessingFil
ter.java:342) - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuth
[email protected]
我是否需要補充我想在彈簧security.xml文件對用戶進行認證。我試圖讓任何有效的openid登錄。我沒有任何用戶名單進行身份驗證。
您可以啓用SS調試日誌記錄並更新您的文章與日誌輸出。也許可以顯示openid.jsp的功能。 –
肯定會這樣做,並在這裏更新 – Sandeep