3
目前,我沒有HttpSession目前存在。我相信這個問題會導致不一致的登錄錯誤。我可以成功登錄一次,但其他人則不能。請幫忙。歡迎任何建議。HttpSessionSecurityContextRepository - 目前沒有HttpSession
我在數據庫中有兩個表:客戶和供應商。在我的security.xml文件中,我設置的方式是首先檢查供應商表;如果不成功,它將檢查客戶表。我不確定這是否是最佳做法,但它對我有用。
還有一件事是沒有HttpSession從未在我的localhost:8080環境中發生。但它在生產中。
這是我的設置:Spring mvc,Tomcat,Postgresql和Heroku是我的雲服務。
這裏是我的Spring MVC和Spring Security的版本
<properties>
<spring.version>4.0.5.RELEASE</spring.version>
<apache.tiles>3.0.3</apache.tiles>
<spring.security.version>3.2.3.RELEASE</spring.security.version>
</properties>
這是我spring.xml文件
<global-method-security pre-post-annotations="enabled" />
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/login.html" requires-channel="https"/>
<intercept-url pattern="/logout.html" requires-channel="https"/>
<intercept-url pattern="/vendor/admin/**" access="hasRole('ROLE_ADMIN')" requires-channel="https"/>
<intercept-url pattern="/vendor/admin**" access="hasRole('ROLE_ADMIN')" requires-channel="https"/>
<intercept-url pattern="/vendor/account/**" access="hasRole('ROLE_VENDOR')" requires-channel="https"/>
<intercept-url pattern="/vendor/account**" access="hasRole('ROLE_VENDOR')" requires-channel="https"/>
<!-- Customer section -->
<intercept-url pattern="/customer/account/" access="hasRole('ROLE_CUSTOMER')" requires-channel="https"/>
<intercept-url pattern="/customer/account**" access="hasRole('ROLE_CUSTOMER')" requires-channel="https"/>
<intercept-url pattern="/reservation/ordercomplete/**" access="hasRole('ROLE_CUSTOMER')" requires-channel="https"/>
<intercept-url pattern="/reservation/ordercomplete**" access="hasRole('ROLE_CUSTOMER')" requires-channel="https"/>
<form-login login-page="/login.html"
authentication-failure-url="/login.html?success=false"
authentication-success-handler-ref="knexAuthenticationSuccessHandler" />
<logout logout-url="/logout" delete-cookies="JSESSIONID" />
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
</session-management>
</http>
<beans:bean id="knexAuthenticationSuccessHandler"
class="com.knexpress.cabo.security.KNexUrlAuthenticationSuccessHandler" />
<authentication-manager>
<authentication-provider>
<password-encoder hash="bcrypt" />
<jdbc-user-service data-source-ref="dataSource"
authorities-by-username-query="the query here is working ok"
users-by-username-query="select username, password, enabled from vendor where username = ? " />
</authentication-provider>
<authentication-provider>
<password-encoder hash="bcrypt" />
<jdbc-user-service data-source-ref="dataSource"
authorities-by-username-query="the query here is working alright."
users-by-username-query="select email, password, enabled from customer where email = ? " />
</authentication-provider>
</authentication-manager>
這是我applicationContext.xml文件
<context:component-scan base-package="com.knexpress.cabo">
<context:exclude-filter type="annotation"
expression="org.springframework.stereotype.Controller" />
</context:component-scan>
<tx:annotation-driven transaction-manager="transactionManager" />
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<jpa:repositories base-package="com.knexpress.cabo.repository" />
<!-- Using this to serve https pages -->
<bean id="loadBalancerHack" class="com.knexpress.cabo.component.LoadBalancerHack"/>
<bean id="secureChannelProcessorHack" class="com.knexpress.cabo.component.SecureChannelProcessorHack"/>
<bean id="insecureChannelProcessorHack" class="com.knexpress.cabo.component.InsecureChannelProcessorHack"/>
<import resource="security.xml" />
這是我的web.xml文件
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>prod</param-value>
</context-param>
<session-config>
<!-- Default to 5 minute session timeouts -->
<session-timeout>5</session-timeout>
</session-config>
最後,這是我的生產日誌。 (順便說一句:我沒有激活我所有的查詢日誌中督促環境:
2016-02-18T12:43:17.237730+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] AntPathRequestMatcher - Checking match of request : '/index.html'; against '/customer/account/' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.241374+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.241508+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] HttpSessionSecurityContextRepository - No HttpSession currently exists [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.241631+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created. [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.241749+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 3 of 13 in additional filter chain; firing Filter: 'ConcurrentSessionFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.241930+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 4 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.242298+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.242414+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.242950+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.247152+00:00 app[web.2]: ERROR [18.02.16 12:43:17] CustomerHomeController - [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.265654+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] ExceptionTranslationFilter - Chain processed normally [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.268379+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.238551+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] AntPathRequestMatcher - Checking match of request : '/index.html'; against '/customer/account**' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.238669+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] AntPathRequestMatcher - Checking match of request : '/index.html'; against '/reservation/ordercomplete/**' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.239353+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] AntPathRequestMatcher - Checking match of request : '/index.html'; against '/reservation/ordercomplete**' [thread:
我也面臨同樣的問題,你如何解決這個問題。請幫助我們。 –