重复会话创建&AuthenticationProvider 中的重复线程?为什么? [英] Duplicate session creation & duplicate threads in AuthenticationProvider? Why?
问题描述
所以我有一些 Spring Boot 安全代码,并且出于某种原因,尽管我的 STATELESS angular 应用程序发送了一个 GET 请求.Spring Security 似乎收到了两个请求,并在相同的毫秒内开始在两个线程上处理它们(然后我最终得到了一个唯一的用户约束,因为它试图将同一用户两次添加到数据库中).
So I have some Spring Boot Security code, and for some reason although my STATELESS angular app sends a single GET request. The Spring Security seems to get two requests and start processing them in the same milliseconds on two threads (then I end up getting a unique user constraint as it tries to add same user twice to the DB).
发生双重请求的 spring 安全配置是否有问题?Spring Security 应该基本上检查所有来自无状态应用程序的 X-AUTH-TOKEN 请求.
Is there something wrong with my spring security configuration where double-requests are happening? Spring Security should basically check ALL requests coming from stateless app for the X-AUTH-TOKEN.
http
.authenticationProvider(authenticationProvider)
.addFilterBefore(new HeaderAuthenticationFilter(), BasicAuthenticationFilter.class)
//.addFilterBefore(new CorsFilter(request -> corsConfiguration), HeaderAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest()
.authenticated()
.and()
.csrf().disable()
.exceptionHandling().accessDeniedPage("/error");
基本上 HeaderAuthenticationProvider 和 HeaderAuthenticationFilter 用于检查 X-AUTH-TOKEN.
Basically HeaderAuthenticationProvider and HeaderAuthenticationFilter are used for checking X-AUTH-TOKEN.
2017-05-17 19:46:41.868 INFO 5 --- [nio-8443-exec-8] o.a.c.util.SessionIdGeneratorBase : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13,338] milliseconds.
2017-05-17 19:46:41.868 INFO 5 --- [nio-8443-exec-1] o.a.c.util.SessionIdGeneratorBase : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [8,315] milliseconds.
2017-05-17 19:46:41.872 INFO 5 --- [nio-8443-exec-8] m.d.f.a.HeaderAuthenticationProvider : Authenticate:: Authorization Token: bf6bbb6f5a850fb7b152b5e143534e5bd13a96abd3250d2
2017-05-17 19:46:41.872 INFO 5 --- [nio-8443-exec-1] m.d.f.a.HeaderAuthenticationProvider : Authenticate:: Authorization Token: bf6bbb6f5a850fb7b152b5e143534e5bd13a96abd3250d2
推荐答案
不确定您是否仍有此问题.我之前遇到过类似的问题,我的问题是由于 Spring 启动了两个 DelegateFilter 链,一个是默认的,一个是自定义的.相反,每个过滤器都执行了两次.从您的日志来看,您可能有类似的问题.我解决它的方法是让我的过滤器扩展 OncePerRequestFilter.
Not sure if you still have this issue. I had similar issue before and my issue was due to Spring started two DelegateFilter chains, one default and one customized. Instead, every filter was executed twice. From your log, it looks like you probably has similar issue. The way I solved it was to have my filter extends OncePerRequestFilter.
这篇关于重复会话创建&AuthenticationProvider 中的重复线程?为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
