Spring安全3.1:会话并发控制不起作用,为什么? [英] Spring security 3.1 : session concurrency control not working, why?
本文介绍了Spring安全3.1:会话并发控制不起作用,为什么?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试使用spring security concurent session with spring security 3.1.4。但它不起作用我不明白为什么。 Tomcat https配置为重定向http请求,但我不知道它是否在实际问题中扮演角色。
I'm trying to use security concurent session with spring security 3.1.4. But it's not working i don't understand why. Tomcat https is configured to redirect http request but i don't know if it's playing a role in the actual problem.
你可以帮我解决这个问题吗?
Could you give me a hand on this ?
谢谢。
这是我的春季安全xml。
This is my spring security xml.
<security:http auto-config="true" use-expressions="true" disable-url-rewriting="true">
<security:intercept-url pattern="/Loginsucess*" access="isAuthenticated()" />
<security:intercept-url pattern="/Login" access="hasRole('ROLE_ANONYMOUS')" />
<security:intercept-url pattern="/Login/Error" access="hasRole('ROLE_ANONYMOUS')" />
<security:form-login login-page="/Login" login-processing-url="/j_spring_security_check" authentication-failure-url="/Login/Error" default-target-url="/Loginsucess" />
<security:logout logout-url="/j_spring_security_logout" logout-success-url="/Login" delete-cookies="JSESSIONID" invalidate-session="true"/>
<security:anonymous/>
<security:session-management invalid-session-url="/Login" >
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</security:session-management>
<security:port-mappings>
<security:port-mapping http="8086" https="8443"/>
</security:port-mappings>
</security:http>
我已将此添加到我的web.xml:
I already add this to my web.xml :
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
编辑:
首先登录1台机器:
> 17:57:17,116 DEBUG FilterChainProxy:337 - /j_spring_security_check at
> position 1 of 11 in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 17:57:17,117 DEBUG
> HttpSessionSecurityContextRepository:139 - HttpSession returned null
> object for SPRING_SECURITY_CONTEXT 17:57:17,117 DEBUG
> HttpSessionSecurityContextRepository:85 - No SecurityContext was
> available from the HttpSession:
> org.apache.catalina.session.StandardSessionFacade@1a60232c. A new one
> will be created. 17:57:17,117 DEBUG FilterChainProxy:337 -
> /j_spring_security_check at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 17:57:17,117 DEBUG
> FilterChainProxy:337 - /j_spring_security_check at position 3 of 11 in
> additional filter chain; firing Filter: 'LogoutFilter' 17:57:17,117
> DEBUG FilterChainProxy:337 - /j_spring_security_check at position 4 of
> 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 17:57:17,117 DEBUG
> UsernamePasswordAuthenticationFilter:189 - Request is to process
> authentication 17:57:17,118 DEBUG ProviderManager:152 - Authentication
> attempt using
> org.springframework.security.authentication.dao.DaoAuthenticationProvider
> Hibernate: select user0_.id as id1_13_, user0_.username as
> username2_13_, user0_.firstname as firstnam3_13_, user0_.lastname as
> lastname4_13_, user0_.password as password5_13_, user0_.email as
> email6_13_, user0_.enabled as enabled7_13_ from biomoltracker.LOG_user
> user0_ where user0_.username=? Hibernate: select roles1_.role_name as
> col_0_0_ from biomoltracker.LOG_user user0_ inner join
> biomoltracker.LOG_role roles1_ on user0_.id=roles1_.id_user_fk where
> user0_.id=? 17:57:17,355 DEBUG ConcurrentSessionControlStrategy:88 -
> Invalidating session with Id '4A09DE3E6ACDE04373284600DACDBE39' and
> migrating attributes. 17:57:17,355 DEBUG HttpSessionEventPublisher:83
> - Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@1a60232c]
> 17:57:17,356 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@60e9ebe1]
> 17:57:17,356 DEBUG ConcurrentSessionControlStrategy:98 - Started new
> session: 7431CCBD3008FC59A2AF1C44632F33F0 17:57:17,356 DEBUG
> SessionRegistryImpl:107 - Registering session
> 7431CCBD3008FC59A2AF1C44632F33F0, for principal
> com.clb.genomic.lyon.model.User@654f8017 17:57:17,356 DEBUG
> UsernamePasswordAuthenticationFilter:317 - Authentication success.
> Updating SecurityContextHolder to contain:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 17:57:17,357 DEBUG
> SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url:
> /Loginsucess 17:57:17,357 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Loginsucess' 17:57:17,357 DEBUG
> HttpSessionSecurityContextRepository:292 - SecurityContext stored to
> HttpSession:
> 'org.springframework.security.core.context.SecurityContextImpl@ff2ffd00:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,357 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 17:57:17,360 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 1 of 11 in additional
> filter chain; firing Filter: 'SecurityContextPersistenceFilter'
> 17:57:17,361 DEBUG HttpSessionSecurityContextRepository:158 - Obtained
> a valid SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@ff2ffd00:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,361 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 2 of 11 in additional filter chain; firing
> Filter: 'ConcurrentSessionFilter' 17:57:17,361 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 3 of 11 in additional
> filter chain; firing Filter: 'LogoutFilter' 17:57:17,361 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 4 of 11 in additional
> filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
> 17:57:17,361 DEBUG FilterChainProxy:337 - /Loginsucess at position 5
> of 11 in additional filter chain; firing Filter:
> 'BasicAuthenticationFilter' 17:57:17,361 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 6 of 11 in additional filter chain; firing
> Filter: 'RequestCacheAwareFilter' 17:57:17,362 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 7 of 11 in additional
> filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 17:57:17,362 DEBUG FilterChainProxy:337 - /Loginsucess at position 8
> of 11 in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 17:57:17,362 DEBUG
> AnonymousAuthenticationFilter:107 - SecurityContextHolder not
> populated with anonymous token, as it already contained:
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,362 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 9 of 11 in additional filter chain; firing
> Filter: 'SessionManagementFilter' 17:57:17,362 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 10 of 11 in additional
> filter chain; firing Filter: 'ExceptionTranslationFilter' 17:57:17,362
> DEBUG FilterChainProxy:337 - /Loginsucess at position 11 of 11 in
> additional filter chain; firing Filter: 'FilterSecurityInterceptor'
> 17:57:17,362 DEBUG AntPathRequestMatcher:116 - Checking match of
> request : '/loginsucess'; against '/loginsucess*' 17:57:17,363 DEBUG
> FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL:
> /Loginsucess; Attributes: [isAuthenticated()] 17:57:17,363 DEBUG
> FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 17:57:17,363 DEBUG AffirmativeBased:65 -
> Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 17:57:17,363 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 17:57:17,363 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 17:57:17,364 DEBUG FilterChainProxy:323 -
> /Loginsucess reached end of additional filter chain; proceeding with
> original chain 17:57:17,469 DEBUG ExceptionTranslationFilter:115 -
> Chain processed normally 17:57:17,469 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed
当具有相同(用户名/密码)的第二个用户从另一台机器登录时。
When second user with the same (username/password) login from another machine .
> 8:01:47,309 DEBUG FilterChainProxy:337 - /j_spring_security_check at
> position 1 of 11 in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:47,310 DEBUG
> HttpSessionSecurityContextRepository:139 - HttpSession returned null
> object for SPRING_SECURITY_CONTEXT 18:01:47,310 DEBUG
> HttpSessionSecurityContextRepository:85 - No SecurityContext was
> available from the HttpSession:
> org.apache.catalina.session.StandardSessionFacade@67a53697. A new one
> will be created. 18:01:47,310 DEBUG FilterChainProxy:337 -
> /j_spring_security_check at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 18:01:47,310 DEBUG
> FilterChainProxy:337 - /j_spring_security_check at position 3 of 11 in
> additional filter chain; firing Filter: 'LogoutFilter' 18:01:47,310
> DEBUG FilterChainProxy:337 - /j_spring_security_check at position 4 of
> 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 18:01:47,310 DEBUG
> UsernamePasswordAuthenticationFilter:189 - Request is to process
> authentication 18:01:47,310 DEBUG ProviderManager:152 - Authentication
> attempt using
> org.springframework.security.authentication.dao.DaoAuthenticationProvider
> Hibernate: select user0_.id as id1_13_, user0_.username as
> username2_13_, user0_.firstname as firstnam3_13_, user0_.lastname as
> lastname4_13_, user0_.password as password5_13_, user0_.email as
> email6_13_, user0_.enabled as enabled7_13_ from biomoltracker.LOG_user
> user0_ where user0_.username=? Hibernate: select roles1_.role_name as
> col_0_0_ from biomoltracker.LOG_user user0_ inner join
> biomoltracker.LOG_role roles1_ on user0_.id=roles1_.id_user_fk where
> user0_.id=? 18:01:47,317 DEBUG ConcurrentSessionControlStrategy:88 -
> Invalidating session with Id 'E644740185BC8E28272BD4F80751D445' and
> migrating attributes. 18:01:47,318 DEBUG HttpSessionEventPublisher:83
> - Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@67a53697]
> 18:01:47,318 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@65447c32]
> 18:01:47,318 DEBUG ConcurrentSessionControlStrategy:98 - Started new
> session: 3694308C7FCA68AC5FFD1E442464FE50 18:01:47,318 DEBUG
> SessionRegistryImpl:107 - Registering session
> 3694308C7FCA68AC5FFD1E442464FE50, for principal
> com.clb.genomic.lyon.model.User@1b2c4d8f 18:01:47,319 DEBUG
> UsernamePasswordAuthenticationFilter:317 - Authentication success.
> Updating SecurityContextHolder to contain:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 18:01:47,319 DEBUG
> SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url:
> /Loginsucess 18:01:47,319 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Loginsucess' 18:01:47,319 DEBUG
> HttpSessionSecurityContextRepository:292 - SecurityContext stored to
> HttpSession:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,320 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 18:01:47,324 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 1 of 11 in additional
> filter chain; firing Filter: 'SecurityContextPersistenceFilter'
> 18:01:47,324 DEBUG HttpSessionSecurityContextRepository:158 - Obtained
> a valid SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,324 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 2 of 11 in additional filter chain; firing
> Filter: 'ConcurrentSessionFilter' 18:01:47,324 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 3 of 11 in additional
> filter chain; firing Filter: 'LogoutFilter' 18:01:47,325 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 4 of 11 in additional
> filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
> 18:01:47,325 DEBUG FilterChainProxy:337 - /Loginsucess at position 5
> of 11 in additional filter chain; firing Filter:
> 'BasicAuthenticationFilter' 18:01:47,325 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 6 of 11 in additional filter chain; firing
> Filter: 'RequestCacheAwareFilter' 18:01:47,325 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 7 of 11 in additional
> filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 18:01:47,325 DEBUG FilterChainProxy:337 - /Loginsucess at position 8
> of 11 in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 18:01:47,325 DEBUG
> AnonymousAuthenticationFilter:107 - SecurityContextHolder not
> populated with anonymous token, as it already contained:
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,326 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 9 of 11 in additional filter chain; firing
> Filter: 'SessionManagementFilter' 18:01:47,326 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 10 of 11 in additional
> filter chain; firing Filter: 'ExceptionTranslationFilter' 18:01:47,326
> DEBUG FilterChainProxy:337 - /Loginsucess at position 11 of 11 in
> additional filter chain; firing Filter: 'FilterSecurityInterceptor'
> 18:01:47,326 DEBUG AntPathRequestMatcher:116 - Checking match of
> request : '/loginsucess'; against '/loginsucess*' 18:01:47,326 DEBUG
> FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL:
> /Loginsucess; Attributes: [isAuthenticated()] 18:01:47,326 DEBUG
> FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 18:01:47,327 DEBUG AffirmativeBased:65 -
> Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 18:01:47,327 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 18:01:47,327 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 18:01:47,327 DEBUG FilterChainProxy:323 -
> /Loginsucess reached end of additional filter chain; proceeding with
> original chain 18:01:47,427 DEBUG ExceptionTranslationFilter:115 -
> Chain processed normally 18:01:47,427 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 18:01:56,039 DEBUG
> FilterChainProxy:337 - /j_spring_security_logout at position 1 of 11
> in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:56,040 DEBUG
> HttpSessionSecurityContextRepository:158 - Obtained a valid
> SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:56,040 DEBUG FilterChainProxy:337 -
> /j_spring_security_logout at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 18:01:56,040 DEBUG
> FilterChainProxy:337 - /j_spring_security_logout at position 3 of 11
> in additional filter chain; firing Filter: 'LogoutFilter' 18:01:56,040
> DEBUG LogoutFilter:93 - Logging out user
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' and transferring to logout destination
> 18:01:56,040 DEBUG SecurityContextLogoutHandler:62 - Invalidating
> session: 3694308C7FCA68AC5FFD1E442464FE50 18:01:56,040 DEBUG
> HttpSessionEventPublisher:83 - Publishing event:
> org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@65447c32]
> 18:01:56,041 DEBUG SessionRegistryImpl:156 - Removing session
> 3694308C7FCA68AC5FFD1E442464FE50 from principal's set of registered
> sessions 18:01:56,041 DEBUG SessionRegistryImpl:164 - Removing
> principal com.clb.genomic.lyon.model.User@1b2c4d8f from registry
> 18:01:56,041 DEBUG SimpleUrlLogoutSuccessHandler:107 - Using default
> Url: /Login 18:01:56,041 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Login' 18:01:56,041 DEBUG
> HttpSessionSecurityContextRepository:269 - SecurityContext is empty or
> contents are anonymous - context will not be stored in HttpSession.
> 18:01:56,042 DEBUG SecurityContextPersistenceFilter:97 -
> SecurityContextHolder now cleared, as request processing completed
> 18:01:56,045 DEBUG FilterChainProxy:337 - /Login at position 1 of 11
> in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:56,045 DEBUG
> HttpSessionSecurityContextRepository:127 - No HttpSession currently
> exists 18:01:56,045 DEBUG HttpSessionSecurityContextRepository:85 - No
> SecurityContext was available from the HttpSession: null. A new one
> will be created. 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at
> position 2 of 11 in additional filter chain; firing Filter:
> 'ConcurrentSessionFilter' 18:01:56,046 DEBUG FilterChainProxy:337 -
> /Login at position 3 of 11 in additional filter chain; firing Filter:
> 'LogoutFilter' 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at
> position 4 of 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 5 of 11 in additional filter
> chain; firing Filter: 'BasicAuthenticationFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 6 of 11 in additional filter
> chain; firing Filter: 'RequestCacheAwareFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 7 of 11 in additional filter
> chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at position 8 of 11
> in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 18:01:56,047 DEBUG
> AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder
> with anonymous token:
> 'org.springframework.security.authentication.AnonymousAuthenticationToken@90554a14:
> Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated:
> true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@3bcc:
> RemoteIpAddress: 192.168.154.20; SessionId: null; Granted Authorities:
> ROLE_ANONYMOUS' 18:01:56,047 DEBUG FilterChainProxy:337 - /Login at
> position 9 of 11 in additional filter chain; firing Filter:
> 'SessionManagementFilter' 18:01:56,047 DEBUG FilterChainProxy:337 -
> /Login at position 10 of 11 in additional filter chain; firing Filter:
> 'ExceptionTranslationFilter' 18:01:56,047 DEBUG FilterChainProxy:337 -
> /Login at position 11 of 11 in additional filter chain; firing Filter:
> 'FilterSecurityInterceptor' 18:01:56,047 DEBUG
> AntPathRequestMatcher:116 - Checking match of request : '/login';
> against '/loginsucess*' 18:01:56,047 DEBUG AntPathRequestMatcher:116 -
> Checking match of request : '/login'; against '/login' 18:01:56,048
> DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation:
> URL: /Login; Attributes: [hasRole('ROLE_ANONYMOUS')] 18:01:56,048
> DEBUG FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.AnonymousAuthenticationToken@90554a14:
> Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated:
> true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@3bcc:
> RemoteIpAddress: 192.168.154.20; SessionId: null; Granted Authorities:
> ROLE_ANONYMOUS 18:01:56,048 DEBUG AffirmativeBased:65 - Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 18:01:56,048 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 18:01:56,049 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 18:01:56,049 DEBUG FilterChainProxy:323 - /Login
> reached end of additional filter chain; proceeding with original chain
> 18:01:56,145 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@2fa28842]
> 18:01:56,152 DEBUG HttpSessionSecurityContextRepository:269 -
> SecurityContext is empty or contents are anonymous - context will not
> be stored in HttpSession. 18:01:56,152 DEBUG
> ExceptionTranslationFilter:115 - Chain processed normally 18:01:56,152
> DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed
推荐答案
您有自定义委托人对象(类型 com.clb.genomic.lyon.model.User )将用作 SessionRegistry 键。你所看到的最可能的原因是你没有为这个类实现 hashcode 和等于因此,注册表不知道这两个实例是针对同一主体的。
You have a custom principal object (of type com.clb.genomic.lyon.model.User) which will be used as the SessionRegistry key. The most likely reason for what you're seeing is that you haven't implemented hashcode and equals for this class and thus the registry doesn't know that the two instances are for the same principal.
在不引起任何问题的情况下执行此操作的最佳方法是使用用户名实现方法作为唯一的数据(参见默认 用户 对象示例。)
The best way to do this without causing any problems is to implement the methods using the username as the only data (see the default User object for an example).
您可能还应该实现 toString 以至少输出用户名,因为这样可以更轻松地读取调试日志。
You should probably also implement toString to at least output the username as it will make reading debug logs easier.
这篇关于Spring安全3.1:会话并发控制不起作用,为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
