Primavera versión: 2.5.6 SEC01

Spring Security versión: 3.0.0 RC1

Estoy tratando de integrar Spring Security con un Resorte de aplicación MVC. La parte de seguridad se basa en gran medida en el ejemplo de aplicación que se incluye con Spring Security. He definido algunas páginas que requieren un papel específico para acceder a ellos y como era de esperar, al acceder a ellas sin tener que entrar en la página de inicio de sesión aparece (yo he definido mi propia página de inicio de sesión). El problema es que incluso cuando yo ingrese el nombre de usuario correcto y la contraseña, me sale lanzado de nuevo a la página de inicio de sesión. No estoy completamente seguro de si esto es un Resorte problema de Seguridad o de un MVC de Spring problema, pero vamos a tratar la ex primera. Tengo el registro de las solicitudes, así que tal vez alguien más familiarizado con ellos será capaz de detectar algo.

Hay un buen montón de registro (más de lo que está permitido en un post itseems) así que he incluido sólo los más interesantes bits. Por lo que puedo entender, el inicio de sesión del usuario ‘varilla’ es un éxito y todo parece estar bien hasta la línea de tiempo de 14:30:28,222 donde puedo ver Previously Authenticated: org.sprin[email protected]9055c2bc: Principal: anonymousUser;... y a partir de entonces el usuario se considerará anónima de nuevo.

Aquí es la depuración después de introducir el nombre de usuario correcto y la contraseña que se traduce en ser lanzado de nuevo a la página de inicio de sesión:

14:30:28,192 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
14:30:28,192 DEBUG FilterChainProxy:183 - Candidate is: '/j_spring_security_check'; pattern is /**; matched=true
14:30:28,192 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 1 of 12 in additional filter chain; firing Filter: 'org.spri[email protected]2a4e37fb'
14:30:28,193 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
14:30:28,193 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/j_spring_security_check'; pattern is /login.htm; matched=false
14:30:28,193 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 2 of 12 in additional filter chain; firing Filter: 'o[email protected]753d556f'
14:30:28,193 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 3 of 12 in additional filter chain; firing Filter: 'org.spring[email protected]db4268b'
14:30:28,194 DEBUG HttpSessionSecurityContextRepository:145 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
14:30:28,194 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: [email protected] A new one will be created.
14:30:28,194 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 4 of 12 in additional filter chain; firing Filter: 'org.[email protected]21533b2c'
14:30:28,194 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 5 of 12 in additional filter chain; firing Filter: 'org.springframework.s[email protected]5f51d6cb'
14:30:28,194 DEBUG UsernamePasswordAuthenticationFilter:194 - Request is to process authentication
14:30:28,197 DEBUG ProviderManager:118 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
14:30:28,203 DEBUG ConcurrentSessionControlStrategy:82 - Invalidating session with Id 'F281373E7B726C52448CDBB845DC0FA0' and migrating attributes.
14:30:28,204 DEBUG ConcurrentSessionControlStrategy:92 - Started new session: 24853B27E3FF94289CBB879FEA7EE27A
14:30:28,204 DEBUG SessionRegistryImpl:115 - Registering session 24853B27E3FF94289CBB879FEA7EE27A, for principal [email protected]: Username: rod; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER
14:30:28,205 DEBUG UsernamePasswordAuthenticationFilter:290 - Authentication success. Updating SecurityContextHolder to contain: org.springframew[email protected]86589b6c: Principal: [email protected]: Username: rod; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: F281373E7B726C52448CDBB845DC0FA0; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER
14:30:28,205 DEBUG SavedRequestAwareAuthenticationSuccessHandler:78 - Redirecting to DefaultSavedRequest Url: http://localhost:8080/vicinity/member/member_home.htm
14:30:28,206 DEBUG DefaultRedirectStrategy:55 - Redirecting to 'http://localhost:8080/vicinity/member/member_home.htm'
14:30:28,206 DEBUG HttpSessionSecurityContextRepository:332 - SecurityContext stored to HttpSession: '[email protected]589b6c: Authentication: org.springframew[email protected]86589b6c: Principal: [email protected]: Username: rod; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: F281373E7B726C52448CDBB845DC0FA0; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER'
14:30:28,207 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
14:30:28,217 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/member/member_home.htm'; to: '/member/member_home.htm'
14:30:28,217 DEBUG FilterChainProxy:183 - Candidate is: '/member/member_home.htm'; pattern is /**; matched=true
14:30:28,217 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 1 of 12 in additional filter chain; firing Filter: 'org.spri[email protected]2a4e37fb'
14:30:28,217 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/member/member_home.htm'; to: '/member/member_home.htm'
14:30:28,218 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/member/member_home.htm'; pattern is /login.htm; matched=false
14:30:28,218 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 2 of 12 in additional filter chain; firing Filter: 'o[email protected]753d556f'
14:30:28,218 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 3 of 12 in additional filter chain; firing Filter: 'org.spring[email protected]db4268b'
14:30:28,218 DEBUG HttpSessionSecurityContextRepository:133 - No HttpSession currently exists
14:30:28,218 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: null. A new one will be created.
14:30:28,219 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 4 of 12 in additional filter chain; firing Filter: 'org.[email protected]21533b2c'
14:30:28,219 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 5 of 12 in additional filter chain; firing Filter: 'org.springframework.s[email protected]5f51d6cb'
14:30:28,219 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 6 of 12 in additional filter chain; firing Filter: 'org.springfram[email protected]75ecda50'
14:30:28,219 DEBUG BasicAuthenticationFilter:118 - Authorization header: null
14:30:28,219 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 7 of 12 in additional filter chain; firing Filter: 'org.sp[email protected]10f0f6ac'
14:30:28,220 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 8 of 12 in additional filter chain; firing Filter: 'org.springframework.[email protected]3bd29ee4'
14:30:28,220 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 9 of 12 in additional filter chain; firing Filter: 'org.springfram[email protected]bda96b'
14:30:28,220 DEBUG AnonymousAuthenticationFilter:98 - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
14:30:28,220 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 10 of 12 in additional filter chain; firing Filter: 'o[email protected]23bdb02e'
14:30:28,221 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 11 of 12 in additional filter chain; firing Filter: 'org[email protected]7a79ae56'
14:30:28,221 DEBUG FilterChainProxy:351 - /member/member_home.htm at position 12 of 12 in additional filter chain; firing Filter: 'org.springfr[email protected]4aa4ceeb'
14:30:28,221 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/member/member_home.htm'; to: '/member/member_home.htm'
14:30:28,222 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/member/member_home.htm'; pattern is /member/**; matched=true
14:30:28,222 DEBUG FilterSecurityInterceptor:192 - Secure object: FilterInvocation: URL: /member/member_home.htm; Attributes: [ROLE_TELLER]
14:30:28,222 DEBUG FilterSecurityInterceptor:293 - Previously Authenticated: org.sprin[email protected]9055c2bc: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
14:30:28,222 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.ac[email protected], returned: -1
14:30:28,223 DEBUG AffirmativeBased:53 - Voter: [email protected]9101, returned: 0
14:30:28,223 DEBUG ExceptionTranslationFilter:154 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:204)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:107)
SNIP...
14:30:28,224 DEBUG HttpSessionRequestCache:39 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/vicinity/member/member_home.htm]
14:30:28,225 DEBUG ExceptionTranslationFilter:178 - Calling Authentication entry point.
14:30:28,225 DEBUG DefaultRedirectStrategy:55 - Redirecting to 'http://localhost:8080/vicinity/login.htm'
14:30:28,225 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
14:30:28,227 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/login.htm'; to: '/login.htm'
14:30:28,228 DEBUG FilterChainProxy:183 - Candidate is: '/login.htm'; pattern is /**; matched=true
14:30:28,228 DEBUG FilterChainProxy:351 - /login.htm at position 1 of 12 in additional filter chain; firing Filter: 'org.spri[email protected]2a4e37fb'
14:30:28,228 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/login.htm'; to: '/login.htm'
14:30:28,228 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/login.htm'; pattern is /login.htm; matched=true
14:30:28,229 DEBUG ChannelProcessingFilter:100 - Request: FilterInvocation: URL: /login.htm; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
14:30:28,229 DEBUG RetryWithHttpsEntryPoint:65 - Redirecting to: https://localhost:8443/vicinity/login.htm
14:30:28,231 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/login.htm'; to: '/login.htm'
14:30:28,231 DEBUG FilterChainProxy:183 - Candidate is: '/login.htm'; pattern is /**; matched=true
14:30:28,231 DEBUG FilterChainProxy:351 - /login.htm at position 1 of 12 in additional filter chain; firing Filter: 'org.spri[email protected]2a4e37fb'
14:30:28,232 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/login.htm'; to: '/login.htm'
14:30:28,232 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/login.htm'; pattern is /login.htm; matched=true
14:30:28,232 DEBUG ChannelProcessingFilter:100 - Request: FilterInvocation: URL: /login.htm; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
14:30:28,232 DEBUG FilterChainProxy:351 - /login.htm at position 2 of 12 in additional filter chain; firing Filter: 'o[email protected]753d556f'
14:30:28,232 DEBUG FilterChainProxy:351 - /login.htm at position 3 of 12 in additional filter chain; firing Filter: 'org.spring[email protected]db4268b'
14:30:28,233 DEBUG HttpSessionSecurityContextRepository:145 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
14:30:28,233 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: [email protected] A new one will be created.
14:30:28,233 DEBUG FilterChainProxy:351 - /login.htm at position 4 of 12 in additional filter chain; firing Filter: 'org.[email protected]21533b2c'
14:30:28,233 DEBUG FilterChainProxy:351 - /login.htm at position 5 of 12 in additional filter chain; firing Filter: 'org.springframework.s[email protected]5f51d6cb'
14:30:28,234 DEBUG FilterChainProxy:351 - /login.htm at position 6 of 12 in additional filter chain; firing Filter: 'org.springfram[email protected]75ecda50'
14:30:28,234 DEBUG BasicAuthenticationFilter:118 - Authorization header: null
14:30:28,234 DEBUG FilterChainProxy:351 - /login.htm at position 7 of 12 in additional filter chain; firing Filter: 'org.sp[email protected]10f0f6ac'
14:30:28,235 DEBUG DefaultSavedRequest:309 - pathInfo: both null (property equals)
14:30:28,235 DEBUG DefaultSavedRequest:309 - queryString: both null (property equals)
14:30:28,235 DEBUG DefaultSavedRequest:331 - requestURI: arg1=/vicinity/member/member_home.htm; arg2=/vicinity/login.htm (property not equals)
14:30:28,235 DEBUG HttpSessionRequestCache:72 - saved request doesn't match
14:30:28,236 DEBUG FilterChainProxy:351 - /login.htm at position 8 of 12 in additional filter chain; firing Filter: 'org.springframework.[email protected]3bd29ee4'
14:30:28,236 DEBUG FilterChainProxy:351 - /login.htm at position 9 of 12 in additional filter chain; firing Filter: 'org.springfram[email protected]bda96b'
14:30:28,236 DEBUG AnonymousAuthenticationFilter:98 - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]6fa843a8: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: DC9231E2B140D2F7D720A3B171B52CCF; Granted Authorities: ROLE_ANONYMOUS'
14:30:28,237 DEBUG FilterChainProxy:351 - /login.htm at position 10 of 12 in additional filter chain; firing Filter: 'o[email protected]23bdb02e'
14:30:28,237 DEBUG FilterChainProxy:351 - /login.htm at position 11 of 12 in additional filter chain; firing Filter: 'org[email protected]7a79ae56'
14:30:28,237 DEBUG FilterChainProxy:351 - /login.htm at position 12 of 12 in additional filter chain; firing Filter: 'org.springfr[email protected]4aa4ceeb'
14:30:28,237 DEBUG DefaultFilterInvocationSecurityMetadataSource:177 - Converted URL to lowercase, from: '/login.htm'; to: '/login.htm'
14:30:28,238 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/login.htm'; pattern is /member/**; matched=false
14:30:28,238 DEBUG DefaultFilterInvocationSecurityMetadataSource:204 - Candidate is: '/login.htm'; pattern is /login.htm; matched=true
14:30:28,238 DEBUG FilterSecurityInterceptor:192 - Secure object: FilterInvocation: URL: /login.htm; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
14:30:28,239 DEBUG FilterSecurityInterceptor:293 - Previously Authenticated: org.sprin[email protected]6fa843a8: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: DC9231E2B140D2F7D720A3B171B52CCF; Granted Authorities: ROLE_ANONYMOUS
14:30:28,239 DEBUG AffirmativeBased:53 - Voter: [email protected], returned: 0
14:30:28,239 DEBUG AffirmativeBased:53 - Voter: [email protected]9101, returned: 1
14:30:28,239 DEBUG FilterSecurityInterceptor:214 - Authorization successful
14:30:28,240 DEBUG FilterSecurityInterceptor:224 - RunAsManager did not change Authentication object
14:30:28,240 DEBUG FilterChainProxy:340 - /login.htm reached end of additional filter chain; proceeding with original chain
14:30:28,243 DEBUG ExceptionTranslationFilter:101 - Chain processed normally
14:30:28,243 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
  • Puede publicar su Primavera Seguridad de configuración XML?
  • Véase mi respuesta a continuación para la seguridad del archivo XML
InformationsquelleAutor chrisjleu | 2009-11-28

2 Comentarios

  1. 5

    La clave aquí es que la sesión se pierde tras el exitoso inicio de sesión:

    14:30:28,218 DEBUG HttpSessionSecurityContextRepository:133 - No HttpSession currently exists
    14:30:28,218 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: null. A new one will be created.

    El usuario anónimo es creado por defult porque no hay un contexto de seguridad.

    Se puede tratar de la misma pero sin el https restricción? o hacerlo todo en https. Solo para ver si funciona.

    • Sí, este es el problema. He intentado lo que sugiere y funciona con HTTPS totalmente discapacitado o con lo habilita para cada página. La pregunta ahora es ¿cómo tengo que trabajar sólo para la página de inicio de sesión ya que esta es la única parte que me gustaría estar segura?
  2. 1

    Aquí es el applicationContext-security.xml archivo (obligadas a publicar esto como una respuesta a mi propia pregunta como mis posts seguía recibiendo trunca – ¿de qué otra forma se puede hacer que los mensajes largos??)

    <?xml version="1.0" encoding="UTF-8"?>
    <!--
    - Sample namespace-based configuration - - $Id: applicationContext-security.xml 3911 2009-09-29 16:18:01Z ltaylor $
    -->
    <beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    <global-method-security pre-post-annotations="enabled">
    <!--
    AspectJ pointcut expression that locates our "post" method and applies security that way <protect-pointcut
    expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
    -->
    </global-method-security>
    <http auto-config="true">
    <intercept-url pattern="/member/**" access="ROLE_TELLER" />
    <intercept-url pattern="/login.htm" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="https"/>
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <form-login login-page="/login.htm"/>
    <session-management>
    <concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
    </session-management>
    <!-- Required for development environments -->
    <port-mappings>
    <port-mapping http="8080" https="8443"/>
    </port-mappings>
    </http>
    <!--
    Usernames/Passwords are rod/koala dianne/emu scott/wombat peter/opal
    -->
    <authentication-manager>
    <authentication-provider>
    <password-encoder hash="md5" />
    <user-service>
    <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
    <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
    <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
    <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
    </user-service>
    </authentication-provider>
    </authentication-manager>
    </beans:beans>
    • Lo siento por la excavación de este viejo problema. Yo soy exactamente obtención de este problema. ¿Te importaría dejarme saber cómo se las arregló para resolver este último?
    • Ver el anser dado. No estoy seguro de que alguna vez me hizo resolverlo. Por ahora es preferible usar Spring Security 3.1 si esa es una opción para usted.

Dejar respuesta

Please enter your comment!
Please enter your name here