那些遇到过的问题

无法让 hasIpAddress 在 Spring Security 上工作

cas*_*gne 6 spring spring-security

我正在努力hasIpAddress研究 Spring Security。我已经阅读了我在网上能找到的所有内容,但没有解决我的问题...

我试过:

hasIpAddress('192.168.0.129')
hasIpAddress('192.168.0.0/24')
hasIpAddress('192.168.0/24')
Run Code Online (Sandbox Code Playgroud)

我只能在没有hasIpAddress...的情况下工作

SpringSecurityConfig.xml

hasIpAddress('192.168.0.129')
hasIpAddress('192.168.0.0/24')
hasIpAddress('192.168.0/24')
Run Code Online (Sandbox Code Playgroud)

在我的日志中: 

09/15/2016 16:19:19  [http-listener-1(5)]:springframework.security.web.context.SecurityContextPersistenceFilter.doFilter()119 SecurityContextHolder now cleared, as request processing completed
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.context.HttpSessionSecurityContextRepository.readSecurityContextFromSession()186 HttpSession returned null object for SPRING_SECURITY_CONTEXT
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.context.HttpSessionSecurityContextRepository.loadContext()116 No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@4636ced1. A new one will be created.
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:security.web.util.matcher.AntPathRequestMatcher.matches()137 Request 'GET /init.do' doesn't match 'POST /logout
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:security.web.util.matcher.AntPathRequestMatcher.matches()137 Request 'GET /init.do' doesn't match 'POST /login
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()322 pathInfo: both null (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()322 queryString: both null (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 requestURI: arg1=/gestionprod/; arg2=/gestionprod/ (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 serverPort: arg1=8080; arg2=8080 (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 requestURL: arg1=http://localhost:8080/gestionprod/; arg2=http://localhost:8080/gestionprod/ (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 scheme: arg1=http; arg2=http (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 serverName: arg1=localhost; arg2=localhost (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 contextPath: arg1=/gestionprod; arg2=/gestionprod (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.DefaultSavedRequest.propertyEquals()339 servletPath: arg1=/init.do; arg2=/init.do (property equals)
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.savedrequest.HttpSessionRequestCache.removeRequest()82 Removing DefaultSavedRequest from session if present
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter()100 Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: e2c51e45dac31339aa97b4863285; Granted Authorities: ROLE_ANONYMOUS'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
09/15/2016 16:19:19  [http-listener-1(1)]:org.springframework.security.web.FilterChainProxy.doFilter()325 /init.do at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
09/15/2016 16:19:19  [http-listener-1(1)]:security.web.util.matcher.AntPathRequestMatcher.matches()157 Checking match of request : '/init.do'; against '/init.do'
09/15/2016 16:19:19  [http-listener-1(1)]:security.web.access.intercept.FilterSecurityInterceptor.beforeInvocation()219 Secure object: FilterInvocation: URL: /init.do; Attributes: [isAnonymous() and hasIpAddress('192.168.0/24')]
09/15/2016 16:19:19  [http-listener-1(1)]:security.web.access.intercept.FilterSecurityInterceptor.authenticateIfRequired()348 Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: e2c51e45dac31339aa97b4863285; Granted Authorities: ROLE_ANONYMOUS
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.access.vote.AffirmativeBased.decide()66 Voter: org.springframework.security.web.access.expression.WebExpressionVoter@36f219a, returned: -1
09/15/2016 16:19:19  [http-listener-1(1)]:springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException()174 Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
Run Code Online (Sandbox Code Playgroud)

dur*_*dur 3

您的客户端的 IP 地址错误 0:0:0:0:0:0:0:1,请参阅:

09/15/2016 16:19:19  [http-listener-1(1)]:security.web.access.intercept.FilterSecurityInterceptor.authenticateIfRequired()348 Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: e2c51e45dac31339aa97b4863285; Granted Authorities: ROLE_ANONYMOUS
Run Code Online (Sandbox Code Playgroud)

0:0:0:0:0:0:0:1 是环回的 IPv6 地址,请参阅RFC 4291

单播地址0:0:0:0:0:0:0:1称为环回地址。

不要用来localhost调用你的服务器,它是一个环回,请参阅维基百科

将名称localhost解析为一个或多个 IP 地址是通过操作系统的主机文件中的以下行进行配置的:

127.0.0.1    localhost
::1          localhost
Run Code Online (Sandbox Code Playgroud)

归档时间:

查看次数:

3096 次

最近记录:

9 年,2 月 前
相关归档
Akka或Reactor 90
设置JPA Pageable Object的默认页面大小 19
使用Jackson ObjectMapper和Jersey 14
Spring Security中的httpBasic方法是什么? 14
使用默认的bean范围作为单例,当并发调用发生时不是很糟糕吗? 8
使用Hibernate 4的Integrator模式和Spring的依赖注入 8
如何将Jdbc4Connection转换为PGConnection? 7
如何摆脱 conversionServicePostProcessor bean 冲突? 7
来自自定义表的 Spring Security 身份验证 4
Spring安全自定义登录页面 0
难疑归档
如何异步上传文件? 2841
是否有唯一的Android设备ID? 2645
需要一个没有任何子弹的无序列表 2408
如何在不手动指定编码的情况下在C#中获得字符串的一致字节表示? 2121
如何格式化Microsoft JSON日期? 1954
检索HTML元素的位置(X,Y) 1418
从Docker容器内部,如何连接到本机的本地主机? 1176
如果我已经开始使用rebase,如何将两个提交合并为一个? 1111
git:撤消所有工作目录更改,包括新文件 1108
NP,NP-Complete和NP-Hard有什么区别? 1064