Mat*_* B. 5 java security spring tomcat
2011-01-25/23:30:06.856/EST [http-80-exec-1] WARN Failed to create a session, as response has been committed. Unable to store SecurityContext.
2011-01-25/23:30:09.597/EST [http-80-exec-3] WARN Authentication event InteractiveAuthenticationSuccessEvent: email@domain.com; details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 170.9.26.16; SessionId: null
我运行spring 3,并tomcat 6与spring security 3
我根据这个信息重新配置了以下bean(从这里开始):
创建会话
控制创建HTTP会话的渴望程度.如果未设置,则默认为"ifRequired".其他选项是"永远"和"从不".此属性的设置会影响HttpSessionContextIntegrationFilter的allowSessionCreation和forceEagerSessionCreation属性.除非将此属性设置为"never",否则allowSessionCreation将始终为true.forceEagerSessionCreation为"false",除非它设置为"always".因此,默认配置允许创建会话,但不强制它.例外情况是,如果启用了并发会话控制,则forceEagerSessionCreation将设置为true,而不管此处的设置是什么.使用"never"会在HttpSessionContextIntegrationFilter初始化期间导致异常.
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.web.context.HttpSessionContextIntegrationFilter">
<property name="allowSessionCreation" value="false"/>
</bean>
将以下内容添加到您的配置中:http session-creation='never'> 有关 Spring 论坛的更多信息:http://forum.springsource.org/showthread.php ?t=82196
| 归档时间: |
|
| 查看次数: |
5916 次 |
| 最近记录: |