那些遇到过的问题

相关疑难解决方法(0)

Spring Security AuthenticationCredentialsNotFoundException,SecurityContextHolder.getContext为null

我有一个奇怪的错误,几个小时的调试,我无法理解.

更新1:我使用在Tomcat 7上运行的Spring Security 4.0.3.

问题接近这个问题,也许SecurityContextHolder是在这期间失去了response.redirect()但答案没有帮助.

问题似乎也接近这个问题,但答案对我来说没有意义.

这是我的配置: 

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class ProjectSecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.authorizeRequests().antMatchers("/login").anonymous();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser(Constants.PROFIL_ADMIN).password(Constants.PROFIL_ADMIN).
            roles("ADMIN","TEST_SERVICE");
    }
}
Run Code Online (Sandbox Code Playgroud)

登录后,我尝试获取安全的URL:

@RequestMapping(value = "/myurl", method = RequestMethod.GET)
@ResponseBody
public boolean getTestService(HttpServletRequest request)
        throws SQLException, PoRulesException {

    System.out.println("get security context");
    System.out.println("--------------------");
    SecurityContext secuContext = (SecurityContext) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
    System.out.println(secuContext);
    System.out.println("get security context …
Run Code Online (Sandbox Code Playgroud)

java spring spring-security

amd*_*dev
2017 05-23
11
推荐指数
2
解决办法
7875
查看次数

如何使用Spring安全性成功登录后正确更新登录日期时间?

我正在使用Spring 3.2.0和相同版本的Spring安全性.成功登录后,用户将被重定向到其中一个受保护的页面,如下所示.

public final class LoginSuccessHandler implements AuthenticationSuccessHandler
{
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException
    {
        Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
        if (roles.contains("ROLE_ADMIN"))
        {
            response.sendRedirect("admin_side/Home.htm");
            return;
        }
    }
}
Run Code Online (Sandbox Code Playgroud)

我正在使用Hibernate.如何在成功登录后更新数据库中的登录日期时间(上次登录)?我在登录页面上有一个提交按钮,其POST请求似乎没有映射到其相应登录控制器中的方法.登录表单的操作实际上映射到Servlet - j_spring_security_check.

spring-security.xml如果需要,整个文件如下.

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http pattern="/Login.htm*" security="none"></http>    

    <http auto-config='true'>
    <!--<remember-me key="myAppKey"/>-->
        <session-management session-fixation-protection="newSession">
            <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
        </session-management>

        <intercept-url pattern="/admin_side/**" access="ROLE_ADMIN" requires-channel="any"/>
        <form-login login-page="/" default-target-url="/admin_side/Home.htm" authentication-failure-url="/LoginFailed.htm" authentication-success-handler-ref="loginSuccessHandler"/>
        <logout logout-success-url="/Login.htm" invalidate-session="true" delete-cookies="JSESSIONID"/> …
Run Code Online (Sandbox Code Playgroud)

spring spring-mvc spring-security

Tin*_*iny
2013 03-19
8
推荐指数
2
解决办法
1万
查看次数

spring security j_spring_security注销问题

我正在研究春季安全问题.但j_spring_security serlvet似乎无法正常工作.我该如何调试问题,或者至少寻找根本原因?我没有看到任何有用的日志文件......

<?xml version="1.0" encoding="UTF-8"?>

 <!--
  - Sample namespace-based configuration
  -
  -->

<beans:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

 <global-method-security pre-post-annotations="enabled">
  <!--
   AspectJ pointcut expression that locates our "post" method and
   applies security that way <protect-pointcut expression="execution(*
   bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
  -->
 </global-method-security>

 <http use-expressions="true">
  <intercept-url pattern="/" access="permitAll" />
  <intercept-url pattern="/login/**" filters="none" />
  <intercept-url pattern="/static/**" filters="none" />
  <intercept-url pattern="/**" access="isAuthenticated()" />
  <form-login login-page="/login/login.jsp"
   default-target-url="/fileList.do" authentication-failure-url="/login/login.jsp?login_error=1" />
  <logout logout-success-url="/login/logout_success.jsp" />
  <!--
   Uncomment to enable X509 client authentication support <x509 />
  -->
  <!-- …
Run Code Online (Sandbox Code Playgroud)

java spring spring-security

nok*_*eat
2010 06-30
2
推荐指数
1
解决办法
1万
查看次数

标签 统计

spring ×3

spring-security ×3

java ×2

spring-mvc ×1