Tomcat 9和Spring Security在成功验证后重定向到登录页面

jbose2ul  于 2023-04-21  发布在  Spring
关注(0)|答案(1)|浏览(268)

背景:
我们正在使用
Spring版本5.3.2 Spring Security版本5.4.1 Spring data 2.4.1 jstl 1.2 Servlet 3.1.0
尝试从Weblogic迁移到Apache Tomcat(TomEE)/9.0.71(8.0.14)。我们有自定义身份验证,AuthenticationFilter扩展UsernamePasswordAuthenticationFilter(代码如下)。
问题:这些配置在Weblogic中运行良好。(用于向表中插入数据的自定义类)以及设置securityContext(可以看到下面的日志)。当重定向到 Jmeter 板时(成功登录后的下一页)成功登录后我从日志中看到它's在某些时候显示为匿名用户,SecurityContextRepository没有设置SPRING_SECURITY_CONTEXT,并重定向回登录页面而不是 Jmeter 板。
在服务器日志中,我看到了/app/app_security_check和/app/login/dashboard日志的302状态代码:日志中的第4行(下面的日志用括起来)显示了successfulAuthentication,第44行(用括起来)显示了Stored SecurityContext。
有没有人能告诉我为什么在Tomcat中securityContext是null?Tomcat需要任何配置来保存上下文吗?
web.xml

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>  /WEB-INF/spring-security.xml,   /WEB-INF/applicationContext.xml</param-value>   
</context-param>
<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <load-on-startup>1</load-on-startup>
    <async-supported>true</async-supported>
</servlet>
<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <async-supported>true</async-supported>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ASYNC</dispatcher>
</filter-mapping> 
<filter>
    <filter-name>ActiveCustomFilter</filter-name>
    <filter-class>.......ActiveCustomFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>ActiveCustomFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
    <session-timeout>60</session-timeout>
</session-config>
<listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
Logs: 
 
2023-04-04T09:36:31.605-0400 [test.login.service.UserLoginService] [loadUserByUsername] [128] INFO :::Returning user: test.login.service.CustomUserDetails@afbd74f0
2023-04-04T09:36:31.805-0400 [org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider] [createSuccessAuthentication] [199] DEBUG :::Authenticated user
2023-04-04T09:36:31.805-0400 [org.springframework.security.web.session.HttpSessionEventPublisher] [extracted] [85] DEBUG :::Publishing event: org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@7b246da]
**2023-04-04T09:36:31.805-0400 [org.springframework.security.core.session.SessionRegistryImpl] [registerNewSession] [136] DEBUG :::Registering session 935153B9FF5E463D3377915F17389702, for principal test.login.service.CustomUserDetails@afbd74f0
2023-04-04T09:36:31.805-0400 [org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter] [successfulAuthentication] [315] DEBUG :::Set SecurityContextHolder to UsernamePasswordAuthenticationToken [Principal=test.login.service.CustomUserDetails@afbd74f0, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ADD_MODIFY, REPORTS_RUN, .......................]]** 
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [postLoginProcess] [87] INFO :::About to call printAllHttpHeaders method
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [115] INFO :::*******************************
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [116] INFO :::Enter printAllHttpHeaders method
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [120] INFO :::header name:accept
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [121] INFO :::header value:text/plain, */*
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [120] INFO :::header name:content-type
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [121] INFO :::header value:application/x-www-form-urlencoded;charset=UTF-8
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [120] INFO :::header name:content-length
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [121] INFO :::header value:115
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [120] INFO :::header name:host
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [121] INFO :::header value:localhost:11003
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [120] INFO :::header name:connection
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [121] INFO :::header value:Keep-Alive
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [120] INFO :::header name:user-agent
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [121] INFO :::header value:Apache-HttpClient/4.5.13 (Java/11.0.8)
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [120] INFO :::header name:accept-encoding
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [121] INFO :::header value:gzip,deflate
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [123] INFO :::Iterating over header names done
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [124] INFO :::Exit printAllHttpHeaders method
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [printAllHttpHeaders] [125] INFO :::*******************************
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [postLoginProcess] [97] INFO :::Logged in user id: testUser, profile id: 1111
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [postLoginProcess] [100] INFO :::X-FORWARDED-FOR ipaddr:null
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [postLoginProcess] [105] INFO :::request.getParameter(ipAddr):0:0:0:0:0:0:0:1
2023-04-04T09:36:31.805-0400 [test.login.handler.LoginSuccessHandler] [postLoginProcess] [106] INFO :::request.getRemoteAddr():127.0.0.1
2023-04-04T09:36:31.816-0400 [test.login.handler.LoginSuccessHandler] [postLoginProcess] [107] INFO :::About to save to db, ipaddrL:0:0:0:0:0:0:0:1
2023-04-04T09:36:31.816-0400 [org.springframework.orm.jpa.SharedEntityManagerCreator$SharedEntityManagerInvocationHandler] [invoke] [302] DEBUG :::Creating new EntityManager for shared EntityManager invocation
2023-04-04T09:36:31.880-0400 [org.springframework.transaction.support.AbstractPlatformTransactionManager] [getTransaction] [370] DEBUG :::Creating new transaction with name [org.springframework.data.jpa.repository.support.SimpleJpaRepository.saveAll]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT
2023-04-04T09:36:31.880-0400 [org.springframework.orm.jpa.JpaTransactionManager] [doBegin] [412] DEBUG :::Opened new EntityManager [org.eclipse.persistence.internal.jpa.EntityManagerImpl@30b2560f] for JPA transaction
2023-04-04T09:36:31.880-0400 [org.springframework.orm.jpa.JpaTransactionManager] [doBegin] [447] DEBUG :::Not exposing JPA transaction [org.eclipse.persistence.internal.jpa.EntityManagerImpl@30b2560f] as JDBC transaction because JpaDialect [org.springframework.orm.jpa.DefaultJpaDialect@2b5122f8] does not support JDBC Connection retrieval
2023-04-04T09:36:31.927-0400 [org.springframework.transaction.support.AbstractPlatformTransactionManager] [processCommit] [740] DEBUG :::Initiating transaction commit
2023-04-04T09:36:31.927-0400 [org.springframework.orm.jpa.JpaTransactionManager] [doCommit] [557] DEBUG :::Committing JPA transaction on EntityManager [org.eclipse.persistence.internal.jpa.EntityManagerImpl@30b2560f]
2023-04-04T09:36:31.990-0400 [org.springframework.orm.jpa.JpaTransactionManager] [doCleanupAfterCompletion] [648] DEBUG :::Closing JPA EntityManager [org.eclipse.persistence.internal.jpa.EntityManagerImpl@30b2560f] after transaction
2023-04-04T09:36:31.990-0400 [org.springframework.transaction.support.AbstractPlatformTransactionManager] [getTransaction] [370] DEBUG :::Creating new transaction with name [org.springframework.data.jpa.repository.support.SimpleJpaRepository.save]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT
2023-04-04T09:36:31.990-0400 [org.springframework.orm.jpa.JpaTransactionManager] [doBegin] [412] DEBUG :::Opened new EntityManager [org.eclipse.persistence.internal.jpa.EntityManagerImpl@22fe3e74] for JPA transaction
2023-04-04T09:36:31.990-0400 [org.springframework.orm.jpa.JpaTransactionManager] [doBegin] [447] DEBUG :::Not exposing JPA transaction [org.eclipse.persistence.internal.jpa.EntityManagerImpl@22fe3e74] as JDBC transaction because JpaDialect [org.springframework.orm.jpa.DefaultJpaDialect@2b5122f8] does not support JDBC Connection retrieval
2023-04-04T09:36:32.022-0400 [org.springframework.transaction.support.AbstractPlatformTransactionManager] [processCommit] [740] DEBUG :::Initiating transaction commit
2023-04-04T09:36:32.022-0400 [org.springframework.orm.jpa.JpaTransactionManager] [doCommit] [557] DEBUG :::Committing JPA transaction on EntityManager [org.eclipse.persistence.internal.jpa.EntityManagerImpl@22fe3e74]
2023-04-04T09:36:32.052-0400 [org.springframework.orm.jpa.JpaTransactionManager] [doCleanupAfterCompletion] [648] DEBUG :::Closing JPA EntityManager [org.eclipse.persistence.internal.jpa.EntityManagerImpl@22fe3e74] after transaction
2023-04-04T09:36:32.052-0400 [org.springframework.security.web.DefaultRedirectStrategy] [sendRedirect] [57] DEBUG :::Redirecting to /app/
**2023-04-04T09:36:32.052-0400 [org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper] [saveContext] [362] DEBUG :::Stored SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=test.login.service.CustomUserDetails@afbd74f0, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ADD_MODIFY, REPORTS_RUN, .......................]]] to HttpSession** [org.apache.catalina.session.StandardSessionFacade@7b246da]
2023-04-04T09:36:32.052-0400 [org.springframework.security.web.context.SecurityContextPersistenceFilter] [doFilter] [118] DEBUG :::Cleared SecurityContextHolder to complete request
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "HTTP/1.1 302 [\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "Set-Cookie: JSESSIONID=935153B9FF5E463D3377915F17389702; Path=/; HttpOnly[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "Cache-Control: no-cache, no-store, max-age=0, must-revalidate[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "Pragma: no-cache[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "Expires: 0[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "X-XSS-Protection: 1; mode=block[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "X-Frame-Options: DENY[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "X-Content-Type-Options: nosniff[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "Location: http://localhost:11003/app/[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "Content-Length: 0[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "Date: Tue, 04 Apr 2023 13:36:32 GMT[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "Keep-Alive: timeout=200[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "Connection: keep-alive[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "Server: Apache TomEE[\r][\n]"
2023-04-04T09:36:32.066-0400 [org.apache.http.impl.conn.Wire] [wire] [73] DEBUG :::http-outgoing-0 << "[\r][\n]"
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [122] DEBUG :::http-outgoing-0 << HTTP/1.1 302 
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << Set-Cookie: JSESSIONID=935153B9FF5E463D3377915F17389702; Path=/; HttpOnly
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << Cache-Control: no-cache, no-store, max-age=0, must-revalidate
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << Pragma: no-cache
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << Expires: 0
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << X-XSS-Protection: 1; mode=block
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << X-Frame-Options: DENY
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << X-Content-Type-Options: nosniff
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << Location: http://localhost:11003/app/
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << Content-Length: 0
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << Date: Tue, 04 Apr 2023 13:36:32 GMT
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << Keep-Alive: timeout=200
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << Connection: keep-alive
2023-04-04T09:36:32.082-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [onResponseReceived] [125] DEBUG :::http-outgoing-0 << Server: Apache TomEE
2023-04-04T09:36:32.099-0400 [org.apache.http.impl.execchain.MainClientExec] [execute] [285] DEBUG :::Connection can be kept alive for 200000 MILLISECONDS
2023-04-04T09:36:32.099-0400 [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] [releaseConnection] [344] DEBUG :::Connection [id: 0][route: {}->http://localhost:11003] can be kept alive for 200.0 seconds
2023-04-04T09:36:32.099-0400 [org.apache.http.impl.conn.LoggingManagedHttpClientConnection] [setSocketTimeout] [88] DEBUG :::http-outgoing-0: set socket timeout to 0
2023-04-04T09:36:32.099-0400 [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] [releaseConnection] [351] DEBUG :::Connection released: [id: 0][route: {}->http://localhost:11003][total available: 1; route allocated: 1 of 2; total allocated: 1 of 20]
2023-04-04T09:36:32.105-0400 [org.apache.http.client.protocol.ResponseProcessCookies] [processCookies] [119] DEBUG :::Cookie accepted [JSESSIONID="935153B9FF5E463D3377915F17389702", version:0, domain:localhost, path:/, expiry:null]
2023-04-04T09:36:32.121-0400 [org.springframework.core.log.CompositeLog] [debug] [147] DEBUG :::Response 302 FOUND
2023-04-04T09:36:32.128-0400 [test.login.controller.LoginController] [authenticateWithProfile] [315] INFO :::((((((((((((((((( 935153B9FF5E463D3377915F17389702; Path=/; HttpOnly
2023-04-04T09:36:32.128-0400 [test.login.controller.LoginController] [authenticateWithProfile] [317] INFO :::Exited authenticateWithProfile() of LoginController
2023-04-04T09:36:32.128-0400 [org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodProcessor] [writeWithMessageConverters] [255] DEBUG :::Using 'application/json', given [application/json, text/plain, */*] and supported [application/json, application/*+json]
2023-04-04T09:36:32.128-0400 [org.springframework.core.log.LogFormatUtils] [traceDebug] [91] DEBUG :::Writing [test.user.model.CdrUserProfile@20542935]
2023-04-04T09:36:32.128-0400 [org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper] [saveContext] [348] DEBUG :::Did not store anonymous SecurityContext
2023-04-04T09:36:32.128-0400 [org.springframework.web.servlet.FrameworkServlet] [logResult] [1131] DEBUG :::Completed 200 OK
2023-04-04T09:36:32.128-0400 [org.springframework.security.web.context.SecurityContextPersistenceFilter] [doFilter] [118] DEBUG :::Cleared SecurityContextHolder to complete request
2023-04-04T09:36:32.169-0400 [org.springframework.security.web.FilterChainProxy] [doFilterInternal] [208] DEBUG :::Securing GET /login/dashboard
2023-04-04T09:36:32.169-0400 [org.springframework.security.web.context.SecurityContextPersistenceFilter] [doFilter] [102] DEBUG :::Set SecurityContextHolder to empty SecurityContext
2023-04-04T09:36:32.169-0400 [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] [doFilter] [96] DEBUG :::Set SecurityContextHolder to anonymous SecurityContext
2023-04-04T09:36:32.170-0400 [org.springframework.security.access.intercept.AbstractSecurityInterceptor] [attemptAuthorization] [246] DEBUG :::Failed to authorize filter invocation [GET /login/dashboard] with attributes [authenticated]
2023-04-04T09:36:32.192-0400 [org.springframework.security.web.session.HttpSessionEventPublisher] [extracted] [85] DEBUG :::Publishing event: org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@26a138cc]
2023-04-04T09:36:32.192-0400 [org.springframework.security.web.savedrequest.HttpSessionRequestCache] [saveRequest] [75] DEBUG :::Saved request http://localhost:11003/app/login/dashboard to session
2023-04-04T09:36:32.197-0400 [org.springframework.security.web.DefaultRedirectStrategy] [sendRedirect] [57] DEBUG :::Redirecting to http://localhost:11003/app/login/loginPage
2023-04-04T09:36:32.197-0400 [org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper] [saveContext] [345] DEBUG :::Did not store empty SecurityContext
2023-04-04T09:36:32.198-0400 [org.springframework.security.web.context.SecurityContextPersistenceFilter] [doFilter] [118] DEBUG :::Cleared SecurityContextHolder to complete request
2023-04-04T09:36:32.203-0400 [org.springframework.security.web.FilterChainProxy] [doFilterInternal] [208] DEBUG :::Securing GET /login/loginPage
2023-04-04T09:36:32.203-0400 [org.springframework.security.web.context.SecurityContextPersistenceFilter] [doFilter] [102] DEBUG :::Set SecurityContextHolder to empty SecurityContext
2023-04-04T09:36:32.203-0400 [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] [doFilter] [96] DEBUG :::Set SecurityContextHolder to anonymous SecurityContext
2023-04-04T09:36:32.204-0400 [org.springframework.security.access.intercept.AbstractSecurityInterceptor] [beforeInvocation] [210] DEBUG :::Authorized filter invocation [GET /login/loginPage] with attributes [permitAll]
2023-04-04T09:36:32.204-0400 [org.springframework.security.web.FilterChainProxy$VirtualFilterChain] [doFilter] [323] DEBUG :::Secured GET /login/loginPage
2023-04-04T09:36:32.204-0400 [org.springframework.core.log.LogFormatUtils] [traceDebug] [91] DEBUG :::GET "/app/login/loginPage", parameters={}
2023-04-04T09:36:32.205-0400 [org.springframework.web.servlet.handler.AbstractHandlerMapping] [getHandler] [510] DEBUG :::Mapped to test.login.controller.LoginController#showLoginPage(String, String, HttpServletRequest)
2023-04-04T09:36:32.205-0400 [test.login.controller.LoginController] [showLoginPage] [71] DEBUG :::request urlhttp://localhost:11003/app/login/loginPage
2023-04-04T09:36:32.205-0400 [test.login.controller.LoginController] [showLoginPage] [72] INFO :::Entered showLoginPage() of LoginController
2023-04-04T09:36:32.205-0400 [test.login.controller.LoginController] [showLoginPage] [73] DEBUG ::: LoginController param error null
2023-04-04T09:36:32.205-0400 [test.login.controller.LoginController] [showLoginPage] [74] DEBUG ::: LoginController param logout null
2023-04-04T09:36:32.205-0400 [test.login.controller.LoginController] [showLoginPage] [81] INFO :::^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ anonymousUser anonymousUser
2023-04-04T09:36:32.205-0400 [test.login.controller.LoginController] [showLoginPage] [102] INFO :::Exited showLoginPage() of LoginController
2023-04-04T09:36:32.206-0400 [org.springframework.web.servlet.view.AbstractView] [render] [309] DEBUG :::View name '/main/login', model {}
2023-04-04T09:36:32.207-0400 [org.springframework.web.servlet.view.InternalResourceView] [renderMergedOutputModel] [169] DEBUG :::Forwarding to [/WEB-INF/jsp//main/login.jsp]
2023-04-04T09:36:32.208-0400 [org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper] [saveContext] [348] DEBUG :::Did not store anonymous SecurityContext
2023-04-04T09:36:32.210-0400 [org.springframework.web.servlet.FrameworkServlet] [logResult] [1131] DEBUG :::Completed 200 OK
2023-04-04T09:36:32.210-0400 [org.springframework.security.web.context.SecurityContextPersistenceFilter] [doFilter] [118] DEBUG :::Cleared SecurityContextHolder to complete request

更新:客户端是浏览器。21457 B6 DC 399 CC 4C 3FC 510 EF 9AEC 4 B 0 C是创建的会话ID。对于/app/login/authenticateWithProfile API,在响应头中使用早期的JSession ID。对于/dashboard API以及其余的.js和.css,使用E8 BBF 1 EB 52 BC 1264 F2 A92522 D95607 AB。请参阅下面的日志。

[10/Apr/2023:11:59:12 -0400] 127.0.0.1 - 21457B6DC399CC4C3FC510EF9AEC4B0C - "POST /app/app_security_check HTTP/1.1" 302 - JSESSIONID=21457B6DC399CC4C3FC510EF9AEC4B0C; Path=/app; Secure; HttpOnly
[10/Apr/2023:11:59:12 -0400] 0:0:0:0:0:0:0:1 - BC4A44606D9D49831DEA7DDD2C0D3C2E BC4A44606D9D49831DEA7DDD2C0D3C2E "POST /app/login/authenticateWithProfile HTTP/1.1" 200 629 JSESSIONID=\"21457B6DC399CC4C3FC510EF9AEC4B0C; Path=/app; Secure; HttpOnly\"; Version=1
[10/Apr/2023:11:59:12 -0400] 0:0:0:0:0:0:0:1 - E8BBF1EB52BC1264F2A92522D95607AB - "GET /app/login/dashboard HTTP/1.1" 302 - JSESSIONID=E8BBF1EB52BC1264F2A92522D95607AB; Path=/app; Secure; HttpOnly
[10/Apr/2023:11:59:12 -0400] 0:0:0:0:0:0:0:1 - E8BBF1EB52BC1264F2A92522D95607AB E8BBF1EB52BC1264F2A92522D95607AB "GET /app/login/loginPage HTTP/1.1" 200 22268 -
Update:The API /authenticateWithProfile is invoking /app_security_check API (which is spring security's filterProcessesUrl). 
The API /app_security_check is generating the cookie 21457B6DC399CC4C3FC510EF9AEC4B0C. We are setting this as cookie to the response header and is expected to use post authentication but that is not happening. 
From the logs while redirecting to /dashboard in the response header I'm seeing a different session id.
Does Tomcat needs any additional configuration to  that I'm missing?

发现/authenticateWithProfile接口的响应头中session id设置如下:JSESSIONID=“53 E9 FA 013 FAAC 0 CF 98 F65 FDF 22 A9 EB 69;失效日期=Sat,15 Apr 2023 06:12:18 GMT;/app; HttpOnly”;版本=1
当重定向到请求头中的/dashboard时,会话ID前面会加上“like this JSESSIONID=“53 E9 FA 013 FAAC 0 CF 98 F65 FDF 22 A9 EB 69
我在context.xml中使用如果我使用Rfc 6265 CookieProcessor,我得到此错误java.lang.IllegalArgumentException:Cookie值中存在无效字符[59]。我需要为Tomcat 9.0.71使用哪个cookieProcesser?我是否缺少任何属性?

spring-security

1条答案

按热度按时间
baubqpgj

baubqpgj1#

您设置的cookie值不正确。
检查Set-CookieCookie头的语法差异,它将解释您在服务器日志中看到的内容。例如,您应该从服务器获得如下响应:

Set-Cookie JSESSIONID=21457B6DC399CC4C3FC510EF9AEC4B0C; Path=/app; Secure; HttpOnly

Set-Cookie头的值是整个文本JSESSIONID=21457B6DC399CC4C3FC510EF9AEC4B0C; Path=/app; Secure; HttpOnly,而不仅仅是会话标识符。它还包含所有其他垃圾。
当您使用该值作为cookie时,您正在执行以下操作:

Cookie JSESSIONID="21457B6DC399CC4C3FC510EF9AEC4B0C; Path=/app; Secure; HttpOnly"

这是错的,你想要这个

Cookie JSESSIONID=21457B6DC399CC4C3FC510EF9AEC4B0C

你必须解析Set-Cookie响应的值,或者,如果你在你的HTTP请求周围使用一个 Package 器库(例如commons-http-client等),那么你可能可以使用他们的工具来进行这种解析。

赞(0)分享  回复(0)举报  2023-04-21
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com