LdapUserDetailsImpl.hashCode 中的 LDAP Spring 安全 NullPointer

Posted 2023-02-27

【中文标题】LdapUserDetailsImpl.hashCode 中的 LDAP Spring 安全 NullPointer

【英文标题】：LDAP Spring Security NullPointer in LdapUserDetailsImpl.hashCode

【发布时间】：2017-11-10 09:23:06

【问题描述】：

在多节点 Spring LDAP 安全应用程序中，出现以下异常。奇怪的是在某些节点中，身份验证正常进行，并且在某些节点中出现此异常-

在多节点 Spring LDAP 安全应用程序中，出现以下异常。奇怪的是在某些节点中，身份验证正常进行，并且在某些节点中出现此异常-

StackTrace: org.springframework.security.authentication.AbstractAuthenticationToken.hashCode(AbstractAuthenticationToken.java:180) 处 org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.hashCode(LdapUserDetailsImpl.java:133) 处的 java.lang.NullPointerException在 java.lang.Object.toString(Object.java:236) 在 org.springframework.security.authentication.AbstractAuthenticationToken.toString(AbstractAuthenticationToken.java:201) 在 java.lang.String.valueOf(String.java:2994) 在java.lang.StringBuilder.append(StringBuilder.java:131) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:312) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter( AbstractAuthenticationProcessingFilter.java:240) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org.springframework.security。 web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at com.company.cm.config.WebSecurityConfig$1.doFilterInternal (WebSecurityConfig.java:113) 在 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org. springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124) 在 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain。 doFilter(FilterChainProxy.java:331) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org .springframework.security.w eb.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter( FilterChainProxy.java:331) 在 org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) 在 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157) 在 org.springframework.security .web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) 在 org.srin gframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy. java:262) 在 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) 在 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) 在 org.springframework.session.web .http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:167) 在 org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:80) 在 org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java :346) 在 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) 在 org.apache 的 org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) .catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) 在 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) 在 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java :94) 在 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) 在 org.apache.catalina.valves 的 org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)。 ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org .apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) 在 org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132) 在 org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol .java:684) 在 org.apache.tomcat.util.net.NioEndpoint$Sock etProcessor.doRun(NioEndpoint.java:1533) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1489) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)在 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 在 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 在 java.lang.Thread.run (Thread.java:745)

日志 -

20:04:28.581 [http-nio-8080-exec-10] 调试 org.springframework.security.web.util.matcher.AntPathRequestMatcher - 检查请求匹配：'/login_process'；反对 '/login_process' 20:04:28.581 [http-nio-8080-exec-10] 调试 org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - 请求是处理身份验证 20:04:28.581 [http-nio-8080-exec-10] 调试 org.springframework.security.authentication.ProviderManager - 使用 org.springframework.security.ldap.authentication.LdapAuthenticationProvider 进行身份验证尝试 20:04:28.581 [http-nio-8080-exec-10] 调试 org.springframework.security.ldap.authentication.LdapAuthenticationProvider - 处理用户的身份验证请求： 20:04:28.581 [http-nio-8080-exec-10] 调试 org.springframework.security.ldap.authentication.BindAuthenticator - 尝试绑定为 uid=,ou=People,dc=company,dc=com 20:04:28.581 [http-nio-8080-exec-10] 调试 org.springframework.security.ldap.DefaultSpringSecurityContextSource - 删除用户 uid=,ou=People,dc=company,dc=com 的池标志 20:04:28.772 [http-nio-8080-exec-10] 调试 org.springframework.ldap.core.support.AbstractContextSource - 在服务器 'ldap://ip/dc=company,dc=com' 上获取 Ldap 上下文 20:04:28.772 [http-nio-8080-exec-10] 调试 org.springframework.security.ldap.authentication.BindAuthenticator - 检索属性... 20:04:28.860 [http-nio-8080-exec-10] 调试 org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - 获取用户 uid=,ou=People,dc=company,dc=com 的权限 20:04:28.860 [http-nio-8080-exec-10] 调试 org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - 搜索用户 '' 的角色，DN = 'uid=,ou=People,dc=company ,dc=com'，在搜索库 'ou=Group' 中带有过滤器 (memberUid=0) 20:04:28.860 [http-nio-8080-exec-10] 调试 org.springframework.security.ldap.SpringSecurityLdapTemplate - 使用过滤器：（memberUid=uid=,ou=People,dc=company,dc=com） 20:04:28.860 [http-nio-8080-exec-10] 调试 org.springframework.ldap.core.LdapTemplate - 提供的 SearchControls 的 returnObjFlag 未设置，但使用了 ContextMapper - 将标志设置为 true 20:04:28.865 [http-nio-8080-exec-10] 调试 org.springframework.ldap.core.support.AbstractContextSource - 在服务器 'ldap://ip/dc=company,dc=com' 上获取 Ldap 上下文 20:04:28.976 [http-nio-8080-exec-10] 调试 org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator 20:04:28.977 [http-nio-8080-exec-10] 调试 org.springframework.security.ldap.userdetails.LdapUserDetailsMapper - 使用 DN：uid=,ou=People,dc=company,dc= 从上下文映射用户详细信息com 20:04:28.977 [http-nio-8080-exec-10] 调试 org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy - 委托给 org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@1d1ae249 20:04:28.977 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.978 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.979 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.979 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.979 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.979 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.980 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.980 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.980 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.980 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.981 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.981 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.981 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.981 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.981 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.981 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.981 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.981 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.983 [http-nio-8080-exec-10] 调试 org.springframework.session.web.http.SessionRepositoryFilter.SESSION_LOGGER - id 未找到会话：此 HttpServletRequest 的 getSession(false) 的缓存结果。 20:04:28.983 [http-nio-8080-exec-10] 调试 org.springframework.session.web.http.SessionRepositoryFilter.SESSION_LOGGER - 创建了一个新会话。为了帮助您解决会话的创建位置，我们提供了 StackTrace（这不是错误）。您可以通过禁用 org.springframework.session.web.http.SessionRepositoryFilter.SESSION_LOGGER 的 DEBUG 日志记录来防止出现这种情况 java.lang.RuntimeException：仅用于调试目的（不是错误） 在 org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:368) 在 org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:390) 在 org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.changeSessionId(SessionRepositoryFilter.java:291) 在 javax.servlet.http.HttpServletRequestWrapper.changeSessionId(HttpServletRequestWrapper.java:249) 在 javax.servlet.http.HttpServletRequestWrapper.changeSessionId(HttpServletRequestWrapper.java:249) 在 sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 在 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 在 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 在 java.lang.reflect.Method.invoke(Method.java:498) 在 org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) 在 org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:201) 在 org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy.applySessionFixation(ChangeSessionIdAuthenticationStrategy.java:55) 在 org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.onAuthentication(AbstractSessionFixationProtectionStrategy.java:87) 在 org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy.onAuthentication(ChangeSessionIdAuthenticationStrategy.java:32) 在 org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy.onAuthentication(CompositeSessionAuthenticationStrategy.java:89) 在 org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 com.company.cm.config.WebSecurityConfig$1.doFilterInternal(WebSecurityConfig.java:113) 在 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124) 在 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) 在 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) 在 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157) 在 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) 在 org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) 在 org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) 在 org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 在 org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) 在 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) 在 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) 在 org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:167) 在 org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:80) 在 org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 在 org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) 在 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) 在 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) 在 org.apache.catalina.core.StandardWrapperValve.invoke（StandardWrapperValve.java:212） 在 org.apache.catalina.core.StandardContextValve.invoke（StandardContextValve.java:94） 在 org.apache.catalina.authenticator.AuthenticatorBase.invoke（AuthenticatorBase.java:504） 在 org.apache.catalina.core.StandardHostValve.invoke（StandardHostValve.java:141） 在 org.apache.catalina.valves.ErrorReportValve.invoke（ErrorReportValve.java:79） 在 org.apache.catalina.valves.AbstractAccessLogValve.invoke（AbstractAccessLogValve.java:620） 在 org.apache.catalina.core.StandardEngineValve.invoke（StandardEngineValve.java:88） 在 org.apache.catalina.connector.CoyoteAdapter.service（CoyoteAdapter.java:502） 在 org.apache.coyote.http11.AbstractHttp11Processor.process（AbstractHttp11Processor.java:1132） 在 org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) 在 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1533) 在 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1489) 在 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 在 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 在 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 在 java.lang.Thread.run(Thread.java:745) 20:04:28.984 [http-nio-8080-exec-10] 调试 org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy - 委托给 org.springframework.security.web.csrf.CsrfAuthenticationStrategy@38ef21bd 20:04:28.984 [http-nio-8080-exec-10] 调试 org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext 为空或内容是匿名的 - 上下文不会存储在 HttpSession 中。 20:04:28.984 [http-nio-8080-exec-10] 调试 org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder 现在清除，请求处理完成 20:04:28.986 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.987 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.987 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.987 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.987 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.987 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.987 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.988 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.988 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.989 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.990 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.990 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.990 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.991 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.util.matcher.AntPathRequestMatcher - 检查请求的匹配：'/WEB-INF/error/exceptionPage.jsp'；反对'/css/' 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.util.matcher.AntPathRequestMatcher - 检查请求的匹配：'/WEB-INF/error/exceptionPage.jsp'；反对'/fonts/' 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.util.matcher.AntPathRequestMatcher - 检查请求的匹配：'/WEB-INF/error/exceptionPage.jsp'；反对 '/html/' 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.util.matcher.AntPathRequestMatcher - 检查请求的匹配：'/WEB-INF/error/exceptionPage.jsp'；反对'/js/' 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.util.matcher.AntPathRequestMatcher - 检查请求的匹配：'/WEB-INF/error/exceptionPage.jsp'；反对 '/thirdparty/' 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 在附加过滤器链中的第 14 个位置；触发过滤器：'ChannelProcessingFilter' 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.util.matcher.AntPathRequestMatcher - 请求 '/WEB-INF/error/exceptionPage.jsp' 匹配通用模式 '/ ' 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.access.channel.ChannelProcessingFilter - 请求：FilterInvocation：URL：/WEB-INF/error/exceptionPage.jsp；配置属性：[ANY_CHANNEL] 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 位于附加过滤器链中第 14 位的第 2 位；触发过滤器：'WebAsyncManagerIntegrationFilter' 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 在附加过滤器链中的第 14 个位置；触发过滤器：'SecurityContextPersistenceFilter' 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession 返回了 SPRING_SECURITY_CONTEXT 的空对象 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession 没有可用的 SecurityContext：org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper $HttpSessionWrapper@1285eb30。将创建一个新的。 20:04:28.992 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 位于附加过滤器链中 14 位的第 4 位；触发过滤器：'HeaderWriterFilter' 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 位于附加过滤器链中 14 位的第 5 位；触发过滤器：'CsrfFilter' 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 位于附加过滤器链中 14 位的第 6 位；触发过滤器：'' 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 位于附加过滤器链中 14 个位置的第 7 位；触发过滤器：'LogoutFilter' 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.util.matcher.AntPathRequestMatcher - 检查请求的匹配：'/WEB-INF/error/exceptionPage.jsp'；反对“/注销” 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 位于附加过滤器链中 14 位的第 8 位；触发过滤器：'UsernamePasswordAuthenticationFilter' 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.util.matcher.AntPathRequestMatcher - 检查请求的匹配：'/WEB-INF/error/exceptionPage.jsp'；反对 '/login_process' 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 位于附加过滤器链中 14 位的第 9 位；触发过滤器：'RequestCacheAwareFilter' 调试 org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: 两者都为空（属性等于） 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString：两者都为空（属性等于） 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.savedrequest.DefaultSavedRequest - requestURI: arg1=/cms/index.html; arg2=/cms/WEB-INF/error/exceptionPage.jsp（属性不等于） 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.savedrequest.HttpSessionRequestCache - 保存的请求不匹配 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 位于附加过滤器链中 14 位的第 10 位；触发过滤器：'SecurityContextHolderAwareRequestFilter' 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 位于附加过滤器链中 14 位的第 11 位；触发过滤器：'AnonymousAuthenticationFilter' 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.authentication.AnonymousAuthenticationFilter - 使用匿名令牌填充 SecurityContextHolder：'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8：主体：匿名用户；凭证：[受保护]；已认证：真实；详细信息：org.springframework.security.web.authentication.WebAuthenticationDetails@0：RemoteIpAddress：127.0.0.1；会话ID：35b812b5-4e29-4f31-9c9f-be7601329ec3；授予权限：ROLE_ANONYMOUS' 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp 位于附加过滤器链中 14 位的第 12 位；触发过滤器：'SessionManagementFilter' 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 打开 RedisConnection 20:04:28.993 [http-nio-8080-exec-10] 调试 org.springframework.data.redis.core.RedisConnectionUtils - 关闭 Redis 连接 20:04:28.994 [http-nio-8080-exec-10] 调试 org.springframework.security.web.session.SessionManagementFilter - 请求的会话 ID 59d0030f-e0ba-4991-a512-a5848660afc4 无效。

配置-

@Bean
public DefaultSpringSecurityContextSource ldapContext() 
    DefaultSpringSecurityContextSource context = new DefaultSpringSecurityContextSource(
            config.get("ldap.context", "ldap://x.x.x.x/dc=company,dc=com"));
    context.afterPropertiesSet();
    return context;


/**
 * LDAP Bind Authenticator
 * 
 * @return
 */
@Bean
public BindAuthenticator bindAuthenticator() 
    BindAuthenticator authenticator = new BindAuthenticator(ldapContext());
    String[] dnPatterns =  config.get("ldap.dnPattern", "uid=0,ou=People") ;
    authenticator.setUserDnPatterns(dnPatterns);
    return authenticator;


/**
 * LDAP authorities populator
 * 
 * @return
 */
@Bean
public DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator() 
    DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContext(),
            config.get("ldap.group.search.base", "ou=Group"));
    ldapAuthoritiesPopulator.setGroupRoleAttribute(config.get("ldap.group.role.attribute", "cn"));
    ldapAuthoritiesPopulator.setGroupSearchFilter(config.get("ldap.group.search.filter", "(memberUid=0)"));
    ldapAuthoritiesPopulator.setIgnorePartialResultException(true);
    ldapAuthoritiesPopulator.setRolePrefix(config.get("ldap.user.role.prefix", "ROLE_"));
    ldapAuthoritiesPopulator.setSearchSubtree(true);
    ldapAuthoritiesPopulator.setConvertToUpperCase(true);
    return ldapAuthoritiesPopulator;


@Bean
public LdapAuthenticationProvider ldapAuthenticationProvider() 
    LdapAuthenticationProvider authProvider = new LdapAuthenticationProvider(bindAuthenticator(),
            ldapAuthoritiesPopulator());
    authProvider.setUseAuthenticationRequestCredentials(true);
    authProvider.setHideUserNotFoundExceptions(false);
    authProvider.setUserDetailsContextMapper(ldapContextMapper());
    return authProvider;


@Bean
public LdapUserDetailsContextMapper ldapContextMapper() 
    return new LdapUserDetailsContextMapper();

@配置 @EnableRedisHttpSession(redisNamespace = "cms", maxInactiveIntervalInSeconds = 14400) @ImportResource("classpath:application-context.xml") 公共类 SessionRepositoryConfig 扩展 AbstractHttpSessionApplicationInitializer

@Autowired
Configuration config;

@Bean
public JedisConnectionFactory connectionFactory() 
    List<String> clusterNodes = Arrays.asList(config.get("redis.cluster.session"));
    return new JedisConnectionFactory(new RedisClusterConfiguration(clusterNodes));

【参考方案1】：

做了很多挖掘工作。令人惊讶的是，logback 配置导致了这个问题。一旦为实例正确配置了 logback xml，问题就消失了。

不确定 logback 与此有何关系。但是上面的解决方案效果很好。

谢谢