HttpSessionSecurityContextRepository - 当前不存在 HttpSession
Posted
技术标签:
【中文标题】HttpSessionSecurityContextRepository - 当前不存在 HttpSession【英文标题】:HttpSessionSecurityContextRepository - No HttpSession currently exists 【发布时间】:2016-05-30 17:04:16 【问题描述】:目前,我没有 HttpSession 当前存在。我相信这个问题会导致不一致的登录错误。有时我可以成功登录,但有时我不能。请帮忙。欢迎提出任何建议。
我在数据库中有两个表:客户和供应商。在我的 security.xml 文件中,我设置了它首先检查供应商表的方式;如果不成功,它将检查客户表。我不确定这是否是最佳做法,但它对我有用。
还有一件事是 No HttpSession 在我的 localhost:8080 环境中永远不会发生。但它确实在生产中。
这是我的设置:Spring mvc、Tomcat、Postgresql 和 Heroku 是我的云服务。
这是我的 spring mvc 和 spring security 版本
<properties>
<spring.version>4.0.5.RELEASE</spring.version>
<apache.tiles>3.0.3</apache.tiles>
<spring.security.version>3.2.3.RELEASE</spring.security.version>
</properties>
这是我的 spring.xml 文件
<global-method-security pre-post-annotations="enabled" />
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/login.html" requires-channel="https"/>
<intercept-url pattern="/logout.html" requires-channel="https"/>
<intercept-url pattern="/vendor/admin/**" access="hasRole('ROLE_ADMIN')" requires-channel="https"/>
<intercept-url pattern="/vendor/admin**" access="hasRole('ROLE_ADMIN')" requires-channel="https"/>
<intercept-url pattern="/vendor/account/**" access="hasRole('ROLE_VENDOR')" requires-channel="https"/>
<intercept-url pattern="/vendor/account**" access="hasRole('ROLE_VENDOR')" requires-channel="https"/>
<!-- Customer section -->
<intercept-url pattern="/customer/account/" access="hasRole('ROLE_CUSTOMER')" requires-channel="https"/>
<intercept-url pattern="/customer/account**" access="hasRole('ROLE_CUSTOMER')" requires-channel="https"/>
<intercept-url pattern="/reservation/ordercomplete/**" access="hasRole('ROLE_CUSTOMER')" requires-channel="https"/>
<intercept-url pattern="/reservation/ordercomplete**" access="hasRole('ROLE_CUSTOMER')" requires-channel="https"/>
<form-login login-page="/login.html"
authentication-failure-url="/login.html?success=false"
authentication-success-handler-ref="knexAuthenticationSuccessHandler" />
<logout logout-url="/logout" delete-cookies="JSESSIONID" />
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
</session-management>
</http>
<beans:bean id="knexAuthenticationSuccessHandler"
class="com.knexpress.cabo.security.KNexUrlAuthenticationSuccessHandler" />
<authentication-manager>
<authentication-provider>
<password-encoder hash="bcrypt" />
<jdbc-user-service data-source-ref="dataSource"
authorities-by-username-query="the query here is working ok"
users-by-username-query="select username, password, enabled from vendor where username = ? " />
</authentication-provider>
<authentication-provider>
<password-encoder hash="bcrypt" />
<jdbc-user-service data-source-ref="dataSource"
authorities-by-username-query="the query here is working alright."
users-by-username-query="select email, password, enabled from customer where email = ? " />
</authentication-provider>
</authentication-manager>
这是我的 applicationContext.xml 文件
<context:component-scan base-package="com.knexpress.cabo">
<context:exclude-filter type="annotation"
expression="org.springframework.stereotype.Controller" />
</context:component-scan>
<tx:annotation-driven transaction-manager="transactionManager" />
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<jpa:repositories base-package="com.knexpress.cabo.repository" />
<!-- Using this to serve https pages -->
<bean id="loadBalancerHack" class="com.knexpress.cabo.component.LoadBalancerHack"/>
<bean id="secureChannelProcessorHack" class="com.knexpress.cabo.component.SecureChannelProcessorHack"/>
<bean id="insecureChannelProcessorHack" class="com.knexpress.cabo.component.InsecureChannelProcessorHack"/>
<import resource="security.xml" />
这是我的 web.xml 文件
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>prod</param-value>
</context-param>
<session-config>
<!-- Default to 5 minute session timeouts -->
<session-timeout>5</session-timeout>
</session-config>
最后,这是我的生产日志。 (顺便说一句:我没有为 prod 环境中的所有查询激活日志:
2016-02-18T12:43:17.237730+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] AntPathRequestMatcher - Checking match of request : '/index.html'; against '/customer/account/' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.241374+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.241508+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] HttpSessionSecurityContextRepository - No HttpSession currently exists [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.241631+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created. [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.241749+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 3 of 13 in additional filter chain; firing Filter: 'ConcurrentSessionFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.241930+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 4 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.242298+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.242414+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.242950+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] FilterChainProxy$VirtualFilterChain - /index.html at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.247152+00:00 app[web.2]: ERROR [18.02.16 12:43:17] CustomerHomeController - [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.265654+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] ExceptionTranslationFilter - Chain processed normally [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.268379+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.238551+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] AntPathRequestMatcher - Checking match of request : '/index.html'; against '/customer/account**' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.238669+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] AntPathRequestMatcher - Checking match of request : '/index.html'; against '/reservation/ordercomplete/**' [thread: http-nio-30156-exec-4]
2016-02-18T12:43:17.239353+00:00 app[web.2]: DEBUG [18.02.16 12:43:17] AntPathRequestMatcher - Checking match of request : '/index.html'; against '/reservation/ordercomplete**' [thread:
【问题讨论】:
我也遇到了同样的问题,你是如何解决这个问题的。请帮助我们。 【参考方案1】:我有同样的问题,你必须在你的Tomcat上下文文件或apache服务器配置参数sessionCookiePath来保持会话ID。
<Context sessionCookiePath="/">用于 Tomcat 文件
ProxyPassReverseCookiePath "/"用于 Apache 配置
【讨论】:
以上是关于HttpSessionSecurityContextRepository - 当前不存在 HttpSession的主要内容,如果未能解决你的问题,请参考以下文章