在将spring security 3.0升级到spring security 3.1时,Spring安全性无法正常工作(Spring security not working while upgrading spring security 3.0 to spring security 3.1)
我已成功将spring security 3.0集成到Web应用程序中并运行良好,现在我要将spring security 3.0升级到3.1并且我在CustomAuthenticationManager上遇到问题每当我尝试登录时,CustomAuthenticationManager会被调用两次。 因此,第一次用户成功验证并返回usernamePasswordAuthenticationToken但此类再次被调用,此时主体返回正确的值,但凭据返回null,因此用户获得身份验证失败并再次重定向到登录页面,这就是我无法登录的原因。
CustomAuthenticationManger:
public class CustomAuthenticationProvider implements AuthenticationProvider { @Autowired private ILoginService loginService; public Authentication authenticate(Authentication authentication) throws AuthenticationException { UsernamePasswordAuthenticationToken usernamePassswordAuthenticationToken = new UsernamePasswordAuthenticationToken( authentication.getPrincipal(), authentication.getCredentials()); if (loginService.authenticateUser((String) authentication.getPrincipal())) { if (loginService.validateUserIdAndPass((String) authentication.getPrincipal(), (String) authentication.getCredentials())) { usernamePassswordAuthenticationToken.setAuthenticated(false); } else throw new BadCredentialsException( "Username/Password does not match"); } else throw new BadCredentialsException( "Username/Password does not match"); return usernamePassswordAuthenticationToken; } public boolean supports(Class<? extends Object> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } }
我的ApplicationContextSecurity.xml:
<global-method-security pre-post-annotations="enabled"> </global-method-security> <beans:bean id="myAccessDecisionManager" class="com.app.common.security.repository.MyAccessDecisionManager"> </beans:bean> <http auto-config="true" once-per-request="true" access-decision-manager-ref="myAccessDecisionManager" access-denied-page="/jsp/errorPage.jsp"> <intercept-url pattern="/*.app" access="ROLE_ANONYMOUS"/> <form-login login-page="/login.app" login-processing-url="/j_spring_security_check" default-target-url="/login/validate.app" authentication-failure-url="/login.app?login_error=1" /> <logout logout-url="/j_spring_security_logout" logout-success-url="/login.app" invalidate-session="true" /> <session-management invalid-session-url="/login.app" session-fixation-protection="newSession"> <concurrency-control max-sessions="100" error-if-maximum-exceeded="false" /> </session-management> </http> <authentication-manager> <authentication-provider ref="customAuthenticationProvider"></authentication-provider> </authentication-manager> <beans:bean id="customAuthenticationProvider" class="com.app.common.security.repository.CustomAuthenticationProvider"> </beans:bean>
请告诉我我错在哪里。
I had successfully integrated spring security 3.0 in web application and it was running well, now I am going to upgrade spring security 3.0 to 3.1 and I am facing problem at my CustomAuthenticationManager Whenever I try to login, CustomAuthenticationManager get called twice. So at first time user authenticate successfully and return usernamePasswordAuthenticationToken but this class get called again and this time principal returns proper value but credentials return null hence user get authentication failure and redirect to login page again and that's why I can't login ever.
CustomAuthenticationManger:
public class CustomAuthenticationProvider implements AuthenticationProvider { @Autowired private ILoginService loginService; public Authentication authenticate(Authentication authentication) throws AuthenticationException { UsernamePasswordAuthenticationToken usernamePassswordAuthenticationToken = new UsernamePasswordAuthenticationToken( authentication.getPrincipal(), authentication.getCredentials()); if (loginService.authenticateUser((String) authentication.getPrincipal())) { if (loginService.validateUserIdAndPass((String) authentication.getPrincipal(), (String) authentication.getCredentials())) { usernamePassswordAuthenticationToken.setAuthenticated(false); } else throw new BadCredentialsException( "Username/Password does not match"); } else throw new BadCredentialsException( "Username/Password does not match"); return usernamePassswordAuthenticationToken; } public boolean supports(Class<? extends Object> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } }
My ApplicationContextSecurity.xml:
<global-method-security pre-post-annotations="enabled"> </global-method-security> <beans:bean id="myAccessDecisionManager" class="com.app.common.security.repository.MyAccessDecisionManager"> </beans:bean> <http auto-config="true" once-per-request="true" access-decision-manager-ref="myAccessDecisionManager" access-denied-page="/jsp/errorPage.jsp"> <intercept-url pattern="/*.app" access="ROLE_ANONYMOUS"/> <form-login login-page="/login.app" login-processing-url="/j_spring_security_check" default-target-url="/login/validate.app" authentication-failure-url="/login.app?login_error=1" /> <logout logout-url="/j_spring_security_logout" logout-success-url="/login.app" invalidate-session="true" /> <session-management invalid-session-url="/login.app" session-fixation-protection="newSession"> <concurrency-control max-sessions="100" error-if-maximum-exceeded="false" /> </session-management> </http> <authentication-manager> <authentication-provider ref="customAuthenticationProvider"></authentication-provider> </authentication-manager> <beans:bean id="customAuthenticationProvider" class="com.app.common.security.repository.CustomAuthenticationProvider"> </beans:bean>
please tell me where I am wrong.
原文:https://stackoverflow.com/questions/18912568
最满意答案
相关问答
更多-
查看Reference Source的源代码 ,如果来自Task.Wait()的代码: public void Wait() { #if DEBUG bool waitResult = #endif Wait(Timeout.Infinite, default(CancellationToken)); #if DEBUG Contract.Assert(waitResult, "expected wait to succeed"); #endif } 所以,超时是Timeout. ...
-
您可以使用rxjs timeout()并以毫秒为单位传递时间。 this.http.get('url').timeout(5000).map(data => data.json()); You can use rxjs timeout() and pass time in miliseconds. this.http.get('url').timeout(5000).map(data => data.json());
-
BITS上传响应超时(BITS Upload response timeout)[2021-12-26]
从维基百科,对于上传作业, BITS需要具有BIT服务器扩展的IIS Web服务器 : BITS 1.0版仅支持下载。 从版本1.5开始,BITS支持下载和上传。 上传需要在接收端具有BITS服务器扩展的IIS Web服务器。 我不知道你是如何使用BITS协议的,但是, 本页介绍了如何使用BITS Admin commnad-line工具创建下载或上传作业并监控其进度。 下面这个开关可能会帮助你: / SetNoProgressTimeout 作业超时 设置BITS在发生第一个瞬态错误后尝试传输文件的时间长 ... -
Alexa的超时时间是10秒,你不能改变这一点,请按照这个线程 The Alexa timeout is 10 seconds and you cannot change this, please follow this thread
-
如果我理解正确的话: app.controller('LocalCtrl', function ($scope, $timeout, $q) { var defer = $q.defer(); defer.promise.then(function () { alert('End request.'); }); $timeout(function () { defer.resolve(); }, 2000); }); 或者在你 ...
-
你是否在生产模式下运行goliath? 在开发中,它会进行代码重新加载,这会对性能产生负面影响。 -e prod会将服务器置于生产模式。 Did you run goliath in Production mode? In development it does code reloading which will negatively impact performance. -e prod will put the server in production mode.
-
最简单的解决方案之一是,在缓存一些资源之前不要公开你的后端(在服务器重启后设置一些超时,例如10分钟)。 One of the easiest solution would be that do not make your back end publicly available until you cached some of your resources (after a server restart set some timeout. e.g. 10 minutes).
-
在setTimeout中执行时,Alexa Skill响应没有显示任何内容(Alexa Skill response is showing nothing when doing in setTimeout)[2023-09-20]
最后我找出了解决方案。 要在alexa-app框架中处理异步回调,有两种方法。 使用4.0.0以下的版本 var alexa = require('alexa-app'); // Define an alexa-app var myapp = new alexa.app('myapp'); myapp.intent('WelcomeIntent', function(request,response) { console.log(request); makePromiseBasedCal ... -
与settimeout()的链接是正确的。 超时时会引发异常。 阻止套接字操作设置超时。 value参数可以是表示秒的非负浮点数,也可以是None。 如果给出非零值,则如果在操作完成之前已超过超时时间段值,则后续套接字操作将引发超时异常。 如果给出零,则套接字处于非阻塞模式。 如果给出None,则套接字处于阻塞模式。 您需要将代码放在try块中,以便Exception不会中止您的程序。 import socket.timeout as TimeoutException # set timeout 5 sec ...
-
在render_GET()中,你应该返回twisted.web.server.NOT_DONE_YET。 您应该将请求对象传递给ret方法:d.addCallback(self.ret,request) 然后在ret(request)中,您应该使用request.write(hdata)写入异步数据,并使用request.finish()关闭连接。 def ret(self, result, request): request.write(result) request.finish() ...