我正在尝试使用 Spring Security 3.1,但在身份验证后丢失了我的 HttpSession。我得到:"当前不存在HttpSession",在创建了正确的HttpSession之后。
我收到以下日志:
08 janv. 2014 19:53:59 DEBUG HttpSessionSecurityContextRepository - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@bce8a84f: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bce8a84f: Principal: org.springframework.security.core.userdetails.User@3b40b2f: Username: ADMIN; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: qx1qn1vbjxx71xedid64oi977; Granted Authorities: ROLE_ADMIN'
08 janv. 2014 19:53:59 DEBUG DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'spring': assuming HandlerAdapter completed request handling
08 janv. 2014 19:53:59 DEBUG DispatcherServlet - Successfully completed request
08 janv. 2014 19:53:59 DEBUG ExceptionTranslationFilter - Chain processed normally
08 janv. 2014 19:53:59 DEBUG SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
08 janv. 2014 19:54:00 DEBUG FilterChainProxy - /index at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
08 janv. 2014 19:54:00 DEBUG HttpSessionSecurityContextRepository - No HttpSession currently exists
08 janv. 2014 19:54:00 DEBUG HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
08 janv. 2014 19:54:00 DEBUG FilterChainProxy - /index at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
08 janv. 2014 19:54:00 DEBUG FilterChainProxy - /index at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
08 janv. 2014 19:54:00 DEBUG FilterChainProxy - /index at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
08 janv. 2014 19:54:00 DEBUG FilterChainProxy - /index at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
08 janv. 2014 19:54:00 DEBUG FilterChainProxy - /index at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
08 janv. 2014 19:54:00 DEBUG FilterChainProxy - /index at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
08 janv. 2014 19:54:00 DEBUG AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
可能是什么问题?
更新:
我找到了我的问题...我有一个我以前应该关心的文件:
码头网.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN"
"http://jetty.mortbay.org/configure.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="sessionHandler">
<Get name="sessionManager">
<Set name="usingCookies" type="boolean">false</Set>
</Get>
</Get>
</Configure>
我自己禁用了饼干...
我发现了我的问题...我有一个我以前应该关心的文件:
码头网.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN"
"http://jetty.mortbay.org/configure.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="sessionHandler">
<Get name="sessionManager">
<Set name="usingCookies" type="boolean">false</Set>
</Get>
</Get>
</Configure>
我自己禁用了饼干...我已经删除了这个文件,它现在可以工作了。