3
아래 코드는 SecurityContext context = SecurityContextHolder.getContext()를 볼 때와 같이 role_user가 연결된 Spring 인증 객체를 만듭니다. 맨 마지막에는 ROLE_USER와 UserDetails의 교장이 있으므로 어떻게 든 HttpSession에 연결되지 않습니다. 어떤 아이디어? 내 예외는뿐만 아니라 우리는 세션에서 보안 컨텍스트를 둘 필요가HttpSession에서 스프링 보안 자동 로그인이 유지되지 않습니다.
19:11:07,599 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/javax.faces.resource/**'
19:11:07,600 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/services/rest-api/1.0/**'
19:11:07,600 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/preregistered/*'
19:11:07,600 DEBUG FilterChainProxy:263 - /registered/home.html at position 1 of 10 in additional filter chain; firing Filter: 'org.spring[email protected]3486a602'
19:11:07,600 DEBUG HttpSessionSecurityContextRepository:138 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
19:11:07,600 DEBUG HttpSessionSecurityContextRepository:84 - No SecurityContext was available from the HttpSession: [email protected] A new one will be created.
19:11:07,601 DEBUG FilterChainProxy:263 - /registered/home.html at position 2 of 10 in additional filter chain; firing Filter: 'org.[email protected]5b4c1313'
19:11:07,601 DEBUG FilterChainProxy:263 - /registered/home.html at position 3 of 10 in additional filter chain; firing Filter: 'org.springframework.s[email protected]5f787338'
19:11:07,601 DEBUG FilterChainProxy:263 - /registered/home.html at position 4 of 10 in additional filter chain; firing Filter: 'org.sp[email protected]5cd4927f'
19:11:07,601 DEBUG DefaultSavedRequest:316 - pathInfo: both null (property equals)
19:11:07,602 DEBUG DefaultSavedRequest:316 - queryString: both null (property equals)
19:11:07,602 DEBUG DefaultSavedRequest:338 - requestURI: arg1=/dreamcatcher/registered/modify.html; arg2=/dreamcatcher/registered/home.html (property not equals)
19:11:07,602 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
19:11:07,603 DEBUG FilterChainProxy:263 - /registered/home.html at position 5 of 10 in additional filter chain; firing Filter: 'org.springframework.[email protected]7ddff76'
19:11:07,603 DEBUG FilterChainProxy:263 - /registered/home.html at position 6 of 10 in additional filter chain; firing Filter: 'org.springframework.securi[email protected]8afbefd'
19:11:07,603 DEBUG FilterChainProxy:263 - /registered/home.html at position 7 of 10 in additional filter chain; firing Filter: 'org.springfram[email protected]775a9fdf'
19:11:07,604 DEBUG AnonymousAuthenticationFilter:68 - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]d45457b8: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]1de60: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 2A7602A6013D6200B7A663CEED58C478; Granted Authorities: ROLE_ANONYMOUS'
19:11:07,604 DEBUG FilterChainProxy:263 - /registered/home.html at position 8 of 10 in additional filter chain; firing Filter: 'o[email protected]51d394ab'
19:11:07,605 DEBUG FilterChainProxy:263 - /registered/home.html at position 9 of 10 in additional filter chain; firing Filter: 'org[email protected]19c59085'
19:11:07,605 DEBUG FilterChainProxy:263 - /registered/home.html at position 10 of 10 in additional filter chain; firing Filter: 'org.springfr[email protected]3c92218c'
19:11:07,605 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/**/*.xhtml'
19:11:07,606 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/auth/**'
19:11:07,606 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/auth/*'
19:11:07,607 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/registered/home.html'; against '/registered/*'
19:11:07,607 DEBUG FilterSecurityInterceptor:191 - Secure object: FilterInvocation: URL: /registered/home.html; Attributes: [ROLE_USER]
19:11:07,608 DEBUG FilterSecurityInterceptor:291 - Previously Authenticated: org.sprin[email protected]d45457b8: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]1de60: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 2A7602A6013D6200B7A663CEED58C478; Granted Authorities: ROLE_ANONYMOUS
19:11:07,608 DEBUG AffirmativeBased:53 - Voter: [email protected], returned: -1
19:11:07,616 DEBUG AffirmativeBased:53 - Voter: [email protected]f490, returned: 0
19:11:07,636 DEBUG ExceptionTranslationFilter:151 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:95)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:112)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:268)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:121)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:244)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:550)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:380)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:288)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:680)
19:11:07,637 DEBUG HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/dreamcatcher/registered/home.html]
19:11:07,638 DEBUG ExceptionTranslationFilter:175 - Calling Authentication entry point.
19:11:07,638 DEBUG DefaultRedirectStrategy:36 - Redirecting to 'http://localhost:8080/dreamcatcher/auth/login.html'
19:11:07,639 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
19:11:07,651 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/javax.faces.resource/**'
19:11:07,652 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/services/rest-api/1.0/**'
19:11:07,652 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/preregistered/*'
19:11:07,652 DEBUG FilterChainProxy:263 - /auth/login.html at position 1 of 10 in additional filter chain; firing Filter: 'org.spring[email protected]3486a602'
19:11:07,653 DEBUG HttpSessionSecurityContextRepository:138 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
19:11:07,653 DEBUG HttpSessionSecurityContextRepository:84 - No SecurityContext was available from the HttpSession: [email protected] A new one will be created.
19:11:07,653 DEBUG FilterChainProxy:263 - /auth/login.html at position 2 of 10 in additional filter chain; firing Filter: 'org.[email protected]5b4c1313'
19:11:07,653 DEBUG FilterChainProxy:263 - /auth/login.html at position 3 of 10 in additional filter chain; firing Filter: 'org.springframework.s[email protected]5f787338'
19:11:07,654 DEBUG FilterChainProxy:263 - /auth/login.html at position 4 of 10 in additional filter chain; firing Filter: 'org.sp[email protected]5cd4927f'
19:11:07,654 DEBUG DefaultSavedRequest:316 - pathInfo: both null (property equals)
19:11:07,654 DEBUG DefaultSavedRequest:316 - queryString: both null (property equals)
19:11:07,655 DEBUG DefaultSavedRequest:338 - requestURI: arg1=/dreamcatcher/registered/home.html; arg2=/dreamcatcher/auth/login.html (property not equals)
19:11:07,655 DEBUG HttpSessionRequestCache:75 - saved request doesn't match
19:11:07,655 DEBUG FilterChainProxy:263 - /auth/login.html at position 5 of 10 in additional filter chain; firing Filter: 'org.springframework.[email protected]7ddff76'
19:11:07,655 DEBUG FilterChainProxy:263 - /auth/login.html at position 6 of 10 in additional filter chain; firing Filter: 'org.springframework.securi[email protected]8afbefd'
19:11:07,656 DEBUG FilterChainProxy:263 - /auth/login.html at position 7 of 10 in additional filter chain; firing Filter: 'org.springfram[email protected]775a9fdf'
19:11:07,656 DEBUG AnonymousAuthenticationFilter:68 - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]d45457b8: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]1de60: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 2A7602A6013D6200B7A663CEED58C478; Granted Authorities: ROLE_ANONYMOUS'
19:11:07,656 DEBUG FilterChainProxy:263 - /auth/login.html at position 8 of 10 in additional filter chain; firing Filter: 'o[email protected]51d394ab'
19:11:07,657 DEBUG FilterChainProxy:263 - /auth/login.html at position 9 of 10 in additional filter chain; firing Filter: 'org[email protected]19c59085'
19:11:07,657 DEBUG FilterChainProxy:263 - /auth/login.html at position 10 of 10 in additional filter chain; firing Filter: 'org.springfr[email protected]3c92218c'
19:11:07,658 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/**/*.xhtml'
19:11:07,658 DEBUG AntPathRequestMatcher:72 - Checking match of request : '/auth/login.html'; against '/auth/**'
19:11:07,658 DEBUG FilterSecurityInterceptor:191 - Secure object: FilterInvocation: URL: /auth/login.html; Attributes: [ROLE_ANONYMOUS, ROLE_USER]
19:11:07,659 DEBUG FilterSecurityInterceptor:291 - Previously Authenticated: org.sprin[email protected]d45457b8: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]1de60: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 2A7602A6013D6200B7A663CEED58C478; Granted Authorities: ROLE_ANONYMOUS
19:11:07,659 DEBUG AffirmativeBased:53 - Voter: [email protected], returned: 1
19:11:07,659 DEBUG FilterSecurityInterceptor:212 - Authorization successful
19:11:07,660 DEBUG FilterSecurityInterceptor:222 - RunAsManager did not change Authentication object
19:11:07,660 DEBUG FilterChainProxy:252 - /auth/login.html reached end of additional filter chain; proceeding with original chain
19:11:07,672 DEBUG DefaultListableBeanFactory:430 - Creating instance of bean 'authentication'
19:11:07,677 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.beans.LayoutBean com.dc.web.actions.BaseAction.layoutBean
19:11:07,678 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.beans.AuthenticationBean com.dc.web.actions.Authentication.authenticationBean
19:11:07,679 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.api.service.UserManager com.dc.web.actions.Authentication.userManager
19:11:07,679 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'userManager'
19:11:07,680 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.api.service.Utilities com.dc.web.actions.Authentication.utilities
19:11:07,681 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'utilities'
19:11:07,681 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.util.PasswordMailContentHelper com.dc.web.actions.Authentication.passwordMailContentHelper
19:11:07,682 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'passwordMailContentHelper'
19:11:07,683 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for com.dc.web.util.UsernameMailContentHelper com.dc.web.actions.Authentication.usernameMailContentHelper
19:11:07,683 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'usernameMailContentHelper'
19:11:07,684 DEBUG InjectionMetadata:82 - Processing injected method of bean 'authentication': AutowiredFieldElement for org.springframework.security.authentication.encoding.PasswordEncoder com.dc.web.actions.Authentication.passwordEncoder
19:11:07,684 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'passwordEncoder'
19:11:07,685 DEBUG DefaultListableBeanFactory:458 - Finished creating instance of bean 'authentication'
19:11:07,690 DEBUG DefaultListableBeanFactory:430 - Creating instance of bean 'signUpDetail'
19:11:07,692 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for com.dc.web.beans.LayoutBean com.dc.web.actions.BaseAction.layoutBean
19:11:07,692 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for private com.dc.web.beans.SignUpDetailBean com.dc.web.actions.SignUpDetail.signUpDetailBean
19:11:07,693 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for private com.dc.api.service.UserManager com.dc.web.actions.SignUpDetail.userManager
19:11:07,694 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'userManager'
19:11:07,695 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for protected org.springframework.security.authentication.AuthenticationManager com.dc.web.actions.SignUpDetail.authenticationManager
19:11:07,695 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
19:11:07,696 DEBUG InjectionMetadata:82 - Processing injected method of bean 'signUpDetail': AutowiredFieldElement for com.dc.api.service.Utilities com.dc.web.actions.SignUpDetail.utilities
19:11:07,697 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'utilities'
19:11:07,697 DEBUG DefaultListableBeanFactory:458 - Finished creating instance of bean 'signUpDetail'
19:11:07,716 DEBUG DefaultListableBeanFactory:430 - Creating instance of bean 'layout'
19:11:07,717 DEBUG InjectionMetadata:82 - Processing injected method of bean 'layout': AutowiredFieldElement for com.dc.web.beans.LayoutBean com.dc.web.actions.BaseAction.layoutBean
19:11:07,718 DEBUG InjectionMetadata:82 - Processing injected method of bean 'layout': AutowiredFieldElement for private com.dc.web.beans.LayoutBean com.dc.web.actions.Layout.layoutBean
19:11:07,719 DEBUG DefaultListableBeanFactory:458 - Finished creating instance of bean 'layout'
19:11:07,738 DEBUG ExceptionTranslationFilter:98 - Chain processed normally
19:11:07,738 DEBUG HttpSessionSecurityContextRepository:271 - SecurityContext contents are anonymous - context will not be stored in HttpSession.
19:11:07,739 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
이렇게하면 리디렉션을 시도 할 수 있습니까? return "redirect : CONTEXT-PATH/registered/home.html"; 컨텍스트에 따라 CONTEXT-PATH를 대체하십시오. – Ritesh
@Ritesh 리디렉션도 시도했는데 동일한 문제가 발생합니다. 나는 리다이렉트가 일어나는 시점부터 전체 로그를 추가했다. 인증 auth = SecurityContextHolder.getContext()가 있습니다. getAuthentication(); 리디렉션 직전에 사용자 역할이 있고 기본 개체가 올바른지 확인하십시오. 리디렉션이나 게시 후 세션에서 객체를 유지하지 않는 것처럼 보입니다. – c12
Ritesh,