0
나는 내 로컬 환경에서 잘 작동하는 앱을 만들었습니다. 그러나 인증을 위해 Siteminder를 사용하는 개발 환경에 배포 할 때 모든 이미지와 CSS 파일에 대해 "액세스 거부"가 발생합니다. 나는 인증 후에 jsessionid가 url에 추가 된 것을 알아 차 렸습니다. 수동으로 테스트하여 jsessionid를 이미지 url에 붙여 넣습니다. 이제 이미지가 나타납니다!jsessionid가없는 리소스에 액세스가 거부되는 이유는 무엇입니까?
누구나 무슨 일이 벌어 질지 상상해보십시오. jsessionid가 이미지 및 CSS에 액세스하는 데 중요한 이유는 무엇입니까?
난 그 도움이된다면 어떤 코드 예제를 게시 기쁠 것...
** 편집
나는 몇 가지 추가 로깅을 설정했는데 문제가 어디 있는지 볼 수 있지만, 정말 그것을 해결하는 방법.
19:40:27,236 INFO [STDOUT] 2010-12-17 19:40:27,236 [http-0.0.0.0-30080-1] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
at org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter.getPreAuthenticatedPrincipal(RequestHeaderAuthenticationFilter.java:43)
at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doAuthenticate(AbstractPreAuthenticatedProcessingFilter.java:98)
at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:86)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
내 봄 보안 설정 :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<bean id="filterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="securityMetadataSource">
<security:filter-security-metadata-source>
<security:intercept-url pattern="/"
access="ROLE_VIEW_WELCOME" />
<security:intercept-url pattern="/cfs"
access="ROLE_VIEW_WELCOME" />
<security:intercept-url pattern="/app"
access="ROLE_VIEW_WELCOME" />
<security:intercept-url pattern="/welcome/**"
access="ROLE_VIEW_WELCOME" />
<security:intercept-url pattern="/styles/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/scripts/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/images/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/ruleManagement/**"
access="ROLE_VIEW_RULE_MANAGEMENT" />
<security:intercept-url pattern="/vendorManagement/**"
access="ROLE_VENDOR_MANAGEMENT" />
<security:intercept-url pattern="/userManagement/**"
access="ROLE_USER_MANAGEMENT" />
<security:intercept-url pattern="/titleManagement/**"
access="ROLE_TITLE_MANAGEMENT" />
<security:intercept-url pattern="/typeManagement/**"
access="ROLE_TYPE_MANAGEMENT" />
<security:intercept-url pattern="/seriesManagement/**"
access="ROLE_SERIES_MANAGEMENT" />
<security:intercept-url pattern="/sequenceManagement/**"
access="ROLE_SEQUENCE_MANAGEMENT" />
<security:intercept-url pattern="/roleManagement/**"
access="ROLE_GROUP_MANAGEMENT" />
<security:intercept-url pattern="/reports/**"
access="ROLE_REPORTS" />
<security:intercept-url pattern="/reportsNew/**"
access="ROLE_REPORTS" />
<security:intercept-url pattern="/fingerprint/**"
access="ROLE_FINGERPRINT" />
<security:intercept-url pattern="/**"
access="ROLE_VIEW_OTHER" />
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="preauthenticationProcessingFilterEntryPoint" />
<property name="accessDeniedHandler" ref="accessDeniedHandler" />
</bean>
<security:authentication-manager alias="authenticationManagerParent" />
<bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager"
parent="authenticationManagerParent">
<property name="providers">
<list>
<ref local="preauthAuthProvider" />
</list>
</property>
</bean>
<bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
<bean id="sessionRegistry" class="org.acegisecurity.concurrent.SessionRegistryImpl" />
<bean id="defaultConcurrentSessionController"
class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="exceptionIfMaximumExceeded" value="true" />
</bean>
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/**"
filters="securityContextPersistenceFilter, exceptionTranslationFilter, siteminderFilter, filterSecurityInterceptor" />
</security:filter-chain-map>
</bean>
<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<property name='securityContextRepository'>
<bean
class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
<property name='allowSessionCreation' value='true' />
</bean>
</property>
</bean>
<bean id="siteminderFilter"
class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<property name="principalRequestHeader" value="SM_USER" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="continueFilterChainOnUnsuccessfulAuthentication"
value="false" />
</bean>
<bean id="mockSiteMinderFilter" class="com.disney.cfs.util.SiteMinderMockFilter"/>
<bean id="preauthAuthProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" ref="userDetailsService"/>
</bean>
<bean id="userDetailsService" class="com.disney.cfs.util.UserDetailsServiceUtil"/>
<bean id="preauthenticationProcessingFilterEntryPoint"
class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
<bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
</beans>
응답 해 주셔서 감사합니다. 브라우저에서 쿠키를 사용합니다. 팀에서 URL의 jsessionid를 확인하는 Siteminder에 대한 정보가 있는지 확인해야합니다. – Corey