1. 首頁
  2. 問答
  3. 春季安全記住我重新登錄失敗

春季安全記住我重新登錄失敗

2012-02-04 100 views
1

我試圖創建記憶我基於持續令牌方法功能。作爲我的數據源我有mongoDB。爲了在集合中存儲標記,我重寫了PersistentTokenRepository類,它似乎沒問題,但是當我重新打開瀏覽器時,我無法登錄。我正在使用mongoDB來存儲令牌,但它不應該是一個問題,所有數據庫層功能都按預期工作。春季安全記住我重新登錄失敗

我春天的安全配置是這樣的:

<security:global-method-security secured-annotations="enabled" /> 
<security:http pattern="/login.html" security="none"/> 
<security:http pattern="/signup.html" security="none"/> 
    <security:http auto-config="true" access-denied-page="/accessDenied.jsp"> 
    <security:form-login login-page="/login.html" login-processing-url="/login" authentication-failure-url="/login.html?login_error=1" default-target-url="/"/> 
    <security:http-basic/> 
    <security:intercept-url pattern='/**' access='ROLE_USER' /> 
    <security:logout logout-url="/logout" logout-success-url="/"/> 
    <security:remember-me services-ref="rememberMeServices"/> 
    </security:http> 

<bean id="userPassAuthFilterBeanPostProcessor" 
    class="com.mytwitter.web.security.UserPassAuthFilterBeanPostProcessor"> 
    <property name="usernameParameter" value="username" /> 
    <property name="passwordParameter" value="password" /> 
</bean> 

<bean id="LoginUrlAuthenticationEntryPoint" 
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> 
    <property name="loginFormUrl" value="/login" /> 
</bean> 

<bean id="daoAuthenticationProvider" 
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> 
    <property name="userDetailsService" ref="userDetailsService"/> 
</bean> 

<bean id="authenticationManager" 
    class="org.springframework.security.authentication.ProviderManager"> 
    <property name="providers"> 
    <list> 
     <ref local="daoAuthenticationProvider" /> 
    </list> 
    </property> 
</bean> 

<security:authentication-manager alias="authManager"> 
    <security:authentication-provider user-service-ref="userDetailsService"> 
    <security:password-encoder hash="md5"/> 
    </security:authentication-provider> 
</security:authentication-manager> 

<bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices"> 
     <property name="tokenRepository" ref="myTokenRepository" /> 
     <property name="userDetailsService" ref="userDetailsService" /> 
     <property name="key" value="myRememberMeKey" /> 
     <property name="alwaysRemember" value="true" /> 
</bean> 
<bean id="myTokenRepository" class="com.mytwitter.web.security.MyTokenRepository"> 
    </bean>

當我登錄正確我的令牌插入到數據庫。我可以清楚地看到它。 關閉瀏覽器並嘗試重新登錄驗證失敗後。 mongoDB所有查詢都成功執行沒有問題。

當我打開調試運行我看到以下行爲:

2012-02-05 00:33:54,374 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.FilterChainProxy - /index.jsp at position 7 of 11 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' - 287265 
2012-02-05 00:33:59,801 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie detected - 292692 
getting Token 
2012-02-05 00:34:04,829 DEBUG [http-bio-8080-exec-7] org.springframework.data.mongodb.core.MongoTemplate - findOne using query: { "series" : "qhvYe8ZsDX+72ZbeNxSGzQ=="} in db.collection: xxx.rememberMeTokens - 297720 
2012-02-05 00:34:21,471 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Refreshing persistent login token for user 'aaaa', series 'qhvYe8ZsDX+72ZbeNxSGzQ==' - 314362 
Updating Token 
2012-02-05 00:34:23,043 DEBUG [http-bio-8080-exec-7] org.springframework.data.mongodb.core.MongoTemplate - calling update using query: { "series" : "qhvYe8ZsDX+72ZbeNxSGzQ=="} and update: { "$set" : { "token" : "LVBRYo/vjEARdm262UA07g==" , "last_used" : { "$date" : "2012-02-04T22:34:22.333Z"}}} in collection: persistentRememberMeToken - 315934 
2012-02-05 00:34:26,427 DEBUG [http-bio-8080-exec-7] org.springframework.data.mongodb.core.MongoTemplate - findOne using query: { "nickname" : "aaaa"} in db.collection: xxxx.users - 319318 
2012-02-05 00:34:45,623 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie accepted - 338514 
2012-02-05 00:36:24,438 DEBUG [http-bio-8080-exec-7] org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.RememberMeAuthenticationProvider - 437329 
2012-02-05 00:36:45,543 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as AuthenticationManager rejected Authentication returned by RememberMeServices: 'org.spring[email protected]7609e07a: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'; invalidating remember-me token - 458434 
org.springframework.security.authentication.BadCredentialsException: The presented RememberMeAuthenticationToken does not contain the expected key 
    at org.springframework.security.authentication.RememberMeAuthenticationProvider.authenticate(RememberMeAuthenticationProvider.java:64) 
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) 
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) 
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) 
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515) 
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) 
    at java.lang.Thread.run(Thread.java:679)

我缺少什麼?

來源

2012-02-04 danny.lesnik

+0

嘗試在驗證令牌的方法中設置斷點。 – Ralph 2012-02-05 11:55:55

+0

已經做到了。令牌hashkey是不一樣的,但我不明白爲什麼。 – 2012-02-05 11:58:08

+0

爲了您可能應該發佈代碼來調整散列,以及導入信息,哈希不等於 – Ralph 2012-02-05 12:00:03

回答

0

今天,我重新啓動我的筆記本電腦,並啓動tomcat + eclipse後,它工作正常,並沒有發生錯誤。我對這種行爲感到困惑,但上帝讓我勇於接受我無法理解的事情,但我相信它與這個網站的舊餅乾有關。現在,當他們都過期了,它工作正常。

來源

2012-02-05 12:37:28

相關問題

 相關問題