1. 首頁
  2. 問答
  3. Jetty嵌入式服務器和Spring安全集成

Jetty嵌入式服務器和Spring安全集成

2015-08-15 101 views
0

我想使用Spring Security登錄,當我使用jetty maven插件時,我的代碼已經工作。但是現在我希望它能夠在Jetty Embedded Server上運行。當我提交的登錄去春來安全加工環節,它表明這樣的警告:Jetty嵌入式服務器和Spring安全集成

HTTP ERROR: 500 
INTERNAL_SERVER_ERROR 
RequestURI=/auth/login_check 
Caused by: 
java.lang.AbstractMethodError 
at javax.servlet.http.HttpServletRequestWrapper.changeSessionId(HttpServletRequestWrapper.java:290) 
at javax.servlet.http.HttpServletRequestWrapper.changeSessionId(HttpServletRequestWrapper.java:290) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
at java.lang.reflect.Method.invoke(Unknown Source) 
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:209) 
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:194) 
at org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy.applySessionFixation(ChangeSessionIdAuthenticationStrategy.java:48) 
at org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.onAuthentication(AbstractSessionFixationProtectionStrategy.java:82) 
at org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy.onAuthentication(ChangeSessionIdAuthenticationStrategy.java:32) 
at org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy.onAuthentication(CompositeSessionAuthenticationStrategy.java:83) 
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:216) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) 
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) 
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) 
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) 
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) 
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) 
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:361) 
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) 
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181) 
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766) 
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417) 
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) 
at org.mortbay.jetty.Server.handle(Server.java:324) 
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534) 
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:879) 
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:741) 
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:213) 
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:403) 
at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) 
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:522)

我與JSP-2.1,JSP-API 2.1罐子碼頭的猜測相沖突。我能做些什麼來解決這個問題?這是我的碼頭依賴性:在調度員的servlet XML

<properties> 
    <jetty.version>6.1.14</jetty.version> 
</properties> 
... 
    <dependency> 
     <groupId>org.mortbay.jetty</groupId> 
     <artifactId>jetty</artifactId> 
     <version>${jetty.version}</version> 
    </dependency> 
    <dependency> 
     <groupId>org.mortbay.jetty</groupId> 
     <artifactId>jetty-util</artifactId> 
     <version>${jetty.version}</version> 
    </dependency> 
    <dependency> 
     <groupId>org.mortbay.jetty</groupId> 
     <artifactId>jetty-plus</artifactId> 
     <version>${jetty.version}</version> 
    </dependency> 

    <!--jsp support for jetty, add the 2 following --> 
    <dependency> 
     <groupId>org.mortbay.jetty</groupId> 
     <artifactId>jsp-2.1</artifactId> 
     <version>${jetty.version}</version> 
    </dependency> 
    <dependency> 
     <groupId>org.mortbay.jetty</groupId> 
     <artifactId>jsp-api-2.1</artifactId> 
     <version>${jetty.version}</version> 
    </dependency>

春季安全配置:

<security:http auto-config="true" use-expressions="true"> 
    <security:form-login login-page="/login" 
     username-parameter="email" password-parameter="password" 
     login-processing-url="/auth/login_check" authentication-failure-url="/login?error" 
     default-target-url="/" always-use-default-target="true" /> 
    <security:logout logout-url="/logout" 
     logout-success-url="/" delete-cookies="JSESSIONID" /> 
    <security:remember-me token-validity-seconds="1209600" 
     remember-me-parameter="remember-me" data-source-ref="dataSource" /> 
</security:http> 

<security:authentication-manager> 
    <security:authentication-provider> 
     <security:password-encoder hash="md5" /> 
     <security:jdbc-user-service 
      data-source-ref="dataSource" 
      users-by-username-query="select email, password, enabled from users where email=?" 
      authorities-by-username-query="select username, role from user_roles where username=?" /> 
    </security:authentication-provider> 
</security:authentication-manager> 

<bean id="dataSource" 
    class="org.springframework.jdbc.datasource.DriverManagerDataSource"> 
    <property name="driverClassName" value="com.mysql.jdbc.Driver"></property> 
    <property name="url" value="jdbc:mysql://localhost:3306/chamgroupdb" /> 
    <property name="username" value="root"></property> 
    <property name="password" value=""></property> 
</bean> 

<bean id="sessionFactory" 
    class="org.springframework.orm.hibernate4.LocalSessionFactoryBean"> 
    <property name="dataSource" ref="dataSource" /> 
    <property name="hibernateProperties"> 
     <props> 
      <prop key="hibernate.dialect">org.hibernate.dialect.DerbyDialect</prop> 
      <prop key="hibernate.show_sql">true</prop> 
      <prop key="javax.persistence.validation.factory">validator</prop> 
     </props> 
    </property> 
    <property name="packagesToScan" value="com.chamgroup.model" /> 
</bean>

來源

2015-08-15 Viet Phan

回答

2

您需要升級碼頭這個工作。

javax.servlet.http.HttpServletRequest.changeSessionId()是在Servlet 3.1中引入的。

碼頭6是Servlet 2.4的 - 並EOL(壽命結束)在2010年

碼頭7是的Servlet 2.5 - 並且是EOL在2014

碼頭8是的Servlet 3.0 - 和在2014年是EOL

碼頭9.0 - 9.1是基於Servlet 3.1規範

碼頭9.2.x是第一個版本的早期草案/α/β版本的版本,以支持最終的Servlet 3.1規範

Jetty 9.3.2是Jetty的當前穩定版本(並且需要Java 8)

來源

2015-08-26 13:11:28

+0

感謝有關每個版本的Servlet的信息 –

相關問題

 相關問題