彈簧安全j_spring_security註銷問題

我正在研究彈簧安全。但j_spring_security serlvet似乎不起作用。我如何調試問題，或至少查找根本原因？我沒有看到任何有用的日誌文件...彈簧安全j_spring_security註銷問題

<?xml version="1.0" encoding="UTF-8"?> 

<!-- 
    - Sample namespace-based configuration 
    - 
    --> 

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 

<global-method-security pre-post-annotations="enabled"> 
    <!-- 
    AspectJ pointcut expression that locates our "post" method and 
    applies security that way <protect-pointcut expression="execution(* 
    bigbank.*Service.post*(..))" access="ROLE_TELLER"/> 
    --> 
</global-method-security> 

<http use-expressions="true"> 
    <intercept-url pattern="/" access="permitAll" /> 
    <intercept-url pattern="/login/**" filters="none" /> 
    <intercept-url pattern="/static/**" filters="none" /> 
    <intercept-url pattern="/**" access="isAuthenticated()" /> 
    <form-login login-page="/login/login.jsp" 
    default-target-url="/fileList.do" authentication-failure-url="/login/login.jsp?login_error=1" /> 
    <logout logout-success-url="/login/logout_success.jsp" /> 
    <!-- 
    Uncomment to enable X509 client authentication support <x509 /> 
    --> 
    <!-- Uncomment to limit the number of sessions a user can have --> 
    <session-management invalid-session-url="/timeout.jsp"> 
    <concurrency-control max-sessions="1" 
    error-if-maximum-exceeded="true" /> 
    </session-management> 
</http>

編輯

的話，我已經簽出了錯誤，這裏是日誌文件

的切當我註銷

DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/j_spring_security_logout' 
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_logout'; pattern is /login/**; matched=false 
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/j_spring_security_logout' 
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_logout'; pattern is /static/**; matched=false 
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/j_spring_security_logout' 
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_logout'; pattern is /**; matched=true 
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_logout at position 1 of 10 in additional filter chain; firing Filter: 'o[email protected]40ece0' 
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_logout at position 2 of 10 in additional filter chain; firing Filter: 'org.spring[email protected]1041876' 
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:165) - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '[email protected]583dd2: Authentication: org.springframew[email protected]86583dd2: Principal: [email protected]: Username: rod; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR,ROLE_TELLER,ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: C6056CE774DE3568943D98A05ABCC744; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER' 
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_logout at position 3 of 10 in additional filter chain; firing Filter: 'org.[email protected]174a6e2' 
DEBUG [http-8080-2] (LogoutFilter.java:93) - Logging out user 'org.springframew[email protected]86583dd2: Principal: [email protected]: Username: rod; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR,ROLE_TELLER,ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: C6056CE774DE3568943D98A05ABCC744; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER' and transferring to logout destination 
DEBUG [http-8080-2] (AbstractAuthenticationTargetUrlRequestHandler.java:93) - Using default Url: /login/logout_success.jsp 
DEBUG [http-8080-2] (DefaultRedirectStrategy.java:34) - Redirecting to '/crvWeb/login/logout_success.jsp' 
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:359) - HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session 
DEBUG [http-8080-2] (SecurityContextPersistenceFilter.java:89) - SecurityContextHolder now cleared, as request processing completed 
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/login/logout_success.jsp'; to: '/login/logout_success.jsp' 
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/login/logout_success.jsp'; pattern is /login/**; matched=true 
DEBUG [http-8080-2] (FilterChainProxy.java:139) - has an empty filter list

然後再次登錄。春天說我有一個活躍的會議，並沒有允許登錄

請注意日誌中的例外原因：該主體的最大會話數超過1。

DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check' 
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_check'; pattern is /login/**; matched=false 
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check' 
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_check'; pattern is /static/**; matched=false 
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check' 
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_check'; pattern is /**; matched=true 
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'o[email protected]40ece0' 
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'org.spring[email protected]1041876' 
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:141) - HttpSession returned null object for SPRING_SECURITY_CONTEXT 
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:87) - No SecurityContext was available from the HttpSession: [email protected] A new one will be created. 
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'org.[email protected]174a6e2' 
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_check at position 4 of 10 in additional filter chain; firing Filter: 'org.springframework.s[email protected]1786a3c' 
DEBUG [http-8080-2] (AbstractAuthenticationProcessingFilter.java:193) - Request is to process authentication 
DEBUG [http-8080-2] (ProviderManager.java:117) - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider 
DEBUG [http-8080-2] (AbstractAuthenticationProcessingFilter.java:318) - Authentication request failed: org.springframework.security.web.authentication.session.SessionAuthenticationException: Maximum sessions of 1 for this principal exceeded 
DEBUG [http-8080-2] (AbstractAuthenticationProcessingFilter.java:319) - Updated SecurityContextHolder to contain null Authentication 
DEBUG [http-8080-2] (AbstractAuthenticationProcessingFilter.java:320) - Delegating to authentication failure handlerorg.springframework.se[email protected]21447f 
DEBUG [http-8080-2] (SimpleUrlAuthenticationFailureHandler.java:56) - Redirecting to /login/login.jsp?login_error=1 
DEBUG [http-8080-2] (DefaultRedirectStrategy.java:34) - Redirecting to '/crvWeb/login/login.jsp?login_error=1' 
DEBUG [http-8080-2] (SecurityContextPersistenceFilter.java:89) - SecurityContextHolder now cleared, as request processing completed 
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/login/login.jsp'; to: '/login/login.jsp' 
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/login/login.jsp'; pattern is /login/**; matched=true 
DEBUG [http-8080-2] (FilterChainProxy.java:139) - has an empty filter list

爲什麼我的註銷不工作？我如何尋找原因？

來源

2010-06-30 nokheat

我沒有看到任何有用的日誌文件...

你有沒有在你的web應用到日誌記錄級別設置爲DEBUG配置日誌記錄？ Spring/SpringSecurity在這個級別輸出了很多有用的東西。

編輯

你的日誌文件通常寫到$CATALINA_HOME/logs，但是這取決於你的日誌記錄屬性。

配置webapp日誌記錄（假設log4j）的簡單方法是將log4j.properties或log4j.xml文件放入webapp的/WEB-INF/classes目錄中。

如果要通過類路徑訪問資源文件，它們還需要位於classes目錄中。但是，如果您可以通過其他方式訪問它們，它們可以位於Web應用程序樹中的任（你甚至可以把資源放在樹外，但是在部署它們時會遇到問題。）

這些問題在相關的Tomcat和Log4j文檔中都有更全面的瞭解。也可能在Spring「入門」文檔中。

來源

2010-06-30 01:55:31

也談到：如何定義資源路徑，在這裏我們把他們的做法？ – nokheat 2010-06-30 02:11:50

我不明白你在說什麼。你在說什麼「他們」？ – 2010-06-30 02:16:07

我正在談論資源文件。在開發模式和生產模式下，我們在哪裏將資源文件指向？並且需要任何配置？或只使用默認？以及日誌文件將指向的位置？ – nokheat 2010-06-30 02:25:25

春季安全要求web.xml一個<listener>爲了使<concurrency-control>，see docs：

<listener> 
    <listener-class> 
     org.springframework.security.web.session.HttpSessionEventPublisher 
    </listener-class> 
</listener>

來源

2010-06-30 10:14:23 axtavt

這幾乎肯定是這裏的問題。當會話在註銷時銷燬時，Spring Security會話註冊表需要更新。 Spring Security FAQ中還有一個關於這個的條目。 – 2010-07-04 12:48:43

彈簧安全j_spring_security註銷問題

回答

相關問題