[SPRING] 스프링 보안 3.1 : 세션 동시성 제어가 작동하지 않는 이유는 무엇입니까?
SPRING스프링 보안 3.1 : 세션 동시성 제어가 작동하지 않는 이유는 무엇입니까?
스프링 보안 3.1.4와 보안 동시 세션을 사용하려고합니다. 하지만 작동하지 않는 이유를 이해하지 못합니다. Tomcat https는 http 요청을 리디렉션하도록 구성되어 있지만 실제 문제에서 역할을하는지는 알 수 없습니다.
이걸 내게 주시겠습니까?
감사.
이것은 내 봄 보안 xml입니다.
<security:http auto-config="true" use-expressions="true" disable-url-rewriting="true">
<security:intercept-url pattern="/Loginsucess*" access="isAuthenticated()" />
<security:intercept-url pattern="/Login" access="hasRole('ROLE_ANONYMOUS')" />
<security:intercept-url pattern="/Login/Error" access="hasRole('ROLE_ANONYMOUS')" />
<security:form-login login-page="/Login" login-processing-url="/j_spring_security_check" authentication-failure-url="/Login/Error" default-target-url="/Loginsucess" />
<security:logout logout-url="/j_spring_security_logout" logout-success-url="/Login" delete-cookies="JSESSIONID" invalidate-session="true"/>
<security:anonymous/>
<security:session-management invalid-session-url="/Login" >
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</security:session-management>
<security:port-mappings>
<security:port-mapping http="8086" https="8443"/>
</security:port-mappings>
</security:http>
이미 web.xml에 이것을 추가합니다.
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
편집하다 :
첫 번째 로깅 :
> 17:57:17,116 DEBUG FilterChainProxy:337 - /j_spring_security_check at
> position 1 of 11 in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 17:57:17,117 DEBUG
> HttpSessionSecurityContextRepository:139 - HttpSession returned null
> object for SPRING_SECURITY_CONTEXT 17:57:17,117 DEBUG
> HttpSessionSecurityContextRepository:85 - No SecurityContext was
> available from the HttpSession:
> org.apache.catalina.session.StandardSessionFacade@1a60232c. A new one
> will be created. 17:57:17,117 DEBUG FilterChainProxy:337 -
> /j_spring_security_check at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 17:57:17,117 DEBUG
> FilterChainProxy:337 - /j_spring_security_check at position 3 of 11 in
> additional filter chain; firing Filter: 'LogoutFilter' 17:57:17,117
> DEBUG FilterChainProxy:337 - /j_spring_security_check at position 4 of
> 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 17:57:17,117 DEBUG
> UsernamePasswordAuthenticationFilter:189 - Request is to process
> authentication 17:57:17,118 DEBUG ProviderManager:152 - Authentication
> attempt using
> org.springframework.security.authentication.dao.DaoAuthenticationProvider
> Hibernate: select user0_.id as id1_13_, user0_.username as
> username2_13_, user0_.firstname as firstnam3_13_, user0_.lastname as
> lastname4_13_, user0_.password as password5_13_, user0_.email as
> email6_13_, user0_.enabled as enabled7_13_ from biomoltracker.LOG_user
> user0_ where user0_.username=? Hibernate: select roles1_.role_name as
> col_0_0_ from biomoltracker.LOG_user user0_ inner join
> biomoltracker.LOG_role roles1_ on user0_.id=roles1_.id_user_fk where
> user0_.id=? 17:57:17,355 DEBUG ConcurrentSessionControlStrategy:88 -
> Invalidating session with Id '4A09DE3E6ACDE04373284600DACDBE39' and
> migrating attributes. 17:57:17,355 DEBUG HttpSessionEventPublisher:83
> - Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@1a60232c]
> 17:57:17,356 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@60e9ebe1]
> 17:57:17,356 DEBUG ConcurrentSessionControlStrategy:98 - Started new
> session: 7431CCBD3008FC59A2AF1C44632F33F0 17:57:17,356 DEBUG
> SessionRegistryImpl:107 - Registering session
> 7431CCBD3008FC59A2AF1C44632F33F0, for principal
> com.clb.genomic.lyon.model.User@654f8017 17:57:17,356 DEBUG
> UsernamePasswordAuthenticationFilter:317 - Authentication success.
> Updating SecurityContextHolder to contain:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 17:57:17,357 DEBUG
> SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url:
> /Loginsucess 17:57:17,357 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Loginsucess' 17:57:17,357 DEBUG
> HttpSessionSecurityContextRepository:292 - SecurityContext stored to
> HttpSession:
> 'org.springframework.security.core.context.SecurityContextImpl@ff2ffd00:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,357 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 17:57:17,360 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 1 of 11 in additional
> filter chain; firing Filter: 'SecurityContextPersistenceFilter'
> 17:57:17,361 DEBUG HttpSessionSecurityContextRepository:158 - Obtained
> a valid SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@ff2ffd00:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,361 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 2 of 11 in additional filter chain; firing
> Filter: 'ConcurrentSessionFilter' 17:57:17,361 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 3 of 11 in additional
> filter chain; firing Filter: 'LogoutFilter' 17:57:17,361 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 4 of 11 in additional
> filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
> 17:57:17,361 DEBUG FilterChainProxy:337 - /Loginsucess at position 5
> of 11 in additional filter chain; firing Filter:
> 'BasicAuthenticationFilter' 17:57:17,361 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 6 of 11 in additional filter chain; firing
> Filter: 'RequestCacheAwareFilter' 17:57:17,362 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 7 of 11 in additional
> filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 17:57:17,362 DEBUG FilterChainProxy:337 - /Loginsucess at position 8
> of 11 in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 17:57:17,362 DEBUG
> AnonymousAuthenticationFilter:107 - SecurityContextHolder not
> populated with anonymous token, as it already contained:
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 17:57:17,362 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 9 of 11 in additional filter chain; firing
> Filter: 'SessionManagementFilter' 17:57:17,362 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 10 of 11 in additional
> filter chain; firing Filter: 'ExceptionTranslationFilter' 17:57:17,362
> DEBUG FilterChainProxy:337 - /Loginsucess at position 11 of 11 in
> additional filter chain; firing Filter: 'FilterSecurityInterceptor'
> 17:57:17,362 DEBUG AntPathRequestMatcher:116 - Checking match of
> request : '/loginsucess'; against '/loginsucess*' 17:57:17,363 DEBUG
> FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL:
> /Loginsucess; Attributes: [isAuthenticated()] 17:57:17,363 DEBUG
> FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ff2ffd00:
> Principal: com.clb.genomic.lyon.model.User@654f8017; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@0:
> RemoteIpAddress: 192.168.154.18; SessionId:
> 4A09DE3E6ACDE04373284600DACDBE39; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 17:57:17,363 DEBUG AffirmativeBased:65 -
> Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 17:57:17,363 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 17:57:17,363 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 17:57:17,364 DEBUG FilterChainProxy:323 -
> /Loginsucess reached end of additional filter chain; proceeding with
> original chain 17:57:17,469 DEBUG ExceptionTranslationFilter:115 -
> Chain processed normally 17:57:17,469 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed
두 번째 사용자가 동일한 (사용자 이름 / 암호) 다른 컴퓨터에서 로그인 할 때.
> 8:01:47,309 DEBUG FilterChainProxy:337 - /j_spring_security_check at
> position 1 of 11 in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:47,310 DEBUG
> HttpSessionSecurityContextRepository:139 - HttpSession returned null
> object for SPRING_SECURITY_CONTEXT 18:01:47,310 DEBUG
> HttpSessionSecurityContextRepository:85 - No SecurityContext was
> available from the HttpSession:
> org.apache.catalina.session.StandardSessionFacade@67a53697. A new one
> will be created. 18:01:47,310 DEBUG FilterChainProxy:337 -
> /j_spring_security_check at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 18:01:47,310 DEBUG
> FilterChainProxy:337 - /j_spring_security_check at position 3 of 11 in
> additional filter chain; firing Filter: 'LogoutFilter' 18:01:47,310
> DEBUG FilterChainProxy:337 - /j_spring_security_check at position 4 of
> 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 18:01:47,310 DEBUG
> UsernamePasswordAuthenticationFilter:189 - Request is to process
> authentication 18:01:47,310 DEBUG ProviderManager:152 - Authentication
> attempt using
> org.springframework.security.authentication.dao.DaoAuthenticationProvider
> Hibernate: select user0_.id as id1_13_, user0_.username as
> username2_13_, user0_.firstname as firstnam3_13_, user0_.lastname as
> lastname4_13_, user0_.password as password5_13_, user0_.email as
> email6_13_, user0_.enabled as enabled7_13_ from biomoltracker.LOG_user
> user0_ where user0_.username=? Hibernate: select roles1_.role_name as
> col_0_0_ from biomoltracker.LOG_user user0_ inner join
> biomoltracker.LOG_role roles1_ on user0_.id=roles1_.id_user_fk where
> user0_.id=? 18:01:47,317 DEBUG ConcurrentSessionControlStrategy:88 -
> Invalidating session with Id 'E644740185BC8E28272BD4F80751D445' and
> migrating attributes. 18:01:47,318 DEBUG HttpSessionEventPublisher:83
> - Publishing event: org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@67a53697]
> 18:01:47,318 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@65447c32]
> 18:01:47,318 DEBUG ConcurrentSessionControlStrategy:98 - Started new
> session: 3694308C7FCA68AC5FFD1E442464FE50 18:01:47,318 DEBUG
> SessionRegistryImpl:107 - Registering session
> 3694308C7FCA68AC5FFD1E442464FE50, for principal
> com.clb.genomic.lyon.model.User@1b2c4d8f 18:01:47,319 DEBUG
> UsernamePasswordAuthenticationFilter:317 - Authentication success.
> Updating SecurityContextHolder to contain:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 18:01:47,319 DEBUG
> SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url:
> /Loginsucess 18:01:47,319 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Loginsucess' 18:01:47,319 DEBUG
> HttpSessionSecurityContextRepository:292 - SecurityContext stored to
> HttpSession:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,320 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 18:01:47,324 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 1 of 11 in additional
> filter chain; firing Filter: 'SecurityContextPersistenceFilter'
> 18:01:47,324 DEBUG HttpSessionSecurityContextRepository:158 - Obtained
> a valid SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,324 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 2 of 11 in additional filter chain; firing
> Filter: 'ConcurrentSessionFilter' 18:01:47,324 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 3 of 11 in additional
> filter chain; firing Filter: 'LogoutFilter' 18:01:47,325 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 4 of 11 in additional
> filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
> 18:01:47,325 DEBUG FilterChainProxy:337 - /Loginsucess at position 5
> of 11 in additional filter chain; firing Filter:
> 'BasicAuthenticationFilter' 18:01:47,325 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 6 of 11 in additional filter chain; firing
> Filter: 'RequestCacheAwareFilter' 18:01:47,325 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 7 of 11 in additional
> filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 18:01:47,325 DEBUG FilterChainProxy:337 - /Loginsucess at position 8
> of 11 in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 18:01:47,325 DEBUG
> AnonymousAuthenticationFilter:107 - SecurityContextHolder not
> populated with anonymous token, as it already contained:
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:47,326 DEBUG FilterChainProxy:337 -
> /Loginsucess at position 9 of 11 in additional filter chain; firing
> Filter: 'SessionManagementFilter' 18:01:47,326 DEBUG
> FilterChainProxy:337 - /Loginsucess at position 10 of 11 in additional
> filter chain; firing Filter: 'ExceptionTranslationFilter' 18:01:47,326
> DEBUG FilterChainProxy:337 - /Loginsucess at position 11 of 11 in
> additional filter chain; firing Filter: 'FilterSecurityInterceptor'
> 18:01:47,326 DEBUG AntPathRequestMatcher:116 - Checking match of
> request : '/loginsucess'; against '/loginsucess*' 18:01:47,326 DEBUG
> FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL:
> /Loginsucess; Attributes: [isAuthenticated()] 18:01:47,326 DEBUG
> FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN 18:01:47,327 DEBUG AffirmativeBased:65 -
> Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 18:01:47,327 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 18:01:47,327 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 18:01:47,327 DEBUG FilterChainProxy:323 -
> /Loginsucess reached end of additional filter chain; proceeding with
> original chain 18:01:47,427 DEBUG ExceptionTranslationFilter:115 -
> Chain processed normally 18:01:47,427 DEBUG
> SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed 18:01:56,039 DEBUG
> FilterChainProxy:337 - /j_spring_security_logout at position 1 of 11
> in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:56,040 DEBUG
> HttpSessionSecurityContextRepository:158 - Obtained a valid
> SecurityContext from SPRING_SECURITY_CONTEXT:
> 'org.springframework.security.core.context.SecurityContextImpl@7eb37c04:
> Authentication:
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' 18:01:56,040 DEBUG FilterChainProxy:337 -
> /j_spring_security_logout at position 2 of 11 in additional filter
> chain; firing Filter: 'ConcurrentSessionFilter' 18:01:56,040 DEBUG
> FilterChainProxy:337 - /j_spring_security_logout at position 3 of 11
> in additional filter chain; firing Filter: 'LogoutFilter' 18:01:56,040
> DEBUG LogoutFilter:93 - Logging out user
> 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@7eb37c04:
> Principal: com.clb.genomic.lyon.model.User@1b2c4d8f; Credentials:
> [PROTECTED]; Authenticated: true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c:
> RemoteIpAddress: 192.168.154.20; SessionId:
> E644740185BC8E28272BD4F80751D445; Granted Authorities: ROLE_ADMIN_NGS,
> ROLE_GUEST_CGH, ROLE_ADMIN' and transferring to logout destination
> 18:01:56,040 DEBUG SecurityContextLogoutHandler:62 - Invalidating
> session: 3694308C7FCA68AC5FFD1E442464FE50 18:01:56,040 DEBUG
> HttpSessionEventPublisher:83 - Publishing event:
> org.springframework.security.web.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade@65447c32]
> 18:01:56,041 DEBUG SessionRegistryImpl:156 - Removing session
> 3694308C7FCA68AC5FFD1E442464FE50 from principal's set of registered
> sessions 18:01:56,041 DEBUG SessionRegistryImpl:164 - Removing
> principal com.clb.genomic.lyon.model.User@1b2c4d8f from registry
> 18:01:56,041 DEBUG SimpleUrlLogoutSuccessHandler:107 - Using default
> Url: /Login 18:01:56,041 DEBUG DefaultRedirectStrategy:36 -
> Redirecting to '/Lyric/Login' 18:01:56,041 DEBUG
> HttpSessionSecurityContextRepository:269 - SecurityContext is empty or
> contents are anonymous - context will not be stored in HttpSession.
> 18:01:56,042 DEBUG SecurityContextPersistenceFilter:97 -
> SecurityContextHolder now cleared, as request processing completed
> 18:01:56,045 DEBUG FilterChainProxy:337 - /Login at position 1 of 11
> in additional filter chain; firing Filter:
> 'SecurityContextPersistenceFilter' 18:01:56,045 DEBUG
> HttpSessionSecurityContextRepository:127 - No HttpSession currently
> exists 18:01:56,045 DEBUG HttpSessionSecurityContextRepository:85 - No
> SecurityContext was available from the HttpSession: null. A new one
> will be created. 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at
> position 2 of 11 in additional filter chain; firing Filter:
> 'ConcurrentSessionFilter' 18:01:56,046 DEBUG FilterChainProxy:337 -
> /Login at position 3 of 11 in additional filter chain; firing Filter:
> 'LogoutFilter' 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at
> position 4 of 11 in additional filter chain; firing Filter:
> 'UsernamePasswordAuthenticationFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 5 of 11 in additional filter
> chain; firing Filter: 'BasicAuthenticationFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 6 of 11 in additional filter
> chain; firing Filter: 'RequestCacheAwareFilter' 18:01:56,046 DEBUG
> FilterChainProxy:337 - /Login at position 7 of 11 in additional filter
> chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
> 18:01:56,046 DEBUG FilterChainProxy:337 - /Login at position 8 of 11
> in additional filter chain; firing Filter:
> 'AnonymousAuthenticationFilter' 18:01:56,047 DEBUG
> AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder
> with anonymous token:
> 'org.springframework.security.authentication.AnonymousAuthenticationToken@90554a14:
> Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated:
> true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@3bcc:
> RemoteIpAddress: 192.168.154.20; SessionId: null; Granted Authorities:
> ROLE_ANONYMOUS' 18:01:56,047 DEBUG FilterChainProxy:337 - /Login at
> position 9 of 11 in additional filter chain; firing Filter:
> 'SessionManagementFilter' 18:01:56,047 DEBUG FilterChainProxy:337 -
> /Login at position 10 of 11 in additional filter chain; firing Filter:
> 'ExceptionTranslationFilter' 18:01:56,047 DEBUG FilterChainProxy:337 -
> /Login at position 11 of 11 in additional filter chain; firing Filter:
> 'FilterSecurityInterceptor' 18:01:56,047 DEBUG
> AntPathRequestMatcher:116 - Checking match of request : '/login';
> against '/loginsucess*' 18:01:56,047 DEBUG AntPathRequestMatcher:116 -
> Checking match of request : '/login'; against '/login' 18:01:56,048
> DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation:
> URL: /Login; Attributes: [hasRole('ROLE_ANONYMOUS')] 18:01:56,048
> DEBUG FilterSecurityInterceptor:310 - Previously Authenticated:
> org.springframework.security.authentication.AnonymousAuthenticationToken@90554a14:
> Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated:
> true; Details:
> org.springframework.security.web.authentication.WebAuthenticationDetails@3bcc:
> RemoteIpAddress: 192.168.154.20; SessionId: null; Granted Authorities:
> ROLE_ANONYMOUS 18:01:56,048 DEBUG AffirmativeBased:65 - Voter:
> org.springframework.security.web.access.expression.WebExpressionVoter@6479b43f,
> returned: 1 18:01:56,048 DEBUG FilterSecurityInterceptor:215 -
> Authorization successful 18:01:56,049 DEBUG
> FilterSecurityInterceptor:227 - RunAsManager did not change
> Authentication object 18:01:56,049 DEBUG FilterChainProxy:323 - /Login
> reached end of additional filter chain; proceeding with original chain
> 18:01:56,145 DEBUG HttpSessionEventPublisher:66 - Publishing event:
> org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@2fa28842]
> 18:01:56,152 DEBUG HttpSessionSecurityContextRepository:269 -
> SecurityContext is empty or contents are anonymous - context will not
> be stored in HttpSession. 18:01:56,152 DEBUG
> ExceptionTranslationFilter:115 - Chain processed normally 18:01:56,152
> DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now
> cleared, as request processing completed
해결법
-
==============================
1.SessionRegistry 키로 사용될 사용자 정의 기본 객체 (유형 com.clb.genomic.lyon.model.User)가 있습니다. 당신이보고있는 가장 큰 이유는 당신이 해시 코드를 구현하지 않았고이 클래스와 같기 때문에 레지스트리는 두 인스턴스가 같은 주체에 대한 것인지 알지 못합니다.
SessionRegistry 키로 사용될 사용자 정의 기본 객체 (유형 com.clb.genomic.lyon.model.User)가 있습니다. 당신이보고있는 가장 큰 이유는 당신이 해시 코드를 구현하지 않았고이 클래스와 같기 때문에 레지스트리는 두 인스턴스가 같은 주체에 대한 것인지 알지 못합니다.
문제없이이 작업을 수행하는 가장 좋은 방법은 사용자 이름을 유일한 데이터로 사용하여 메소드를 구현하는 것입니다 (예를 들어 기본 User 객체 참조).
디버그 로그를 더 쉽게 읽을 수 있도록 사용자 이름을 출력하려면 적어도 toString을 구현해야합니다.
from https://stackoverflow.com/questions/19319849/spring-security-3-1-session-concurrency-control-not-working-why by cc-by-sa and MIT license