[SPRING] 스프링 보안 j_spring_security 로그 아웃 문제
SPRING스프링 보안 j_spring_security 로그 아웃 문제
나는 봄 보안 작업을하고있다. 하지만 j_spring_security_check 서블릿이 작동하지 않는 것 같습니다. 어떻게 문제를 디버깅합니까, 아니면 근본 원인을 찾으십니까? 나는 유용한 로그 파일을 보지 않는다 ...
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Sample namespace-based configuration
-
-->
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security pre-post-annotations="enabled">
<!--
AspectJ pointcut expression that locates our "post" method and
applies security that way <protect-pointcut expression="execution(*
bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
-->
</global-method-security>
<http use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/login/**" filters="none" />
<intercept-url pattern="/static/**" filters="none" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login/login.jsp"
default-target-url="/fileList.do" authentication-failure-url="/login/login.jsp?login_error=1" />
<logout logout-success-url="/login/logout_success.jsp" />
<!--
Uncomment to enable X509 client authentication support <x509 />
-->
<!-- Uncomment to limit the number of sessions a user can have -->
<session-management invalid-session-url="/timeout.jsp">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="true" />
</session-management>
</http>
편집하다
그럼 내가 오류를 체크 아웃하고 여기에 로그 파일의 상처입니다
내가 로그 오프 할 때
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/j_spring_security_logout'
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_logout'; pattern is /login/**; matched=false
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/j_spring_security_logout'
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_logout'; pattern is /static/**; matched=false
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_logout'; to: '/j_spring_security_logout'
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_logout'; pattern is /**; matched=true
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_logout at position 1 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.session.ConcurrentSessionFilter@40ece0'
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_logout at position 2 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@1041876'
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:165) - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@86583dd2: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@86583dd2: Principal: org.springframework.security.core.userdetails.User@2117c700: Username: rod; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR,ROLE_TELLER,ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: C6056CE774DE3568943D98A05ABCC744; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER'
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_logout at position 3 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@174a6e2'
DEBUG [http-8080-2] (LogoutFilter.java:93) - Logging out user 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@86583dd2: Principal: org.springframework.security.core.userdetails.User@2117c700: Username: rod; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR,ROLE_TELLER,ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: C6056CE774DE3568943D98A05ABCC744; Granted Authorities: ROLE_SUPERVISOR, ROLE_TELLER, ROLE_USER' and transferring to logout destination
DEBUG [http-8080-2] (AbstractAuthenticationTargetUrlRequestHandler.java:93) - Using default Url: /login/logout_success.jsp
DEBUG [http-8080-2] (DefaultRedirectStrategy.java:34) - Redirecting to '/crvWeb/login/logout_success.jsp'
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:359) - HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session
DEBUG [http-8080-2] (SecurityContextPersistenceFilter.java:89) - SecurityContextHolder now cleared, as request processing completed
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/login/logout_success.jsp'; to: '/login/logout_success.jsp'
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/login/logout_success.jsp'; pattern is /login/**; matched=true
DEBUG [http-8080-2] (FilterChainProxy.java:139) - has an empty filter list
그런 다음 다시 로그인하십시오. 봄에 나는 현재 세션이 있고 로그인을 허용하지 않는다고 말합니다.
로그에 예외를 기록한다. 이유 :이 주체에 대한 최대 세션 수가 1을 초과했습니다.
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_check'; pattern is /login/**; matched=false
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_check'; pattern is /static/**; matched=false
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/j_spring_security_check'; pattern is /**; matched=true
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.session.ConcurrentSessionFilter@40ece0'
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@1041876'
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:141) - HttpSession returned null object for SPRING_SECURITY_CONTEXT
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:87) - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@e3fda4. A new one will be created.
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@174a6e2'
DEBUG [http-8080-2] (FilterChainProxy.java:350) - /j_spring_security_check at position 4 of 10 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1786a3c'
DEBUG [http-8080-2] (AbstractAuthenticationProcessingFilter.java:193) - Request is to process authentication
DEBUG [http-8080-2] (ProviderManager.java:117) - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG [http-8080-2] (AbstractAuthenticationProcessingFilter.java:318) - Authentication request failed: org.springframework.security.web.authentication.session.SessionAuthenticationException: Maximum sessions of 1 for this principal exceeded
DEBUG [http-8080-2] (AbstractAuthenticationProcessingFilter.java:319) - Updated SecurityContextHolder to contain null Authentication
DEBUG [http-8080-2] (AbstractAuthenticationProcessingFilter.java:320) - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@21447f
DEBUG [http-8080-2] (SimpleUrlAuthenticationFailureHandler.java:56) - Redirecting to /login/login.jsp?login_error=1
DEBUG [http-8080-2] (DefaultRedirectStrategy.java:34) - Redirecting to '/crvWeb/login/login.jsp?login_error=1'
DEBUG [http-8080-2] (SecurityContextPersistenceFilter.java:89) - SecurityContextHolder now cleared, as request processing completed
DEBUG [http-8080-2] (FilterChainProxy.java:175) - Converted URL to lowercase, from: '/login/login.jsp'; to: '/login/login.jsp'
DEBUG [http-8080-2] (FilterChainProxy.java:182) - Candidate is: '/login/login.jsp'; pattern is /login/**; matched=true
DEBUG [http-8080-2] (FilterChainProxy.java:139) - has an empty filter list
내 로그 오프가 작동하지 않는 이유는 무엇입니까? 어떻게해야할까요?
해결법
-
==============================
1.로깅 수준을 DEBUG로 설정하려면 webapp에 로깅을 구성 했습니까? Spring / SpringSecurity는 그 수준에서 많은 유용한 것들을 출력한다.
로깅 수준을 DEBUG로 설정하려면 webapp에 로깅을 구성 했습니까? Spring / SpringSecurity는 그 수준에서 많은 유용한 것들을 출력한다.
편집하다
로그 파일은 일반적으로 $ CATALINA_HOME / logs에 기록되지만 로깅 속성에 따라 다릅니다.
webapp의 로깅을 구성하는 간단한 방법은 log4j.properties 또는 log4j.xml 파일을 webapp의 / WEB-INF / classes 디렉토리에 넣는 것입니다.
클래스 경로를 통해 리소스 파일에 액세스하려면 classes 디렉토리에 있어야합니다. 그러나 다른 방법으로 액세스 할 수 있으면 웹 응용 프로그램 트리의 어느 위치 에나있을 수 있습니다. 트리 외부에 리소스를 배치 할 수도 있지만 리소스를 배포하는 데 문제가 있습니다.
이 질문은 관련 Tomcat 및 Log4j 문서에서보다 포괄적으로 다루어집니다. Spring의 "시작하기"문서에서도 가능합니다.
-
==============================
2.Spring Security는
을 활성화하기 위해 web.xml에 가 필요합니다. docs : Spring Security는
을 활성화하기 위해 web.xml에 가 필요합니다. docs : <listener> <listener-class> org.springframework.security.web.session.HttpSessionEventPublisher </listener-class> </listener>
from https://stackoverflow.com/questions/3145936/spring-security-j-spring-security-logout-problem by cc-by-sa and MIT license
'SPRING' 카테고리의 다른 글
| [SPRING] Spring Batch를 이용한 복잡한 XML; StaxEventItemWriter; Jaxb2Marshaller (0) | 2019.05.19 |
|---|---|
| [SPRING] 작은 따옴표로 쿼리 매개 변수를 설정하는 방법 (0) | 2019.05.19 |
| [SPRING] Axiom과 Spring WS : JAXB가 MTOM 첨부 파일을 인라인합니다. (0) | 2019.05.19 |
| [SPRING] AspectJ aspect 위에 Spring @Cacheable 작업을 만드는 방법은? (0) | 2019.05.19 |
| [SPRING] 연결 풀에서 사용 가능한 연결 수 얻기 (0) | 2019.05.19 |