[SPRING] Spring-Security : Spring Security 4.1로 업그레이드 한 후 로그인을 위해 사용자 이름이 비어 있습니다.
SPRINGSpring-Security : Spring Security 4.1로 업그레이드 한 후 로그인을 위해 사용자 이름이 비어 있습니다.
저는 Spring-Security를 사용하여 로그인, 권한 부여에 사용하는 Spring-MVC 기반 응용 프로그램에 대해 연구하고 있습니다. 우리는 이전 버전 3.2.5를 사용 중이었고 업그레이드는 4.1.1이었습니다. 업그레이드 후에도 사용자 이름이 null 인 경우 로그인 메커니즘이 손상됩니다. 나는 무엇이 잘못 될지 모른다. 어떤 도움이라도 좋을 것입니다.
securityApplicationContext.xml :
<security:http pattern="/resources/**" security="none"/>
<security:http create-session="ifRequired" use-expressions="true" auto-config="false" disable-url-rewriting="true">
<security:form-login login-page="/login" login-processing-url="/j_spring_security_check" default-target-url="/dashboard" always-use-default-target="false" authentication-failure-url="/denied" />
<!--<security:remember-me key="_spring_security_remember_me" user-service-ref="userDetailsService" token-validity-seconds="1209600" data-source-ref="dataSource"/>-->
<security:logout delete-cookies="JSESSIONID" invalidate-session="true" logout-url="/j_spring_security_logout"/>
<!-- <security:intercept-url pattern="/**" requires-channel="https"/> -->
<security:intercept-url pattern="/j_spring_security_check" access="permitAll" />
<security:port-mappings>
<security:port-mapping http="8080" https="8443"/>
</security:port-mappings>
<security:logout logout-url="/logout" logout-success-url="/" success-handler-ref="myLogoutHandler"/>
<security:session-management session-fixation-protection="migrateSession">
<security:concurrency-control session-registry-ref="sessionRegistry" max-sessions="5" expired-url="/login"/>
</security:session-management>
<security:csrf disabled="true"/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="LoginServiceImpl">
<security:password-encoder ref="encoder"/>
</security:authentication-provider>
</security:authentication-manager>
<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11" />
</beans:bean>
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="LoginServiceImpl"/>
<beans:property name="passwordEncoder" ref="encoder"/>
</beans:bean>
веб.хмл :
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml,/WEB-INF/spring/appServlet/security-applicationContext.xml</param-value>
</context-param>
<session-config>
<session-timeout>2440</session-timeout>
</session-config>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.context.WebApplicationContext.ROOT</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
디버그 로그 :
DEBUG: org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/resources/**'
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@56af71ce. A new one will be created.
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 12 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 3 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 4 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
DEBUG: org.springframework.security.web.header.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2a868e9a
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG: org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/j_spring_security_logout'
DEBUG: org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
DEBUG: org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/j_spring_security_check'; against '/j_spring_security_check'
DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
DEBUG: org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
Username is
DEBUG: org.springframework.security.authentication.dao.DaoAuthenticationProvider - User '' not found
DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@75d32cb4
DEBUG: org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /denied
DEBUG: org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/denied'
로그인 코드 :
<div class="col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-4 col-lg-offset-4">
<div class="container-fluid white-div">
<div class="col-xs-12 col-md-12">
<h2><spring:message code="login.title"/></h2>
<form id="login-form" class="login-page" action="<c:url value='/j_spring_security_check'/>" method="POST">
<div class="form-group">
<label><spring:message code="login.label.email"/> <span id="eMailError" class="red-font"></span></label>
<input type="email" name="j_username" id="j_username" value="" class="form-control input" placeholder="<spring:message code="common.input.email.placeholder"/>">
</div>
<div class="form-group">
<label><spring:message code="login.label.password"/> <span id="passwordError" class="red-font"></span></label>
<input type="password" name="j_password" id="j_password" class="form-control input" placeholder="<spring:message code="login.password.placeholder"/>">
</div>
<div class="checkbox">
<a href="#" class="forgotpassword pull-right" data-toggle="modal" data-target="#passwordForgotModal"><spring:message code="login.forgotpassword"/></a>
</div>
<br>
<div class="form-group">
<button class="btn btn-primary btn-lg pull-right"><spring:message code="login.submit"/></button>
</div>
<div class="form-group">
<span><spring:message code="login.registration.text"/> <a href="/registration" class="forgotpassword"><spring:message code="login.registration.link"/></a></span>
</div>
</form>
</div>
</div>
어떤 도움이라도 좋을 것입니다. 고마워.
해결법
-
==============================
1.아마도 문제는 Spring Security 버전 4부터 시작합니다. + 폼 로그인에 대한 매개 변수 이름이 그들의 이름을 변경했습니다.
아마도 문제는 Spring Security 버전 4부터 시작합니다. + 폼 로그인에 대한 매개 변수 이름이 그들의 이름을 변경했습니다.
따라서 로그인 양식에서 매개 변수의 이름을 바꾸거나 다음과 같이 form-login 매개 변수를 사용하여이 매개 변수 이름을 대체해야합니다.
<form-login login-page="/login" username-parameter="j_username" password-parameter="j_password" login-processing-url="/j_spring_security_check" ..../>이 자료를 살펴보면 이전에 도움이 될 것입니다. http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to- 4-xml.html # m3to4-xmlnamespace-form-login
-
==============================
2.securityApplicationContext.xml에서 다음과 같이 username-parameter = "j_username"password-parameter = "j_password"를 추가하십시오.
securityApplicationContext.xml에서 다음과 같이 username-parameter = "j_username"password-parameter = "j_password"를 추가하십시오.
<security:form-login username-parameter="j_username" password-parameter="j_password" login-page="/login" login-processing-url="/j_spring_security_check" default-target-url="/dashboard" always-use-default-target="false" authentication-failure-url="/denied" />
from https://stackoverflow.com/questions/31607021/spring-security-username-is-sent-empty-for-login-after-upgrade-to-spring-secur by cc-by-sa and MIT license
'SPRING' 카테고리의 다른 글
| [SPRING] MongoDB 비교 연산자가 null 인 경우 (0) | 2019.04.18 |
|---|---|
| [SPRING] Spring의 JdbcTemplate은 예외가 발생하면 연결을 닫는다? (0) | 2019.04.17 |
| [SPRING] 속성 파일에서 얻은 오류 메시지와 함께 Spring에서 주석 유효성 검사를 사용하는 방법? (0) | 2019.04.17 |
| [SPRING] Spring Data JPA - @Transactional없이 가져온 Lazy Loaded 컬렉션 (0) | 2019.04.17 |
| [SPRING] 속성 값을 설정하는 중 오류가 발생했습니다. 중첩 예외는 org.springframework.beans.NotWritablePropertyException입니다. (0) | 2019.04.17 |