Discussion :

[Invité]

Bonjour,

Quand je me connecte à mon application web via la page de login sur FF la page se redirige à l'accueil, par contre quand j'utilise Chrome ou IE la page de login se re-télécharge (je peux me connecter rarement) malgré que sur la console d'Eclipse je reçois un message comme quoi que l'authentification s'est fait avec succès.

Après le DEBUG j'ai eu ces résultats

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
// On FF
	[UsernamePasswordAuthenticationFilter]  - Request is to process authentication 
	[UserDetailsServiceImpl]  - recherche de l'utilisateur admin 
	[CompositeSessionAuthenticationStrategy]  - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@1acefc06 
	[CompositeSessionAuthenticationStrategy]  - Delegating to org.springframework.security.web.csrf.CsrfAuthenticationStrategy@2abe0997 
	[UsernamePasswordAuthenticationFilter]  - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b815c45: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 35C738B1856992C64C8349E0ECD5113C; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT 
	[LoginSuccessHandler]  - L'utilisateur admin est connecté 
	[LoginSuccessHandler]  - Using default Url: / 
	[AnonymousAuthenticationFilter]  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b815c45: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 35C738B1856992C64C8349E0ECD5113C; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT' 
	[SyntheseController]  - Affichage de la synthèse nationale 
	[AnonymousAuthenticationFilter]  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b815c45: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 35C738B1856992C64C8349E0ECD5113C; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT' 
	[AnonymousAuthenticationFilter]  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b815c45: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 35C738B1856992C64C8349E0ECD5113C; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT' 
	[AnonymousAuthenticationFilter]  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b815c45: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 35C738B1856992C64C8349E0ECD5113C; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT' 
	[AnonymousAuthenticationFilter]  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b815c45: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 35C738B1856992C64C8349E0ECD5113C; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT' 
	[AnonymousAuthenticationFilter]  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b815c45: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 35C738B1856992C64C8349E0ECD5113C; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT' 
	[AnonymousAuthenticationFilter]  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b815c45: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 35C738B1856992C64C8349E0ECD5113C; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT' 
	[AnonymousAuthenticationFilter]  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b815c45: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 35C738B1856992C64C8349E0ECD5113C; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT' 
	[AnonymousAuthenticationFilter]  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b815c45: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 35C738B1856992C64C8349E0ECD5113C; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT'
 
 
	// On Chrome
	[UsernamePasswordAuthenticationFilter]  - Request is to process authentication 
	[UserDetailsServiceImpl]  - recherche de l'utilisateur admin 
	[CompositeSessionAuthenticationStrategy]  - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@1acefc06 
	[CompositeSessionAuthenticationStrategy]  - Delegating to org.springframework.security.web.csrf.CsrfAuthenticationStrategy@2abe0997 
	[UsernamePasswordAuthenticationFilter]  - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b801139: Principal: fr.rorbrules.configuration.securite.RorBrulesUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_CONSULTANT; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 0AA26CD72B8DA35D78B76CACF0DA0008; Granted Authorities: ROLE_ADMIN, ROLE_CONSULTANT 
	[LoginSuccessHandler]  - L'utilisateur admin est connecté 
	// Difference starts Here
	[LoginSuccessHandler]  - Redirecting to DefaultSavedRequest Url: http://localhost:8088/rorbrules 
	[AnonymousAuthenticationFilter]  - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
	[AnonymousAuthenticationFilter]  - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 307AFD7214E5D8CCF4EB75820BAB84BF; Granted Authorities: ROLE_ANONYMOUS' 
	[AnonymousAuthenticationFilter]  - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 307AFD7214E5D8CCF4EB75820BAB84BF; Granted Authorities: ROLE_ANONYMOUS' 
	[AnonymousAuthenticationFilter]  - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 307AFD7214E5D8CCF4EB75820BAB84BF; Granted Authorities: ROLE_ANONYMOUS' 
	[AnonymousAuthenticationFilter]  - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 307AFD7214E5D8CCF4EB75820BAB84BF; Granted Authorities: ROLE_ANONYMOUS' 
	[AnonymousAuthenticationFilter]  - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 307AFD7214E5D8CCF4EB75820BAB84BF; Granted Authorities: ROLE_ANONYMOUS' 
	[AnonymousAuthenticationFilter]  - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 307AFD7214E5D8CCF4EB75820BAB84BF; Granted Authorities: ROLE_ANONYMOUS'

Quand ça se connecte il y a SecurityContextHolder not populated with anonymous token, sinon Populated SecurityContextHolder with anonymous token quand ça ne se connecte pas avec Chrome et IE.

Voici le code de la configuration de l'authentification

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
	@Autowired
	@Qualifier("userDetailService")
	private UserDetailsService	userDetailService;
 
	@Autowired
	@Qualifier("fromRORAuthenticationManager")
	private AuthenticationManager	fromRORAuthenticationManager;
 
	@Autowired
	@Qualifier("fromRORAuthenticationFilter")
	private AbstractAuthenticationProcessingFilter	fromRORAuthenticationFilter;
 
	@Autowired
	@Qualifier("loginSuccessHandler")
	private LoginSuccessHandler loginSuccessHandler;
 
	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth.jdbcAuthentication();
	}
 
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// @formatter:off
		http
 
			.authorizeRequests()
				.antMatchers("/resources/**")
				.permitAll()
				.anyRequest()
				.authenticated()
				.and()
			.addFilterBefore(fromRORAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) // Authentification automatique via une URL
			.formLogin()
				.loginPage("/login")
				.permitAll()
				.successHandler(loginSuccessHandler)
				.and()
			.logout()
				.deleteCookies("JSESSIONID")
				.logoutSuccessUrl("/login")
				.permitAll()
				.and()
			.exceptionHandling().accessDeniedPage("/403")
				.and()
			.exceptionHandling().accessDeniedPage("/400")
				.and()
			.exceptionHandling().accessDeniedPage("/404");
		/* Autorise tout le monde à acceder aux ressources */
		/* Autorise tout le monde à acceder à la page login */
		/* la page de sortie sera login */
		// @formatter:on
	}
 
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(userDetailService).passwordEncoder(passwordEncoder());
	}
 
	@Override
	public UserDetailsService userDetailsServiceBean() {
		return userDetailService;
	}
 
	@Bean(name = "passwordEncoder")
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
 
}

Avez-vous une idée comment résoudre ce problème?

Merci d'avance

[Invité]

Je me permets de faire monter la discussion après les derniers résultats de la recherche.

Merci pour votre compréhension

[JeitEmgie]

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
.authorizeRequests()
				.antMatchers("/resources/**")
				.permitAll()
				.anyRequest()
				.authenticated()
				.and()

…si votre page login utilise des images qui sont dans /resources/ …