Impossible de se connecter avec spring security

**Simvetanylen** · 26/05/2015, 03h27

Bonjour,

J'essaie de mettre en place spring security sur mon appli web.
Malheureusement la session ne semble pas se créer correctement et je commence un peu à désespérer...

Donc voici quelques extraits choisis de mon code :

Le web.xml :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?xml version="1.0" encoding="UTF-8"?>
 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	id="WebApp_ID" version="3.0">
	<display-name>Archetype Created Web Application</display-name>
 
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/spring-servlet.xml
			/WEB-INF/hibernate-beans.xml
			/WEB-INF/websocket-beans.xml
			/WEB-INF/spring-security.xml
		</param-value>
	</context-param>
 
	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
 
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
 
	<!-- log4j -->
	...
 
	<!-- SPRING SECURITY -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>com.improvisation.server.security.DelegatingFilterProxyPerso
		</filter-class>
	</filter>
 
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
 
	<!-- SPRING MVC -->
	<servlet>
		<servlet-name>spring</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
 
	<servlet-mapping>
		<servlet-name>spring</servlet-name>
		<url-pattern>/web/*</url-pattern>
	</servlet-mapping>
 
	<servlet-mapping>
		<servlet-name>spring</servlet-name>
		<url-pattern>*.html</url-pattern>
	</servlet-mapping>
 
	<!-- JERSEY -->
	...
 
</web-app>

Le spring-servlet.xml :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?xml version="1.0" encoding="UTF-8"?>
 
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"
	xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"
	xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
	xmlns:util="http://www.springframework.org/schema/util"
	xmlns:websocket="http://www.springframework.org/schema/websocket"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
        http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
        http://www.springframework.org/schema/websocket http://www.springframework.org/schema/websocket/spring-websocket-4.1.xsd">
 
	<tx:annotation-driven />
 
	<context:annotation-config />
 
	<context:component-scan base-package="com.improvisation.server" />
 
	<mvc:annotation-driven />
 
	<bean
		class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="prefix" value="/WEB-INF/jsp/" />
		<property name="suffix" value=".jsp" />
	</bean>
 
	<mvc:default-servlet-handler />
 
	<mvc:resources mapping="/resources/**" location="/META-INF/resources/"
		cache-period="0" />
 
	<bean id="viewResolver"
		class="org.springframework.web.servlet.view.UrlBasedViewResolver">
		<property name="viewClass"
			value="org.springframework.web.servlet.view.JstlView" />
		<property name="prefix" value="/WEB-INF/jsp/" />
		<property name="suffix" value=".jsp" />
	</bean>
 
</beans>

Le spring-security.xml :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<?xml version="1.0" encoding="UTF-8"?>
 
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.2.xsd">
 
	<http auto-config="true" use-expressions="true">
		<intercept-url pattern="/assets/**" access="permitAll" />
<!-- 		<intercept-url pattern="/*" access="hasRole('ADMIN')" /> -->
		<intercept-url pattern="/login.html" access="permitAll"/>
		<intercept-url pattern="/liens.html" access="permitAll"/>
		<intercept-url pattern="/**" access="hasRole('USER')" />
		<logout logout-success-url="/login.html?logout" logout-url="/logout.html" />
		<form-login default-target-url="/index.html"
			always-use-default-target="true"
			login-page="/login.html"
			authentication-failure-url="/login.html?error"
			password-parameter="password"
			username-parameter="username" />
	</http>
 
	<authentication-manager>
		<authentication-provider>
			<user-service>
				<user name="bill" password="pass" authorities="USER" />
				<user name="jim" password="pass" authorities="USER" />
				<user name="steve" password="pass" authorities="USER, ADMIN" />
			</user-service>
		</authentication-provider>
	</authentication-manager>
 
</beans:beans>

Et les logs que j'obtiens grâce à log4j :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
DelegatingFilterProxyPerso.doFilter(org.apache.catalina.connector.RequestFacade@7dccb38f, org.apache.catalina.connector.ResponseFacade@730b5246, org.apache.catalina.core.ApplicationFilterChain@7734d8f
f)
username=steve;
password=pass;
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:140 - No HttpSession currently exists
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:140 - No HttpSession currently exists
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: null. A new one will be created.
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: null. A new one will be created.
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-05-26 02:32:46 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: 
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 
null; Granted Authorities: ROLE_ANONYMOUS'
2015-05-26 02:32:46 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: 
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 
null; Granted Authorities: ROLE_ANONYMOUS'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-05-26 02:32:46 DEBUG SessionManagementFilter:92 - Requested session ID 1C62AC8746B448DF832D995179C51120 is invalid.
2015-05-26 02:32:46 DEBUG SessionManagementFilter:92 - Requested session ID 1C62AC8746B448DF832D995179C51120 is invalid.
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-05-26 02:32:46 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login.html'; against '/assets/**'
2015-05-26 02:32:46 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login.html'; against '/assets/**'
2015-05-26 02:32:46 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login.html'; against '/login.html'
2015-05-26 02:32:46 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login.html'; against '/login.html'
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /login.html; Attributes: [permitAll]
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /login.html; Attributes: [permitAll]
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credent
ials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_A
NONYMOUS
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credent
ials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_A
NONYMOUS
2015-05-26 02:32:46 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2e918a48, returned: 1
2015-05-26 02:32:46 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2e918a48, returned: 1
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-05-26 02:32:46 DEBUG FilterChainProxy:323 - /login.html reached end of additional filter chain; proceeding with original chain
2015-05-26 02:32:46 DEBUG FilterChainProxy:323 - /login.html reached end of additional filter chain; proceeding with original chain
2015-05-26 02:32:46 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-05-26 02:32:46 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-05-26 02:32:46 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-05-26 02:32:46 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed

Donc le mot de passe arrive bien jusqu'au DelegatingFilterProxy, mais par la suite aucune session utilisateur n'est crée.
Bizarrement chaque ligne de log est en double, mais peut être ai-je mal configuré log4j...

Bref, si quelqu'un sait ce que je loupe, je lui en serai grandement reconnaissant :-)

Merci d'avance !

**Simvetanylen** · 27/05/2015, 21h42

Est ce qu'il y a des précisions à apporter à mon problème ou bien est-il trop vague?
J'avoue ne pas savoir quelles autres informations donner, le problème étant assez nébuleux pour moi, n'ayant pas de messages d'erreur particuliers à fournir (à part le log4j).

Voilà, merci d'avance :-)

Impossible de se connecter avec spring security

Développement Web en Java

Discussions similaires

Partager

Partager