Impossible de se connecter avec spring security
Bonjour,
J'essaie de mettre en place spring security sur mon appli web.
Malheureusement la session ne semble pas se créer correctement et je commence un peu à désespérer...
Donc voici quelques extraits choisis de mon code :
Le web.xml :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
| <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-servlet.xml
/WEB-INF/hibernate-beans.xml
/WEB-INF/websocket-beans.xml
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- log4j -->
...
<!-- SPRING SECURITY -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>com.improvisation.server.security.DelegatingFilterProxyPerso
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- SPRING MVC -->
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/web/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<!-- JERSEY -->
...
</web-app> |
Le spring-servlet.xml :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
| <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:websocket="http://www.springframework.org/schema/websocket"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/websocket http://www.springframework.org/schema/websocket/spring-websocket-4.1.xsd">
<tx:annotation-driven />
<context:annotation-config />
<context:component-scan base-package="com.improvisation.server" />
<mvc:annotation-driven />
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<mvc:default-servlet-handler />
<mvc:resources mapping="/resources/**" location="/META-INF/resources/"
cache-period="0" />
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
</beans> |
Le spring-security.xml :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/assets/**" access="permitAll" />
<!-- <intercept-url pattern="/*" access="hasRole('ADMIN')" /> -->
<intercept-url pattern="/login.html" access="permitAll"/>
<intercept-url pattern="/liens.html" access="permitAll"/>
<intercept-url pattern="/**" access="hasRole('USER')" />
<logout logout-success-url="/login.html?logout" logout-url="/logout.html" />
<form-login default-target-url="/index.html"
always-use-default-target="true"
login-page="/login.html"
authentication-failure-url="/login.html?error"
password-parameter="password"
username-parameter="username" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="bill" password="pass" authorities="USER" />
<user name="jim" password="pass" authorities="USER" />
<user name="steve" password="pass" authorities="USER, ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans> |
Et les logs que j'obtiens grâce à log4j :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
| DelegatingFilterProxyPerso.doFilter(org.apache.catalina.connector.RequestFacade@7dccb38f, org.apache.catalina.connector.ResponseFacade@730b5246, org.apache.catalina.core.ApplicationFilterChain@7734d8f
f)
username=steve;
password=pass;
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:140 - No HttpSession currently exists
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:140 - No HttpSession currently exists
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: null. A new one will be created.
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: null. A new one will be created.
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-05-26 02:32:46 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6:
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId:
null; Granted Authorities: ROLE_ANONYMOUS'
2015-05-26 02:32:46 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6:
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId:
null; Granted Authorities: ROLE_ANONYMOUS'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-05-26 02:32:46 DEBUG SessionManagementFilter:92 - Requested session ID 1C62AC8746B448DF832D995179C51120 is invalid.
2015-05-26 02:32:46 DEBUG SessionManagementFilter:92 - Requested session ID 1C62AC8746B448DF832D995179C51120 is invalid.
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-05-26 02:32:46 DEBUG FilterChainProxy:337 - /login.html at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-05-26 02:32:46 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login.html'; against '/assets/**'
2015-05-26 02:32:46 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login.html'; against '/assets/**'
2015-05-26 02:32:46 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login.html'; against '/login.html'
2015-05-26 02:32:46 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/login.html'; against '/login.html'
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /login.html; Attributes: [permitAll]
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /login.html; Attributes: [permitAll]
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credent
ials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_A
NONYMOUS
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credent
ials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_A
NONYMOUS
2015-05-26 02:32:46 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2e918a48, returned: 1
2015-05-26 02:32:46 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2e918a48, returned: 1
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:215 - Authorization successful
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-05-26 02:32:46 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
2015-05-26 02:32:46 DEBUG FilterChainProxy:323 - /login.html reached end of additional filter chain; proceeding with original chain
2015-05-26 02:32:46 DEBUG FilterChainProxy:323 - /login.html reached end of additional filter chain; proceeding with original chain
2015-05-26 02:32:46 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-05-26 02:32:46 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-05-26 02:32:46 DEBUG HttpSessionSecurityContextRepository:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-05-26 02:32:46 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
2015-05-26 02:32:46 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed |
Donc le mot de passe arrive bien jusqu'au DelegatingFilterProxy, mais par la suite aucune session utilisateur n'est crée.
Bizarrement chaque ligne de log est en double, mais peut être ai-je mal configuré log4j...
Bref, si quelqu'un sait ce que je loupe, je lui en serai grandement reconnaissant :-)
Merci d'avance !
