java - Spring Security 在打开新窗口时使 JSESSIONID 无效

原文 标签 java spring websphere websphere-8

我有一个来自供应商的 Web 应用程序,它具有一些新功能,您可以在网页上按下一个按钮,它会打开一个新的弹出窗口以使用新功能。但是,当登录到应用程序的用户按下按钮时,用户会自动注销。我们已经对很多用户进行了测试,他们都遇到了同样的问题。

我们正在使用 IE 8,因为这是供应商编写应用程序的目的。该应用程序托管在 WebSphere Application Server 8.5.5.1(刚刚从 WebSphere 7.0.17 升级)上。无论我们是通过 Web 服务器还是通过端口号直接进入应用程序,都会出现问题。

但是,如果我使用谷歌浏览器,用户第一次登录并单击按钮时,他们会注销,但下次他们登录按钮时可以正常工作。但是我们不能使用谷歌浏览器,因为它不受供应商的支持。

我已经向 IBM 打开了 PMR,他们可以看到 session 正在失效。

[12/12/14 11:27:49:368 EST] 0000012b HttpRequestMe 1   setRequestURL input   [/blue2web/images/cbf/bg.grad.blue.jpg]
.......
[12/12/14 11:27:49:439 EST] 0000012b filter        1   com.ibm.ws.webcontainer.filter.WebAppFilterChain doFilter entry
[12/12/14 11:27:49:439 EST] 0000012b filter        1   com.ibm.ws.webcontainer.filter.WebAppFilterChain doFilter executing filter -->springSecurityFilterChain
[12/12/14 11:27:49:440 EST] 0000012b util          1   com.ibm.ws.webcontainer.util.EventListeners fireEvent Use visitor com.ibm.ws.webcontainer.webapp.FireOnFilterStartDoFilter@c7cef1a9 to fire event to com.ibm.websphere.servlet.event.FilterListenerImpl@2a6d1c41, class:class com.ibm.websphere.servlet.event.FilterListenerImpl
.......
[12/12/14 11:27:49:440 EST] 0000012b event         1   com.ibm.websphere.servlet.event.FilterListenerImpl onFilterStartDoFilter onFilterStartDoFilter -->springSecurityFilterChain request -->com.ibm.ws.webcontainer.srt.SRTServletRequest@3925fa48
.......
[12/12/14 11:27:49:444 EST] 0000012b WASSessionCor >   MemorySession invalidate ENTRY  AppName=default_hostblue2web; Id=XgGNO6yhlsbiQKcNk9eOeZF
.......
[12/12/14 11:27:49:445 EST] 0000012b WASSessionCor 1   MemorySession setIsValid New Value=false; Old Value=true AppName=default_hostblue2web; Id=XgGNO6yhlsbiQKcNk9eOeZF
.......
[12/12/14 11:27:49:445 EST] 0000012b WASSessionCor <   MemorySession invalidate RETURN
.......
[12/12/14 11:27:49:464 EST] 0000012b filter        1   com.ibm.ws.webcontainer.filter.WebAppFilterChain doFilter entry 
[12/12/14 11:27:49:464 EST] 0000012b filter        1   com.ibm.ws.webcontainer.filter.WebAppFilterChain doFilter executing filter -->struts2
.......
[12/12/14 11:27:49:481 EST] 0000012b HttpResponseM 1   Marshalling first line: HTTP/1.1 304 Not Modified

we see a request for /blue2web/images/cbf/bg.grad.blue.jpg. The request enters the filter springSecurityFilterChain, and the session is invalidated.
The request continues through several more filters (starting with the struts2 filter) and eventually returns a 304 response.



供应商说没有其他人(包括他们)看到这个问题。

我现在完全糊涂了,因为我不知道这是 IE 8 问题、Spring 问题还是 WebSphere 8.5.5.1 问题。我们在应用程序中还有其他按钮,可以为不同的功能打开不同的窗口,它们工作得很好。

更新 (12/22/14) -

这是来自 spring security 的踪迹。不确定它会有所帮助。
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/cbfcommonutil.js'; to: '/javascript/cbfcommonutil.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: 

'/javascript/cbfcommonutil.js'; pattern is /j_security_check; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/cbfcommonutil.js'; to: '/javascript/cbfcommonutil.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/cbfcommonutil.js'; pattern is /favicon.ico; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/cbfcommonutil.js'; to: '/javascript/cbfcommonutil.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/cbfcommonutil.js'; pattern is /index*; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/cbfcommonutil.js'; to: '/javascript/cbfcommonutil.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/cbfcommonutil.js'; pattern is /javascript/*; matched=true
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy doFilter /javascript/cbfCommonUtil.js has an empty filter list
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/mootools-1.2.5.js'; to: '/javascript/mootools-1.2.5.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/mootools-1.2.5.js'; pattern is /j_security_check; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/mootools-1.2.5.js'; to: '/javascript/mootools-1.2.5.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/mootools-1.2.5.js'; pattern is /favicon.ico; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/mootools-1.2.5.js'; to: '/javascript/mootools-1.2.5.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/mootools-1.2.5.js'; pattern is /index*; matched=false
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/javascript/mootools-1.2.5.js'; to: '/javascript/mootools-1.2.5.js'
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/javascript/mootools-1.2.5.js'; pattern is /javascript/*; matched=true
[12/22/14 14:17:19:751 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy doFilter /javascript/mootools-1.2.5.js has an empty filter list
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /j_security_check; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /favicon.ico; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /index*; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /javascript/*; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /css/*; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /images/*; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /iframe_black*; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /webhelp_pro/**; matched=false
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy getFilters Candidate is: '/images/cbf/c_lt.png'; pattern is /**; matched=true
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[12/22/14 14:17:19:922 CST] 000000a5 HttpSessionSe 1 org.springframework.security.web.context.HttpSessionSecurityContextRepository readSecurityContextFromSession Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@ba2bcf8a: Authentication: com.bcbsa.blue2.configuration.security.jee.DelegateToUserDetailsPreAuthenticatedAuthenticationToken@ba2bcf8a: Principal: com.bcbsa.blue2.configuration.security.model.springsecurity.AuthoritiesByBoidUser@6820f6c1: Username: MyId; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: AdjustmentMsgUser,BasicMsgUser,CBFUpdateUser,CBFViewOnlyUser,CSRNMsgUser,Claim276StatusWithoutSccf,ClaimDispositionDetailsViewer,ClaimMisrouteMsgUser,ClaimStatusRequester,ClaimSubmissionDetailsViewer,DataRole1,DataRole11,DataRole13,DataRole17,DataRole2,DataRole3,DataRole30,DataRole35,DataRole37,DataRole39,DataRole4,DataRole41,DataRole49,DataRole5,DataRole51,DataRole53,DataRole55,DataRole57,DataRole58,DataRole59,DataRole61,DataRole63,DataRole65,DataRole70,DataRole9,DataRole99,EscalationLevel1MsgUser,EscalationLevel2MsgUser,EvaluateAdjustmentMessageStateAdmin,GlobalFeeMsgUser,LocalEditAdmin,MedicalRecordViewer,MessageCommentConfigAdmin,MessageListingViewer,MessageReprocessUser,MessageSummaryViewer,PQIMsgSummaryViewer,PQIMsgUser,PostProcessConfigAdmin,PreExMsgUser,PurgeDF,PurgeMessage,PurgeNF,PurgeRF,PurgeRestoreAdmin,PurgeSF,ReassignUserAdmin,RemoteOperationViewer,RestoreViewer,SecurityConfigAdmin,SubscriberIDWildcardSearchAdmin,ValidUser,ValidUserCBF; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 3VjGU8WisdQb0Zvjzk7jYyc; Authorities: [DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, PurgeSF, PostProcessConfigAdmin, DataRole65, RestoreViewer, MessageReprocessUser, DataRole70, EvaluateAdjustmentMessageStateAdmin, EscalationLevel1MsgUser, PurgeDF, LocalEditAdmin, ClaimMisrouteMsgUser, DataRole99, AdjustmentMsgUser, CSRNMsgUser, ValidUserCBF, GlobalFeeMsgUser, MessageSummaryViewer, ClaimDispositionDetailsViewer, CBFViewOnlyUser, DataRole1, DataRole2, DataRole3, DataRole4, MedicalRecordViewer, DataRole5, DataRole9, PurgeMessage, BasicMsgUser, MessageListingViewer, RemoteOperationViewer, EscalationLevel2MsgUser, ClaimSubmissionDetailsViewer, CBFUpdateUser, ReassignUserAdmin, PQIMsgUser, PreExMsgUser, DataRole11, DataRole13, PurgeNF, DataRole17, PurgeRestoreAdmin, MessageCommentConfigAdmin, SubscriberIDWildcardSearchAdmin, SecurityConfigAdmin, DataRole30, DataRole35, DataRole37, DataRole39, ValidUser, Claim276StatusWithoutSccf, DataRole41, PQIMsgSummaryViewer, DataRole49, ClaimStatusRequester, DataRole51, DataRole53, PurgeRF]; Granted Authorities: AdjustmentMsgUser, BasicMsgUser, CBFUpdateUser, CBFViewOnlyUser, CSRNMsgUser, Claim276StatusWithoutSccf, ClaimDispositionDetailsViewer, ClaimMisrouteMsgUser, ClaimStatusRequester, ClaimSubmissionDetailsViewer, DataRole1, DataRole11, DataRole13, DataRole17, DataRole2, DataRole3, DataRole30, DataRole35, DataRole37, DataRole39, DataRole4, DataRole41, DataRole49, DataRole5, DataRole51, DataRole53, DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, DataRole65, DataRole70, DataRole9, DataRole99, EscalationLevel1MsgUser, EscalationLevel2MsgUser, EvaluateAdjustmentMessageStateAdmin, GlobalFeeMsgUser, LocalEditAdmin, MedicalRecordViewer, MessageCommentConfigAdmin, MessageListingViewer, MessageReprocessUser, MessageSummaryViewer, PQIMsgSummaryViewer, PQIMsgUser, PostProcessConfigAdmin, PreExMsgUser, PurgeDF, PurgeMessage, PurgeNF, PurgeRF, PurgeRestoreAdmin, PurgeSF, ReassignUserAdmin, RemoteOperationViewer, RestoreViewer, SecurityConfigAdmin, SubscriberIDWildcardSearchAdmin, ValidUser, ValidUserCBF'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 2 of 9 in additional filter chain; firing Filter: 'LtpaSSOLogoutFilter'
[12/22/14 14:17:19:922 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 3 of 9 in additional filter chain; firing Filter: 'J2eePreAuthenticatedProcessingFilter'
[12/22/14 14:17:19:922 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter doFilter Checking secure context token: com.bcbsa.blue2.configuration.security.jee.DelegateToUserDetailsPreAuthenticatedAuthenticationToken@ba2bcf8a: Principal: com.bcbsa.blue2.configuration.security.model.springsecurity.AuthoritiesByBoidUser@6820f6c1: Username: MyId; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: AdjustmentMsgUser,BasicMsgUser,CBFUpdateUser,CBFViewOnlyUser,CSRNMsgUser,Claim276StatusWithoutSccf,ClaimDispositionDetailsViewer,ClaimMisrouteMsgUser,ClaimStatusRequester,ClaimSubmissionDetailsViewer,DataRole1,DataRole11,DataRole13,DataRole17,DataRole2,DataRole3,DataRole30,DataRole35,DataRole37,DataRole39,DataRole4,DataRole41,DataRole49,DataRole5,DataRole51,DataRole53,DataRole55,DataRole57,DataRole58,DataRole59,DataRole61,DataRole63,DataRole65,DataRole70,DataRole9,DataRole99,EscalationLevel1MsgUser,EscalationLevel2MsgUser,EvaluateAdjustmentMessageStateAdmin,GlobalFeeMsgUser,LocalEditAdmin,MedicalRecordViewer,MessageCommentConfigAdmin,MessageListingViewer,MessageReprocessUser,MessageSummaryViewer,PQIMsgSummaryViewer,PQIMsgUser,PostProcessConfigAdmin,PreExMsgUser,PurgeDF,PurgeMessage,PurgeNF,PurgeRF,PurgeRestoreAdmin,PurgeSF,ReassignUserAdmin,RemoteOperationViewer,RestoreViewer,SecurityConfigAdmin,SubscriberIDWildcardSearchAdmin,ValidUser,ValidUserCBF; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 3VjGU8WisdQb0Zvjzk7jYyc; Authorities: [DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, PurgeSF, PostProcessConfigAdmin, DataRole65, RestoreViewer, MessageReprocessUser, DataRole70, EvaluateAdjustmentMessageStateAdmin, EscalationLevel1MsgUser, PurgeDF, LocalEditAdmin, ClaimMisrouteMsgUser, DataRole99, AdjustmentMsgUser, CSRNMsgUser, ValidUserCBF, GlobalFeeMsgUser, MessageSummaryViewer, ClaimDispositionDetailsViewer, CBFViewOnlyUser, DataRole1, DataRole2, DataRole3, DataRole4, MedicalRecordViewer, DataRole5, DataRole9, PurgeMessage, BasicMsgUser, MessageListingViewer, RemoteOperationViewer, EscalationLevel2MsgUser, ClaimSubmissionDetailsViewer, CBFUpdateUser, ReassignUserAdmin, PQIMsgUser, PreExMsgUser, DataRole11, DataRole13, PurgeNF, DataRole17, PurgeRestoreAdmin, MessageCommentConfigAdmin, SubscriberIDWildcardSearchAdmin, SecurityConfigAdmin, DataRole30, DataRole35, DataRole37, DataRole39, ValidUser, Claim276StatusWithoutSccf, DataRole41, PQIMsgSummaryViewer, DataRole49, ClaimStatusRequester, DataRole51, DataRole53, PurgeRF]; Granted Authorities: AdjustmentMsgUser, BasicMsgUser, CBFUpdateUser, CBFViewOnlyUser, CSRNMsgUser, Claim276StatusWithoutSccf, ClaimDispositionDetailsViewer, ClaimMisrouteMsgUser, ClaimStatusRequester, ClaimSubmissionDetailsViewer, DataRole1, DataRole11, DataRole13, DataRole17, DataRole2, DataRole3, DataRole30, DataRole35, DataRole37, DataRole39, DataRole4, DataRole41, DataRole49, DataRole5, DataRole51, DataRole53, DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, DataRole65, DataRole70, DataRole9, DataRole99, EscalationLevel1MsgUser, EscalationLevel2MsgUser, EvaluateAdjustmentMessageStateAdmin, GlobalFeeMsgUser, LocalEditAdmin, MedicalRecordViewer, MessageCommentConfigAdmin, MessageListingViewer, MessageReprocessUser, MessageSummaryViewer, PQIMsgSummaryViewer, PQIMsgUser, PostProcessConfigAdmin, PreExMsgUser, PurgeDF, PurgeMessage, PurgeNF, PurgeRF, PurgeRestoreAdmin, PurgeSF, ReassignUserAdmin, RemoteOperationViewer, RestoreViewer, SecurityConfigAdmin, SubscriberIDWildcardSearchAdmin, ValidUser, ValidUserCBF
[12/22/14 14:17:19:922 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter getPreAuthenticatedPrincipal PreAuthenticated J2EE principal: null
[12/22/14 14:17:19:922 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter requiresAuthentication Pre-authenticated principal has changed to null and will be reauthenticated
[12/22/14 14:17:19:922 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter requiresAuthentication Invalidating existing session
[12/22/14 14:17:19:922 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter getPreAuthenticatedPrincipal PreAuthenticated J2EE principal: null
[12/22/14 14:17:19:938 CST] 000000a5 J2eePreAuthen 1 org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter doAuthenticate No pre-authenticated principal found in request
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 4 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[12/22/14 14:17:19:938 CST] 000000a5 AnonymousAuth 1 org.springframework.security.web.authentication.AnonymousAuthenticationFilter doFilter SecurityContextHolder not populated with anonymous token, as it already contained: 'com.bcbsa.blue2.configuration.security.jee.DelegateToUserDetailsPreAuthenticatedAuthenticationToken@ba2bcf8a: Principal: com.bcbsa.blue2.configuration.security.model.springsecurity.AuthoritiesByBoidUser@6820f6c1: Username: MyId; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: AdjustmentMsgUser,BasicMsgUser,CBFUpdateUser,CBFViewOnlyUser,CSRNMsgUser,Claim276StatusWithoutSccf,ClaimDispositionDetailsViewer,ClaimMisrouteMsgUser,ClaimStatusRequester,ClaimSubmissionDetailsViewer,DataRole1,DataRole11,DataRole13,DataRole17,DataRole2,DataRole3,DataRole30,DataRole35,DataRole37,DataRole39,DataRole4,DataRole41,DataRole49,DataRole5,DataRole51,DataRole53,DataRole55,DataRole57,DataRole58,DataRole59,DataRole61,DataRole63,DataRole65,DataRole70,DataRole9,DataRole99,EscalationLevel1MsgUser,EscalationLevel2MsgUser,EvaluateAdjustmentMessageStateAdmin,GlobalFeeMsgUser,LocalEditAdmin,MedicalRecordViewer,MessageCommentConfigAdmin,MessageListingViewer,MessageReprocessUser,MessageSummaryViewer,PQIMsgSummaryViewer,PQIMsgUser,PostProcessConfigAdmin,PreExMsgUser,PurgeDF,PurgeMessage,PurgeNF,PurgeRF,PurgeRestoreAdmin,PurgeSF,ReassignUserAdmin,RemoteOperationViewer,RestoreViewer,SecurityConfigAdmin,SubscriberIDWildcardSearchAdmin,ValidUser,ValidUserCBF; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 3VjGU8WisdQb0Zvjzk7jYyc; Authorities: [DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, PurgeSF, PostProcessConfigAdmin, DataRole65, RestoreViewer, MessageReprocessUser, DataRole70, EvaluateAdjustmentMessageStateAdmin, EscalationLevel1MsgUser, PurgeDF, LocalEditAdmin, ClaimMisrouteMsgUser, DataRole99, AdjustmentMsgUser, CSRNMsgUser, ValidUserCBF, GlobalFeeMsgUser, MessageSummaryViewer, ClaimDispositionDetailsViewer, CBFViewOnlyUser, DataRole1, DataRole2, DataRole3, DataRole4, MedicalRecordViewer, DataRole5, DataRole9, PurgeMessage, BasicMsgUser, MessageListingViewer, RemoteOperationViewer, EscalationLevel2MsgUser, ClaimSubmissionDetailsViewer, CBFUpdateUser, ReassignUserAdmin, PQIMsgUser, PreExMsgUser, DataRole11, DataRole13, PurgeNF, DataRole17, PurgeRestoreAdmin, MessageCommentConfigAdmin, SubscriberIDWildcardSearchAdmin, SecurityConfigAdmin, DataRole30, DataRole35, DataRole37, DataRole39, ValidUser, Claim276StatusWithoutSccf, DataRole41, PQIMsgSummaryViewer, DataRole49, ClaimStatusRequester, DataRole51, DataRole53, PurgeRF]; Granted Authorities: AdjustmentMsgUser, BasicMsgUser, CBFUpdateUser, CBFViewOnlyUser, CSRNMsgUser, Claim276StatusWithoutSccf, ClaimDispositionDetailsViewer, ClaimMisrouteMsgUser, ClaimStatusRequester, ClaimSubmissionDetailsViewer, DataRole1, DataRole11, DataRole13, DataRole17, DataRole2, DataRole3, DataRole30, DataRole35, DataRole37, DataRole39, DataRole4, DataRole41, DataRole49, DataRole5, DataRole51, DataRole53, DataRole55, DataRole57, DataRole58, DataRole59, DataRole61, DataRole63, DataRole65, DataRole70, DataRole9, DataRole99, EscalationLevel1MsgUser, EscalationLevel2MsgUser, EvaluateAdjustmentMessageStateAdmin, GlobalFeeMsgUser, LocalEditAdmin, MedicalRecordViewer, MessageCommentConfigAdmin, MessageListingViewer, MessageReprocessUser, MessageSummaryViewer, PQIMsgSummaryViewer, PQIMsgUser, PostProcessConfigAdmin, PreExMsgUser, PurgeDF, PurgeMessage, PurgeNF, PurgeRF, PurgeRestoreAdmin, PurgeSF, ReassignUserAdmin, RemoteOperationViewer, RestoreViewer, SecurityConfigAdmin, SubscriberIDWildcardSearchAdmin, ValidUser, ValidUserCBF'
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 7 of 9 in additional filter chain; firing Filter: 'SessionManagementFilter'
[12/22/14 14:17:19:938 CST] 000000a5 HttpSessionSe 1 org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper createNewSessionIfAllowed HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[12/22/14 14:17:19:938 CST] 000000a5 FilterChainPr 1 org.springframework.security.web.FilterChainProxy$VirtualFilterChain doFilter /images/cbf/c_lt.png at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[12/22/14 14:17:19:938 CST] 000000a5 DefaultFilter 1 org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource lookupAttributes Converted URL to lowercase, from: '/images/cbf/c_lt.png'; to: '/images/cbf/c_lt.png'

更新 (12/24/14) -

好的,所以我相信这个问题发生在 Spring Security 上。当应用程序尝试从/images/cbf 获取图像时,不是选择模式/images/*,而是选择模式/ .通过选择/它不应该通过 Spring Security 过滤器。那么为什么它选择模式/** 而不是/images/*。这可能是 WebSphere 8.5.5.1 中的问题吗?

这是它可以选择的模式。
<sec:http entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" access-decision-manager-ref="httpRequestAccessDecisionManager">
    <sec:intercept-url pattern="/general/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <sec:intercept-url pattern="/j_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"  filters="none"/>
    <sec:intercept-url pattern="/favicon.ico" access="IS_AUTHENTICATED_ANONYMOUSLY"  filters="none"/>
    <sec:intercept-url pattern="/index*" access="IS_AUTHENTICATED_ANONYMOUSLY"  filters="none"/>
    <sec:intercept-url pattern="/javascript/*" access="IS_AUTHENTICATED_ANONYMOUSLY"  filters="none"/>
    <sec:intercept-url pattern="/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY"  filters="none"/>
    <sec:intercept-url pattern="/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
    <sec:intercept-url pattern="/iframe_black*" access="IS_AUTHENTICATED_ANONYMOUSLY"  filters="none"/>
    <sec:intercept-url pattern="/WebHelp_Pro/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>     
    <sec:intercept-url pattern="/j_spring_security_logout" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <sec:intercept-url pattern="/**" access="ValidUser"/>
    <sec:intercept-url pattern="/cbf/*" access="ValidUserCBF"/>
    <sec:custom-filter ref="j2eePreAuthFilter" position="PRE_AUTH_FILTER" />
    <sec:custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />       
</sec:http>

最佳答案

我能够通过将拦截 URL 模式从/images/* 更改为/images/** 来解决这个问题。这允许存储在/images/cbf 或/images/cbf/button 下的图像不通过 Spring Security 过滤器。

关于java - Spring Security 在打开新窗口时使 JSESSIONID 无效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27581240/

相关文章:

java - 如何以 bean 的形式访问配置?

java - 新网站的Java CMS/Web框架

java - 使用 JSON Sanitizer 的 Spring Boot?

java - 在 Eclipse 调试器中运行的导出、签名 apk 和版本的差异?导致问题的可序列化类

java - 如何在 Java 中从 ASCII 字符串转换为 UTF-8 字符串?

java - 具有参数的批处理文件执行-[Java-OpenSSL]

java - 使用静态变量堆叠 switch 语句并循环 main 方法

database - 数据源 Derby - 连接被拒绝

java - 如何在 SOAPHandler 中不进行任何转换就发送 xml

java - Websphere比Tomcat慢得多的原因可能是什么