春季安全模块后,用户登录失败
问题描述:
我使用弹簧安全3.春季安全模块后,用户登录失败
我试图登录到应用程序,并充满了错误的用户名/密码组合。经过3次错误的尝试,我充满了正确的用户名/密码组合,但它仍然会返回:
Your login attempt was not successful, try again.
Reason: Bad credentials
在开发这(种)OK,因为我只是重新启动服务器,可以登录罚款,但对生产我每次有人忘记密码时都无法重新启动服务器。
我认为可能在超时后等待,我仍然可以登录,但这也不起作用。
应用程序的安全性-web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:property-placeholder location="file:${PROPERTIES_HOME}/app.properties" ignore-unresolvable="true"/>
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<session-management>
<concurrency-control max-sessions="3" error-if-maximum-exceeded="false"/>
</session-management>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userService" />
</authentication-manager>
<user-service id="userService">
<user name="foo" password="bar" authorities="ROLE_USER"/>
</user-service>
</beans:beans>
的web.xml
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>PM app</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:app-service-context.xml
classpath:app-dao-context.xml
/WEB-INF/app-web-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<servlet>
<servlet-name>pmapp-web</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app-web</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>js</extension>
<mime-type>text/javascript</mime-type>
</mime-mapping>
<filter>
<filter-name>urlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>urlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<resource-ref>
<res-ref-name>jdbc/App</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<mapped-name>App</mapped-name>
</resource-ref>
</web-app>
我希望用户能够要么后登录ñ分钟(解锁)或设置数在阻止用户之前的尝试。欢迎任何其他想法。
我使用的弹簧3.0.6.RELEASE和春季安全3.0.6.RELEASE
谢谢!
答
试试Spring Security 3.0.7.RELEASE。这为我解决了完全相同的问题。
修复了我的问题! –