org.springframework.security.authentication.BadCredentialsException: The present

  • spring security http配置
<http auto-config="true" use-expressions="true">
        <intercept-url pattern="/css/**" access="permitAll"/>
        <intercept-url pattern="/fonts/**" access="permitAll"/>
        <intercept-url pattern="/js/**" access="permitAll"/>
        <intercept-url pattern="/signup.html*" access="permitAll"/>
        <intercept-url pattern="/login.html*" access="permitAll"/>
        <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>

        <remember-me services-ref="enhancedTokenRememberMeServices"/>
        <form-login login-page="/login.html" default-target-url="/home.html" login-processing-url="/login"
                    username-parameter="username" password-parameter="password"/>
        <logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/>
    </http>
  •  自定义remember me service
    <beans:bean id="enhancedPersistentTokenBasedRememberMeServices" class="com.aasonwu.mycompany.EnhancedPersistentTokenBasedRememberMeServices">
            <beans:constructor-arg type="java.lang.String"
                                   value="BoSk70Yar38~veg91DoCKs=sLaIn!metE55bURgs71rug;ILEa=Ikon79sept+ree$Fuel99baKER;wOe43JackS=TinS79babA73tiLmibs10bIsE*"/>
            <beans:constructor-arg type="org.springframework.security.core.userdetails.UserDetailsService"
                                   ref="userDao"/>
            <beans:constructor-arg type="org.springframework.security.web.authentication.rememberme.PersistentTokenRepository"
                                   ref="jdbcTokenRepository" />
            <beans:property name="cookieName" value="MYCOMPANY_REMEMBER_ME"/>
            <beans:property name="parameter" value="remember_me"/>
        </beans:bean>
     
  • 运行时遇到出错
    org.springframework.security.authentication.BadCredentialsException: The presented RememberMeAuthenticationToken does not contain the expected key
    	at org.springframework.security.authentication.RememberMeAuthenticationProvider.authenticate(RememberMeAuthenticationProvider.java:64) ~[RememberMeAuthenticationProvider.class:3.2.2.RELEASE]
    	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) ~[ProviderManager.class:3.2.2.RELEASE]
    	at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102) ~[RememberMeAuthenticationFilter.class:3.2.2.RELEASE]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
    	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) [SecurityContextHolderAwareRequestFilter.class:3.2.2.RELEASE]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
    	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [RequestCacheAwareFilter.class:3.2.2.RELEASE]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
    	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) [BasicAuthenticationFilter.class:3.2.2.RELEASE]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
    	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) [AbstractAuthenticationProcessingFilter.class:3.2.2.RELEASE]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
    	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [LogoutFilter.class:3.2.2.RELEASE]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
    	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) [WebAsyncManagerIntegrationFilter.class:3.2.2.RELEASE]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108) [OncePerRequestFilter.class:4.0.2.RELEASE]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
    	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [SecurityContextPersistenceFilter.class:3.2.2.RELEASE]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
    	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [FilterChainProxy.class:3.2.2.RELEASE]
    	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [FilterChainProxy.class:3.2.2.RELEASE]
    	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [DelegatingFilterProxy.class:4.0.2.RELEASE]
    	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [DelegatingFilterProxy.class:4.0.2.RELEASE]
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:8.0.0-RC10]
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:8.0.0-RC10]
    	at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129) [SiteMeshFilter.class:na]
    	at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77) [SiteMeshFilter.class:na]
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:8.0.0-RC10]
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:8.0.0-RC10]
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:221) [catalina.jar:8.0.0-RC10]
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:107) [catalina.jar:8.0.0-RC10]
    	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) [catalina.jar:8.0.0-RC10]
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [catalina.jar:8.0.0-RC10]
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:76) [catalina.jar:8.0.0-RC10]
    	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:934) [catalina.jar:8.0.0-RC10]
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:90) [catalina.jar:8.0.0-RC10]
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [catalina.jar:8.0.0-RC10]
    	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1015) [tomcat-coyote.jar:8.0.0-RC10]
    	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:646) [tomcat-coyote.jar:8.0.0-RC10]
    	at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:277) [tomcat-coyote.jar:8.0.0-RC10]
    	at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2451) [tomcat-coyote.jar:8.0.0-RC10]
    	at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2440) [tomcat-coyote.jar:8.0.0-RC10]
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_51]
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_51]
    	at java.lang.Thread.run(Thread.java:744) [na:1.7.0_51]
    60123 [http-apr-8080-exec-1] DEBUG c.a.m.EnhancedTokenRememberMeServices - Interactive login attempt was unsuccessful.
    60123 [http-apr-8080-exec-1] DEBUG c.a.m.EnhancedTokenRememberMeServices - Cancelling cookie
     
  • 解决问题方案。在remember-me 标签上添加key属性,与remember-me bean中的key相同,即可
    <remember-me services-ref="enhancedTokenRememberMeServices"
                         key="BoSk70Yar38~veg91DoCKs=sLaIn!metE55bURgs71rug;ILEa=Ikon79sept+ree$Fuel99baKER;wOe43JackS=TinS79babA73tiLmibs10bIsE*"/>
     

你可能感兴趣的:(springframework)