在春季过滤器链中的会话管理过滤器中获取 Firewalledrequest Classcastexception

【问题标题】:Getting Firewalled Request Classcast exception at sessionMgmt filter in spring filter chain在春季过滤器链中的会话管理过滤器中获取 Firewalledrequest Classcastexception
【发布时间】:2016-03-08 23:17:30
【问题描述】:

我在 spring 过滤器链中使用 session mgmt 过滤器在此类 HttpSessionSecurityContextRepository 中抛出此异常。 这是我的 security-app.xml 的 sn-p 

<beans:bean id="springSecurityFilterChain1" class="org.springframework.security.web.FilterChainProxy">
    <beans:constructor-arg>
        <beans:list>
            <security:filter-chain pattern="/resources/**" filters="none"/>
            <security:filter-chain pattern="/**"
                filters="securityContextPersistenceFilterWithASCTrue, 
                customBadgeAuthFilter,   
                                                      logoutFilter,   

                                                         requestCacheFilter,
                                                         securityContextHolderAwareRequestFilter,
                                                         sessionMgmtFilter,
                                                         formLoginExceptionTranslationFilter,
                                                         filterSecurityInterceptor" />
        </beans:list>

</beans:constructor-arg></beans:bean><beans:bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/> <beans:bean id="requestCacheFilter" class="org.springframework.security.web.savedrequest.RequestCacheAwareFilter" /> <beans:bean id="securityContextPersistenceFilterWithASCTrue" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"> <beans:property name="securityContextRepository" ref="securityContextRepository"/> </beans:bean> <beans:bean id="securityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"/><beans:bean id="sessionMgmtFilter" class="org.springframework.security.web.session.SessionManagementFilter"> <beans:constructor-arg ref="securityContextRepository"/> </beans:bean>

当它试图转换为 SavedContextOnUpdateOrErrorResponseWrapper 时,它是一个类转换。该值由 ContextPersistentFilter 设置,它在我的安全链中作为第一个元素调用

public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
    SaveContextOnUpdateOrErrorResponseWrapper responseWrapper = (SaveContextOnUpdateOrErrorResponseWrapper)response;
    // saveContext() might already be called by the response wrapper
    // if something in the chain called sendError() or sendRedirect(). This ensures we only call it
    // once per request.
    if (!responseWrapper.isContextSaved() ) {
        responseWrapper.saveContext(context);
    }
}

这是我的堆栈跟踪

java.lang.ClassCastException: org.springframework.security.web.firewall.FirewalledResponse cannot be cast to org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
at org.springframework.security.web.context.HttpSessionSecurityContextRepository.saveContext(HttpSessionSecurityContextRepository.java:99)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:93)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:207)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at edu.mayo.fss.security.filter.SecureLoginFilter.doFilter(SecureLoginFilter.java:83)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:207)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at edu.mayo.fss.spring.util.LoggingFilter.doFilter(LoggingFilter.java:41)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:207)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at

请帮忙看看我需要做些什么来解决这个防火墙请求类广播异常。错误在 sessionMgmtFilter 尝试投射时开始。

谢谢 DJ

【问题讨论】:

    标签: java spring spring-mvc spring-security


    【解决方案1】:

    我在 spring-filter 链代理之前有一个二级 servlet 过滤器。 在我摆脱那个过滤器的那一刻,一切都开始工作了。 因此,如果 spring-filter 链没有直接从 jsp 调用,而是通过另一个过滤器路由,然后调用过滤器链,则防火墙请求将抛出 Class Cast 异常。 spring-security 之前的 customFilter 是 FirewalledClass Cast 异常的原因。 

    <filter><filter-name>customFilter</filter-name><filter-class>sas.SecureLoginFilter</filter-class></filter><filter-mapping><filter-name>customFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter>

    【讨论】:

      【解决方案2】:

      我遇到了一些同样的问题,我添加了解决方案here

      可能对身体有帮助。

      【讨论】:

        猜你喜欢
        • 2014-08-24
        • 2013-06-22
        • 2020-09-25
        • 2016-05-30
        • 1970-01-01
        • 2013-11-01
        • 2012-10-27
        • 1970-01-01
        • 1970-01-01
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode