2011-11-28 130 views
0

我使用弹簧安全3.春季安全模块后,用户登录失败

我试图登录到应用程序,并充满了错误的用户名/密码组合。经过3次错误的尝试,我充满了正确的用户名/密码组合,但它仍然会返回:

Your login attempt was not successful, try again. 
Reason: Bad credentials 

在开发这(种)OK,因为我只是重新启动服务器,可以登录罚款,但对生产我每次有人忘记密码时都无法重新启动服务器。

我认为可能在超时后等待,我仍然可以登录,但这也不起作用。

应用程序的安全性-web.xml中

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
     xmlns:beans="http://www.springframework.org/schema/beans" 
     xmlns:context="http://www.springframework.org/schema/context" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans-2.5.xsd 
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-3.0.xsd 
         http://www.springframework.org/schema/context 
         http://www.springframework.org/schema/context/spring-context-3.0.xsd"> 

    <context:property-placeholder location="file:${PROPERTIES_HOME}/app.properties" ignore-unresolvable="true"/> 

    <http auto-config="true" use-expressions="true"> 
     <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/> 
     <session-management> 
      <concurrency-control max-sessions="3" error-if-maximum-exceeded="false"/>     
     </session-management> 
    </http> 

    <authentication-manager alias="authenticationManager"> 
     <authentication-provider user-service-ref="userService" /> 
    </authentication-manager> 

    <user-service id="userService"> 
     <user name="foo" password="bar" authorities="ROLE_USER"/> 
    </user-service> 
</beans:beans> 

的web.xml

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
          http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> 
    <display-name>PM app</display-name> 

    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value> 
      classpath:app-service-context.xml 
      classpath:app-dao-context.xml    
      /WEB-INF/app-web-security.xml  
     </param-value> 
    </context-param> 
    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 

    <listener> 
     <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> 
    </listener> 

    <servlet> 
     <servlet-name>pmapp-web</servlet-name> 
     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 

    <servlet-mapping> 
     <servlet-name>app-web</servlet-name> 
     <url-pattern>/app/*</url-pattern> 
    </servlet-mapping> 

    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    <servlet> 
     <servlet-name>CXFServlet</servlet-name> 
     <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class> 
     <load-on-startup>3</load-on-startup> 
    </servlet> 

    <servlet-mapping> 
     <servlet-name>CXFServlet</servlet-name> 
     <url-pattern>/services/*</url-pattern> 
    </servlet-mapping> 

    <mime-mapping> 
     <extension>js</extension> 
     <mime-type>text/javascript</mime-type> 
    </mime-mapping> 

    <filter> 
     <filter-name>urlRewriteFilter</filter-name> 
     <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>urlRewriteFilter</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    <resource-ref> 
     <res-ref-name>jdbc/App</res-ref-name> 
     <res-type>javax.sql.DataSource</res-type> 
     <res-auth>Container</res-auth> 
     <mapped-name>App</mapped-name> 
    </resource-ref> 
</web-app> 

我希望用户能够要么后登录ñ分钟(解锁)或设置数在阻止用户之前的尝试。欢迎任何其他想法。

我使用的弹簧3.0.6.RELEASE和春季安全3.0.6.RELEASE

谢谢!

回答

1

试试Spring Security 3.0.7.RELEASE。这为我解决了完全相同的问题。

+0

修复了我的问题! –