1
Spring Security로 Spring MVC 웹 애플리케이션을 실행 중입니다. 내가 제출 때마다 세션이 나는 점점 오전 (POST과) 만료 후/페이지를 새로 고침 : 여기 세션이 만료 된 후 요청 메소드 'POST'가 지원되지 않습니다.
요청 방법 'POST'를. 스프링 보안에서 CSRF를 비활성화하면 제대로 작동합니다. 제발 여기
여기 내 스프링 구성org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported at org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping.handleNoMatch(RequestMappingInfoHandlerMapping.java:204) at org.springframework.web.servlet.handler.AbstractHandlerMethodMapping.lookupHandlerMethod(AbstractHandlerMethodMapping.java:382) at org.springframework.web.servlet.handler.AbstractHandlerMethodMapping.getHandlerInternal(AbstractHandlerMethodMapping.java:322) at org.springframework.web.servlet.handler.AbstractHandlerMethodMapping.getHandlerInternal(AbstractHandlerMethodMapping.java:60) at org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:351) at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:1120) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:932) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:969) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:871) at javax.servlet.http.HttpServlet.service(HttpServlet.java:661) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:845) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:467) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:392) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:311) at org.springframework.security.web.firewall.RequestWrapper$FirewalledRequestAwareRequestDispatcher.forward(RequestWrapper.java:139) at org.springframework.security.web.access.AccessDeniedHandlerImpl.handle(AccessDeniedHandlerImpl.java:71) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:110) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)http .authorizeRequests() .antMatchers("/login**").permitAll() .antMatchers("/help**").permitAll() .antMatchers("/faq/**").permitAll() .antMatchers("/denied").permitAll() .antMatchers("/checkSSO").permitAll() .antMatchers("/product/lease/list").permitAll() .antMatchers("/request/lease/product/list").permitAll() .antMatchers("/product/view/**").permitAll() .antMatchers("/product/image/**").permitAll() .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')") // .antMatchers("/db/**").access("hasRole('ROLE_ADMIN') and hasRole('DBA')") .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .successHandler(customSuccessHandler()) .and() .logout() .logoutUrl("/login?logout") .invalidateHttpSession(true).deleteCookies("JSESSIONID") .and() .exceptionHandling() .accessDeniedPage("/denied") .and() .exceptionHandling() .authenticationEntryPoint(ssoAuthenticationEntryPoint()) .and() .addFilterBefore(userNameTransformationFilter(), UsernamePasswordAuthenticationFilter.class) .addFilterBefore(customPreAuthSecurityFilter(), BasicAuthenticationFilter.class) .addFilterAfter(waffleNegotiateSecurityFilter(), BasicAuthenticationFilter.class) .addFilterAfter(customNegotiateSecurityFilter(), BasicAuthenticationFilter.class) .authorizeRequests() .anyRequest().fullyAuthenticated();인 인증 진입 점 자바 클래스
public class SSOAuthenticationEntryPoint extends NegotiateSecurityFilterEntryPoint { private static final Logger logger = Logger.getLogger(SSOAuthenticationEntryPoint.class); /* * (non-Javadoc) * @see org.springframework.security.web.AuthenticationEntryPoint#commence(javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, org.springframework.security.core.AuthenticationException) */ @Override public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException ex) throws IOException, ServletException { String ctxPath = ((HttpServletRequest) request).getContextPath(); String requestURI = request.getRequestURI(); logger.info(" start authentication process - " + requestURI); if (("" + ctxPath + "/rest/sso").equalsIgnoreCase(requestURI)) { super.commence(request, response, ex); } else { Boolean hasCheckedSSO = (Boolean) request.getSession().getAttribute(SecurityConstants.ATTR_HAS_CHECKED_SSO); Boolean ssoUserNotFound = (Boolean) request.getSession().getAttribute(SecurityConstants.ATTR_SSO_USER_NOT_FOUND); logger.info("hasCheckedSSO = " + hasCheckedSSO + ", ssoUserNotFound = " + ssoUserNotFound); String target = request.getRequestURI() + (request.getQueryString() != null ? "?" + request.getQueryString() : ""); request.getSession().setAttribute(SecurityConstants.ATTR_TARGET, target); if (ssoUserNotFound != null && ssoUserNotFound) { response.sendRedirect(ctxPath + "/login?noaccess"); } else if (hasCheckedSSO == null) { request.getSession().setAttribute("hasCheckedSSO", Boolean.TRUE); target = URLEncoder.encode(target, "UTF-8"); response.sendRedirect(ctxPath + "/checkSSO?target=" + target); } else { response.sendRedirect(ctxPath + "/login"); } } } }은 어떤 제안입니까?
예, GET 메소드가있는 컨트롤러가 있습니다. – Rajesh