0
remember-me
로그인 후 처음으로 ajax
통화에서 아래 오류가 발생합니다. (수동 로그인이 발생합니다.)grails - 스프링 보안 코어 플러그인 - 아약스 콜 - 잘못된 기억 장치 토큰이 일치하지 않습니다.
이상한 것은 persistent_login
레코드가 삭제 된 것입니다. 그런 다음 동일한 키를 사용하여 레코드를 찾으려고 시도합니다.
* 아래 전체 디버그 로깅 (바람둥이와 latests를 사용하여 버전하고 최신 플러그인 Grails의) : (! 당신의 도움을 주셔서 감사합니다)를 *
2013-01-20 13:34:14,261 [http-bio-8080-exec-3] DEBUG hibernate.SQL -
delete
from
grails_persistent_login
where
series=?
2013-01-20 13:34:14,262 [http-bio-8080-exec-3] TRACE sql.BasicBinder - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ==
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession.
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
| Error 2013-01-20 13:34:14,274 [http-bio-8080-exec-3] ERROR [/].[default] - Servlet.service() for servlet [default] in context with path [] threw exception
Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
Line | Method
->> 1110 | runWorker in java.util.concurrent.ThreadPoolExecutor
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 603 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 722 | run . . . in java.lang.Thread
2013-01-20 13:34:14,295 [http-bio-8080-exec-7] DEBUG access.ExceptionTranslationFilter - Chain processed normally
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.HttpSessionSecurityContextRepository - HttpSession being created as SecurityContext is non-default
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] WARN context.HttpSessionSecurityContextRepository - Failed to create a session, as response has been committed. Unable to store SecurityContext.
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/grails-errorhandler'; to: '/grails-errorhandler'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Candidate is: '/grails-errorhandler'; pattern is/**; matched=true
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - No HttpSession currently exists
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie detected
2013-01-20 13:34:14,313 [http-bio-8080-exec-3] DEBUG hibernate.SQL -
select
persistent0_.series as series23_0_,
persistent0_.last_used as last2_23_0_,
persistent0_.token as token23_0_,
persistent0_.username as username23_0_
from
grails_persistent_login persistent0_
where
persistent0_.series=?
2013-01-20 13:34:14,313 [http-bio-8080-exec-3] TRACE sql.BasicBinder - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ==
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - No persistent token found for series id: 0V7Xge3Qqb0Nged8S9BeJQ==
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuth[email protected]: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Previously Authenticated: org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG hierarchicalroles.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Authorization successful
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter'
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/grails/error/development500.dispatch'; to: '/grails/error/development500.dispatch'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Candidate is: '/grails/error/development500.dispatch'; pattern is /**; matched=true
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain
2013-01-20 13:34:14,690 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter - Chain processed normally
2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter - Chain processed normally
2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession.
2013-01-20 13:34:14,755 [http-bio-