2013-01-20 3 views
0

remember-me 로그인 후 처음으로 ajax 통화에서 아래 오류가 발생합니다. (수동 로그인이 발생합니다.)grails - 스프링 보안 코어 플러그인 - 아약스 콜 - 잘못된 기억 장치 토큰이 일치하지 않습니다.

이상한 것은 persistent_login 레코드가 삭제 된 것입니다. 그런 다음 동일한 키를 사용하여 레코드를 찾으려고 시도합니다.

* 아래 전체 디버그 로깅 (바람둥이와 latests를 사용하여 버전하고 최신 플러그인 Grails의) : (! 당신의 도움을 주셔서 감사합니다)를 *

2013-01-20 13:34:14,261 [http-bio-8080-exec-3] DEBUG hibernate.SQL - 
    delete 
    from 
     grails_persistent_login 
    where 
     series=? 
2013-01-20 13:34:14,262 [http-bio-8080-exec-3] TRACE sql.BasicBinder - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ== 
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie 
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 
| Error 2013-01-20 13:34:14,274 [http-bio-8080-exec-3] ERROR [/].[default] - Servlet.service() for servlet [default] in context with path [] threw exception 
Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack. 
    Line | Method 
->> 1110 | runWorker in java.util.concurrent.ThreadPoolExecutor 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
| 603 | run  in java.util.concurrent.ThreadPoolExecutor$Worker 
^ 722 | run . . . in java.lang.Thread 
2013-01-20 13:34:14,295 [http-bio-8080-exec-7] DEBUG access.ExceptionTranslationFilter - Chain processed normally 
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.HttpSessionSecurityContextRepository - HttpSession being created as SecurityContext is non-default 
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] WARN context.HttpSessionSecurityContextRepository - Failed to create a session, as response has been committed. Unable to store SecurityContext. 
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/grails-errorhandler'; to: '/grails-errorhandler' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Candidate is: '/grails-errorhandler'; pattern is/**; matched=true 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - No HttpSession currently exists 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created. 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie detected 
2013-01-20 13:34:14,313 [http-bio-8080-exec-3] DEBUG hibernate.SQL - 
    select 
     persistent0_.series as series23_0_, 
     persistent0_.last_used as last2_23_0_, 
     persistent0_.token as token23_0_, 
     persistent0_.username as username23_0_ 
    from 
     grails_persistent_login persistent0_ 
    where 
     persistent0_.series=? 
2013-01-20 13:34:14,313 [http-bio-8080-exec-3] TRACE sql.BasicBinder - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ== 
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - No persistent token found for series id: 0V7Xge3Qqb0Nged8S9BeJQ== 
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie 
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuth[email protected]: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY] 
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Previously Authenticated: org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG hierarchicalroles.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps. 
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Authorization successful 
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object 
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter' 
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/grails/error/development500.dispatch'; to: '/grails/error/development500.dispatch' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Candidate is: '/grails/error/development500.dispatch'; pattern is /**; matched=true 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter' 
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain 
2013-01-20 13:34:14,690 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter - Chain processed normally 
2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter - Chain processed normally 
2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
2013-01-20 13:34:14,755 [http-bio- 

답변

0

로그에서 username:anonymousUser, role:ROLE_ANONYMOUS의 사용자는 성공적으로 인증되었지만 rememberme.PersistentTokenBasedRememberMeServices은 anonymousUser를 지원하지 않으며 해당 사용자의 쿠키 만들기를 취소 한 것으로 보입니다.