nginx + tomcat + spring boot,部署到ubuntu session丢失

杨彬Lennon 发布于 2018/05/31 13:40
阅读 1K+
收藏 0

环境如题,项目结构是前后端分离,后端两个war包,一个service和一个controller层。我使用ibase4j的springboot版本进行开发,在部署的时候,登录之后,在后台看到登陆成功了,创建了一个session,然后转发到权限认证接口,紧接着又创建了一个session,然后权限认证接口就返回了用户没有登录的信息,前端页面又跳转到登录页。F12看cookie中没有JSESSIONID。与此同时,在用户请求登录的时候,controller异常,信息如下:

2018-05-31 13:14:52.286 [http-nio-8088-exec-1] INFO [XssFilter:74] - 校验URL:/login
2018-05-31 13:14:52.294  INFO 26902 --- [nio-8088-exec-1] a.s.s.m.AbstractValidatingSessionManager : Enabling session validation scheduler...
2018-05-31 13:14:52.305  WARN 26902 --- [nio-8088-exec-1] o.a.shiro.mgt.AbstractRememberMeManager  : There was a failure while trying to retrieve remembered principals.  This could be due to a configuration problem or corrupted principals.  This could also be due to a recently changed encryption key, if you are using a shiro.ini file, this property would be 'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. The remembered identity will be forgotten and not used for this request.
2018-05-31 13:14:52.310  WARN 26902 --- [nio-8088-exec-1] o.a.shiro.mgt.DefaultSecurityManager     : Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().

org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with cipher instance [javax.crypto.Cipher@6fac8a87].
	at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:482) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:612) [shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:500) [shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:346) [shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845) [shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) [shiro-web-1.4.0.jar:1.4.0]
	at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) [shiro-web-1.4.0.jar:1.4.0]
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) [shiro-web-1.4.0.jar:1.4.0]
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.4.0.jar:1.4.0]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.0.2.RELEASE.jar:5.0.2.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.0.2.RELEASE.jar:5.0.2.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.52]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.52]
	at top.ibase4j.core.filter.XssFilter.doFilter(XssFilter.java:96) [ibase4j-common-3.1.1.jar:na]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.52]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.52]
	at top.ibase4j.core.filter.CsrfFilter.doFilter(CsrfFilter.java:48) [ibase4j-common-3.1.1.jar:na]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.52]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.52]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.0.2.RELEASE.jar:5.0.2.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.2.RELEASE.jar:5.0.2.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.52]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.52]
	at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:117) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE]
	at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:61) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE]
	at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:92) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.2.RELEASE.jar:5.0.2.RELEASE]
	at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:110) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.52]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.52]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.0.2.RELEASE.jar:5.0.2.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.2.RELEASE.jar:5.0.2.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [catalina.jar:8.0.52]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [catalina.jar:8.0.52]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [catalina.jar:8.0.52]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94) [catalina.jar:8.0.52]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496) [catalina.jar:8.0.52]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [catalina.jar:8.0.52]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.52]
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) [catalina.jar:8.0.52]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.52]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) [catalina.jar:8.0.52]
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1156) [tomcat-coyote.jar:8.0.52]
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) [tomcat-coyote.jar:8.0.52]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539) [tomcat-coyote.jar:8.0.52]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495) [tomcat-coyote.jar:8.0.52]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_171]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_171]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.52]
	at java.lang.Thread.run(Thread.java:748) [na:1.8.0_171]
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:991) ~[sunjce_provider.jar:1.8.0_171]
	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847) ~[sunjce_provider.jar:1.8.0_171]
	at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446) ~[sunjce_provider.jar:1.8.0_171]
	at javax.crypto.Cipher.doFinal(Cipher.java:2164) ~[na:1.8.0_171]
	at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459) ~[shiro-core-1.4.0.jar:1.4.0]
	... 55 common frames omitted

2018-05-31 13:14:52.357 [http-nio-8088-exec-1] INFO [SessionListener:29] - 创建了一个Session连接:[2d273cc1-15de-4038-a518-4175dca3c3dc]
2018-05-31 13:14:52.372 [http-nio-8088-exec-1] INFO [EventInterceptor:44] - URI [/login] request start...
2018-05-31 13:14:52.376 [http-nio-8088-exec-1] INFO [WebUtil:230] - getRemoteAddr ip: 218.241.189.28
2018-05-31 13:14:52.452 [http-nio-8088-exec-1] INFO [Realm:78] - [1002055790678274050] execute sysUserService.queryList start...
2018-05-31 13:14:52.491 [http-nio-8088-exec-1] INFO [Realm:80] - [1002055790678274050] execute sysUserService.queryList end.
2018-05-31 13:14:52.501 [http-nio-8088-exec-1] INFO [Realm:108] - [1002055790887989250] execute querySessionIdByAccount start...
2018-05-31 13:14:52.506 [http-nio-8088-exec-1] INFO [Realm:110] - [1002055790887989250] execute querySessionIdByAccount end.
2018-05-31 13:14:52.508 [http-nio-8088-exec-1] INFO [Realm:131] - [1002055790917349378] execute sysSessionService.update start...
2018-05-31 13:14:52.518 [http-nio-8088-exec-1] INFO [Realm:133] - [1002055790917349378] execute sysSessionService.update end.
2018-05-31 13:14:52.538 [http-nio-8088-exec-1] INFO [AbstractController:148] - RESPONSE : {"code":"200","msg":"请求成功","timestamp":1527743692538}
2018-05-31 13:14:52.555 [http-nio-8088-exec-1] INFO [WebUtil:230] - getRemoteAddr ip: 218.241.189.28
2018-05-31 13:14:53.213 [http-nio-8088-exec-3] INFO [XssFilter:74] - 校验URL:/user/read/promission
2018-05-31 13:14:53.218 [http-nio-8088-exec-3] INFO [SessionListener:29] - 创建了一个Session连接:[9ae786f7-ca0d-4f68-aaf5-07341c5d5666]
2018-05-31 13:14:53.274 [http-nio-8088-exec-2] INFO [XssFilter:74] - 校验URL:/unauthorized
2018-05-31 13:14:53.286 [http-nio-8088-exec-2] INFO [EventInterceptor:44] - URI [/unauthorized] request start...
2018-05-31 13:14:53.287 [http-nio-8088-exec-2] INFO [AbstractController:148] - RESPONSE : {"code":"401","msg":"您还没有登录","timestamp":1527743693287}
2018-05-31 13:14:53.289 [http-nio-8088-exec-2] INFO [WebUtil:230] - getRemoteAddr ip: 218.241.189.28
2018-05-31 13:14:53.290 [http-nio-8088-exec-2] WARN [EventInterceptor:122] - The user [218.241.189.28@Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36] no login

我曾排查nginx,因为我的项目war包名是ROOT,所以不存在因为cookie路径导致的丢失问题,诸如

            proxy_redirect  off;
            proxy_set_header        Host    $http_host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            add_header From localhost;
            proxy_cookie_path / /;
            proxy_set_header   Cookie $http_cookie;
            chunked_transfer_encoding       off;

的配置也加了,不起作用。同时也换过nginx版本,从1.10升到1.13,依然不起作用。

 

现在看来,怀疑是生产环境中,shiro的rememberMe这个东西的加密受到了影响,但不了解其机制,希望前辈不吝赐教,谢谢!!!

加载中
0
M
MrChen89

你两个项目session当然是分开的啊,你要做分布式session

返回顶部
顶部