点击此处---> 群内免费提供SAP练习系统(在群公告中)
加入QQ群:457200227(SAP S4 HANA技术交流) 群内免费提供SAP练习系统(在群公告中)
嗨,
我在这里遇到了类似的问题: https://wiki.hybris .com/pages/viewpage.action?pageId = 228399563
我们的rest服务使用HTTP上的基本身份验证进行保护。 使用具有单个线程的Apache JMeter,一切正常,但是一旦使用2个线程,我就会开始间歇性地获得401响应。
有人找到了解决方案吗? 对我来说似乎是hybris错误。
我在spring安全XML文件中使用de.hybris.platform.spring.security.CoreAuthenticationProvider。
JMeter输出:
1448554997720,1,HTTP请求,200,确定,线程组1-2,文本,true,354,2,2,2,1 1448554997721,2,HTTP请求,200,确定,线程组1-1,文本, true,354,2,2,2 1448554997722,1,HTTP Request,200,OK,线程组1-2,文本,true,354,2,2,1 1448554997723,1,HTTP Request,401,未经授权,线程组 1-1,text,false,1391,2,2,1 1448554997723,1,HTTP Request,401,未授权,线程组1-2,text,false,1391,2,2,1 1448554997724,1,HTTP Request, 200,确定,线程组1-1,文本,true,354,2,2,1 1448554997724,1,HTTP请求,确定200,确定,线程组1-2,文本,true,354,2,2,2,1 1448554997725 ,1,HTTP请求,200,确定,线程组1-1,文本,true,354,2,2,1
日志中还有一个堆栈跟踪:
2015年11月26日下午4:24:29 org.apache.catalina.core.StandardWrapperValve在路径为[/app]的上下文中为Servlet [springmvc-web]调用SEVERE:Servlet.service()引发异常de.hybris de.hybris.platform.jalo.user.UserManager上的.platform.jalo.JaloSystemException [HY--1],位于de.hybris.platform.ldap.jalo.security.user.LDAPUserPasswordCheckingStrategy.checkPassword(LDAPUserPasswordCheckingStrategy.java:59)处。 位于de.hybris.platform.jalo.user.User.check.password(UserManager.java:1670)位于de.hybris.platform.jalo.user.User.checkPassword(User.java:524) 在org.springframework.security.authentication.ProviderManager在de.hybris.platform.spring.security.CoreAuthenticationProvider.authenticate(CoreAuthenticationProvider.java:130)在org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)在org.springframework.security.authentication.ProviderManager org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthentic)上的.authenticate(ProviderManager.java:177) org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342)上的ationFilter.java:168)org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)上的ationFilter.java:168) 在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342)在org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter上的.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342)在org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter (SecurityContextPersistenceFilter.java:87)在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:342)在org.springframework.security.web.FilterChainProxy.doFilterInternal( org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)位于org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)位于org.springframework.web org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)上的org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)处的.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) )于org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)于org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)于org.apache.catalina.core.ApplicationFilterChain。 org.apache.catalina.core处的internalDoFilter(ApplicationFilterChain.java:241)org.apac处的de.hybris.platform.util.RootRequestFilter.doFilter(RootRequestFilter.java:873)处的org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 位于org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)的he.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)位于de.hybris.platform.servicelayer.web.XSSFilter.doFilter( XSSFilter.java:230)位于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)位于org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)位于org.apache.catalina org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)上的.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)在org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170上) )在org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)在org.apache.catalina.coreves.ErrorReportValve.java:103)在org.apache.catalina.valves.AccessLogValve。 在org.apache.catalina.connector.CoyoteAdapter处调用(AccessLogValve.java:950)。 org.apache.coyote.http11处的service(CoyoteAdapter.java:421)org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process(AbstractProtocol.java:611)处的org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process(AbstractProtocol.java:611)处的服务(CoyoteAdapter.java:421) .tomcat.util.net.JIoEndpoint $ SocketProcessor.run(JIoEndpoint.java:316)at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)at java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor .java:617),位于org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61),位于java.lang.Thread.run(Thread.java:745),原因:java.lang。 ArrayIndexOutOfBoundsException,位于sun.security.provider.DigestBase.engineUpdate(DigestBase.java:114),位于sun.security.provider.MD5.implDigest(MD5.java:101),位于sun.security.provider.DigestBase.engineDigest(DigestBase.java: 181)在java.security.MessageDigest $ Delegate.engineDigest(MessageDigest.java:588)在sun.security.provider.DigestBase.engineDigest(DigestBase.java:160)在j de.hybris.platform.persistence.security.DigestCalculator.calculateDigest(DigestCalculator.java:83)的ava.security.MessageDigest.digest(MessageDigest.java:365)at de.hybris.platform.persistence.security.MD5PasswordEncoder.calculateMD5( de.hybris.platform.persistence.security.SaltedMD5PasswordEncoder.encode(SaltedMD5PasswordEncoder.java:79)的de5.hybris.platform.persistence.security.SaltedMD5PasswordEncoder.check(SaltedMD5PasswordEncoder.java:126)的MD5PasswordEncoder.java:40) .hybris.platform.jalo.user.DefaultUserPasswordCheckingStrategy.checkPassword(DefaultUserPasswordCheckingStrategy.java:25)at de.hybris.platform.ldap.jalo.security.user.LDAPUserPasswordCheckingStrategy.checkPassword(LDAPUserPasswordCheckingStrategy.java:45)
您应该能够像这样修复它:
扩展类SaltedMD5PasswordEncoder。 覆盖calculateMD5(纯字符串)以执行" return DigestCalculator.getInstance(" MD5")。calculateDigest(plain);"
然后将属性" password.encoders"设置为" md5 = FQCN_of_your_SaltedMD5PasswordEncoder ,* = de.hybris.platform.persistence.security.PlainTextPasswordEncoder"
让我知道是否可行。
嗨,Ronald,我们面临类似的错误,您是否能够解决此问题?
看起来像Hybris错误。 SaltedMD5PasswordEncoder不是线程安全的,但只能实例化一次(PasswordEncoderFactory创建一个实例并将其缓存)。 它使用一个DigestCalculator对象,而该对象又使用一个MessageDigest对象。 如果多个线程并行访问编码器,则会立即进入竞争状态。
很好。 有趣的是,在超过2.5年后,这仍然是一个问题。 :)
一周热门 更多>