I am adding authentication to my Spring MVC HTTP API.
I have setup a trivial authentication: the X-AUTH-TOKEN HTTP header contains the username.
I am using #PreAuthorize to do security checks.
Everything works when security is implemented at the controller layer.
However, when I try to add #PreAuthorize(...) at the service layer,
it fails with AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext.
It's like the security context is lost when calling the service.
The TokenAuthentication.kt file contains the whole auth process:
class TokenAuthentication(
private val user: User,
private val token: String,
): Authentication {
override fun getName(): String = user.id
override fun getAuthorities(): MutableCollection<out GrantedAuthority> = mutableListOf()
override fun getCredentials(): Any = token
override fun getDetails(): Any = user
override fun getPrincipal(): Any = user.id
override fun isAuthenticated(): Boolean = true
override fun setAuthenticated(isAuthenticated: Boolean) {
}
}
class TokenAuthenticationFilter(
private val userService: UserService,
): OncePerRequestFilter() {
private fun getAuthentication(request: HttpServletRequest): Authentication? {
val auth = request.getHeader("X-AUTH-TOKEN") ?: return null
val user: User
try {
user = userService.get(auth)
} catch (_: NoSuchElementException) {
return null
}
return TokenAuthentication(user, auth)
}
override fun doFilterInternal(
request: HttpServletRequest,
response: HttpServletResponse,
filterChain: FilterChain,
) {
val auth = getAuthentication(request)
println("AUTHENTICATED WITH USER: ${auth?.name}")
SecurityContextHolder.getContext().authentication = auth
filterChain.doFilter(request, response)
SecurityContextHolder.getContext().authentication = null
}
}
The Configuration.kt configures Spring security to enable #PreAuthorize:
#Configuration
#EnableWebSecurity
#EnableGlobalMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true,
)
class WebSecurityConfiguration(
private val userService: UserService,
): WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity?) {
if (http == null)
return
SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL)
http
.addFilterBefore(
TokenAuthenticationFilter(userService),
UsernamePasswordAuthenticationFilter::class.java,
)
}
}
The SecurityContextHolder.setStrategyName(...) is a failed attempt to solve my problem.
Working code (#PreAuthorize at controller layer):
#RestController
#RequestMapping("/users")
class UserController(
private val userMapper: UserMapper,
private val userService: UserService,
...
) {
#GetMapping("/{uid}")
#PreAuthorize("authentication.name == #uid")
fun getUser(#PathVariable uid: String): ResponseEntity<UserDto> =
ResponseEntity.ok(userMapper.toDto(userService.get(uid)))
}
Non-working code (#PreAuthorize at service layer):
#Service
class UserService(private val repository: UserRepository) {
#PreAuthorize("authentication.name == #id")
fun get(id: String): User {
println("USER SERVICE THREAD: ${Thread.currentThread().getId()}")
println("Security: ${SecurityContextHolder.getContext()}")
println("Security: ${SecurityContextHolder.getContext().authentication}")
println("Security: ${SecurityContextHolder.getContext().authentication?.name}")
return repository.findByIdOrNull(id)
?: throw NoSuchElementException("user not found: $id")
}
}
How do I make it so #PreAuthorize works from the service layer?
Thank you
Logs when #PreAuthorize is at the controller layer:
2022-08-03 10:48:04.084 INFO 12179 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-08-03 10:48:04.085 INFO 12179 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2022-08-03 10:48:04.085 DEBUG 12179 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Detected StandardServletMultipartResolver
2022-08-03 10:48:04.085 DEBUG 12179 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Detected AcceptHeaderLocaleResolver
2022-08-03 10:48:04.085 DEBUG 12179 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Detected FixedThemeResolver
2022-08-03 10:48:04.090 DEBUG 12179 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator#7bd3e67d
2022-08-03 10:48:04.093 DEBUG 12179 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Detected org.springframework.web.servlet.support.SessionFlashMapManager#ddffdcd
2022-08-03 10:48:04.094 DEBUG 12179 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : enableLoggingRequestDetails='true': request parameters and headers will be shown which may lead to unsafe logging of potentially sensitive data
2022-08-03 10:48:04.094 INFO 12179 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 9 ms
2022-08-03 10:48:04.141 DEBUG 12179 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /users/foo
2022-08-03 10:48:04.149 DEBUG 12179 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Null authentication]
2022-08-03 10:48:04.157 DEBUG 12179 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
USER SERVICE THREAD: 117
Security: SecurityContextImpl [Null authentication]
Security: null
Security: null
2022-08-03 10:48:04.256 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Creating new transaction with name [org.springframework.data.jpa.repository.support.SimpleJpaRepository.findById]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly
2022-08-03 10:48:04.257 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Opened new EntityManager [SessionImpl(2065262541<open>)] for JPA transaction
2022-08-03 10:48:04.268 DEBUG 12179 --- [nio-8080-exec-1] o.s.jdbc.datasource.DataSourceUtils : Setting JDBC Connection [HikariProxyConnection#1452472521 wrapping org.mariadb.jdbc.MariaDbConnection#2c090939] read-only
2022-08-03 10:48:04.276 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Exposing JPA transaction as JDBC [org.springframework.orm.jpa.vendor.HibernateJpaDialect$HibernateConnectionHandle#4acfeef6]
2022-08-03 10:48:04.469 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Initiating transaction commit
2022-08-03 10:48:04.470 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Committing JPA transaction on EntityManager [SessionImpl(2065262541<open>)]
2022-08-03 10:48:04.475 DEBUG 12179 --- [nio-8080-exec-1] o.s.jdbc.datasource.DataSourceUtils : Resetting read-only flag of JDBC Connection [HikariProxyConnection#1452472521 wrapping org.mariadb.jdbc.MariaDbConnection#2c090939]
2022-08-03 10:48:04.476 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Closing JPA EntityManager [SessionImpl(2065262541<open>)] after transaction
AUTHENTICATED WITH USER: foo
THREAD ID: 117
2022-08-03 10:48:04.494 DEBUG 12179 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Secured GET /users/foo
2022-08-03 10:48:04.508 DEBUG 12179 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : GET "/users/foo", parameters={}
2022-08-03 10:48:04.545 DEBUG 12179 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.foo.controller.UserController#getUser(String)
2022-08-03 10:48:04.549 DEBUG 12179 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2022-08-03 10:48:04.660 DEBUG 12179 --- [nio-8080-exec-1] o.s.s.a.i.a.MethodSecurityInterceptor : Authorized ReflectiveMethodInvocation: public org.springframework.http.ResponseEntity org.foo.controller.UserController.getUser(java.lang.String); target is of class [org.foo.controller.UserController] with attributes [[authorize: 'authentication.name == #uid', filter: 'null', filterTarget: 'null']]
USER SERVICE THREAD: 117
Security: SecurityContextImpl [Authentication=org.foo.security.TokenAuthentication#342a2d68]
Security: org.foo.security.TokenAuthentication#342a2d68
Security: foo
2022-08-03 10:48:04.671 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Found thread-bound EntityManager [SessionImpl(1531969803<open>)] for JPA transaction
2022-08-03 10:48:04.671 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Creating new transaction with name [org.springframework.data.jpa.repository.support.SimpleJpaRepository.findById]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly
2022-08-03 10:48:04.671 DEBUG 12179 --- [nio-8080-exec-1] o.s.jdbc.datasource.DataSourceUtils : Setting JDBC Connection [HikariProxyConnection#977246828 wrapping org.mariadb.jdbc.MariaDbConnection#2c090939] read-only
2022-08-03 10:48:04.671 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Exposing JPA transaction as JDBC [org.springframework.orm.jpa.vendor.HibernateJpaDialect$HibernateConnectionHandle#5f1bb12e]
2022-08-03 10:48:04.674 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Initiating transaction commit
2022-08-03 10:48:04.675 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Committing JPA transaction on EntityManager [SessionImpl(1531969803<open>)]
2022-08-03 10:48:04.677 DEBUG 12179 --- [nio-8080-exec-1] o.s.jdbc.datasource.DataSourceUtils : Resetting read-only flag of JDBC Connection [HikariProxyConnection#977246828 wrapping org.mariadb.jdbc.MariaDbConnection#2c090939]
2022-08-03 10:48:04.677 DEBUG 12179 --- [nio-8080-exec-1] o.s.orm.jpa.JpaTransactionManager : Not closing pre-bound JPA EntityManager after transaction
2022-08-03 10:48:04.762 DEBUG 12179 --- [nio-8080-exec-1] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using 'application/json', given [*/*] and supported [application/json, application/*+json, application/json, application/*+json]
2022-08-03 10:48:04.774 DEBUG 12179 --- [nio-8080-exec-1] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Writing [UserDto(id=foo, mail=foo#example.com)]
2022-08-03 10:48:04.797 DEBUG 12179 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=org.foo.security.TokenAuthentication#342a2d68] to HttpSession [org.apache.catalina.session.StandardSessionFacade#4643bb4]
2022-08-03 10:48:04.801 DEBUG 12179 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2022-08-03 10:48:04.802 DEBUG 12179 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed 200 OK
2022-08-03 10:48:04.803 DEBUG 12179 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-08-03 10:48:04.803 DEBUG 12179 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
Logs when #PreAuthorize is at the service layer:
2022-08-03 10:35:44.242 INFO 11476 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-08-03 10:35:44.243 INFO 11476 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2022-08-03 10:35:44.244 DEBUG 11476 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Detected StandardServletMultipartResolver
2022-08-03 10:35:44.245 DEBUG 11476 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Detected AcceptHeaderLocaleResolver
2022-08-03 10:35:44.245 DEBUG 11476 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Detected FixedThemeResolver
2022-08-03 10:35:44.253 DEBUG 11476 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator#689e0f14
2022-08-03 10:35:44.255 DEBUG 11476 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Detected org.springframework.web.servlet.support.SessionFlashMapManager#3ad0d92
2022-08-03 10:35:44.255 DEBUG 11476 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : enableLoggingRequestDetails='true': request parameters and headers will be shown which may lead to unsafe logging of potentially sensitive data
2022-08-03 10:35:44.255 INFO 11476 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 11 ms
2022-08-03 10:35:44.293 DEBUG 11476 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /users/foo
2022-08-03 10:35:44.307 DEBUG 11476 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Null authentication]
2022-08-03 10:35:44.311 DEBUG 11476 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-08-03 10:35:44.330 DEBUG 11476 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-08-03 10:35:44.330 DEBUG 11476 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-08-03 10:35:44.345 ERROR 11476 --- [nio-8080-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:336) ~[spring-security-core-5.6.3.jar:5.6.3]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:200) ~[spring-security-core-5.6.3.jar:5.6.3]
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:58) ~[spring-security-core-5.6.3.jar:5.6.3]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.19.jar:5.3.19]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763) ~[spring-aop-5.3.19.jar:5.3.19]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708) ~[spring-aop-5.3.19.jar:5.3.19]
at org.foo.service.UserService$$EnhancerBySpringCGLIB$$15f563de.get(<generated>) ~[main/:na]
at org.foo.security.TokenAuthenticationFilter.getAuthentication(TokenAuthentication.kt:50) ~[main/:na]
at org.foo.security.TokenAuthenticationFilter.doFilterInternal(TokenAuthentication.kt:63) ~[main/:na]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.6.3.jar:5.6.3]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.19.jar:5.3.19]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.19.jar:5.3.19]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.62.jar:9.0.62]
at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
2022-08-03 10:35:44.357 DEBUG 11476 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /error
2022-08-03 10:35:44.358 DEBUG 11476 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Null authentication]
2022-08-03 10:35:44.358 DEBUG 11476 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-08-03 10:35:44.367 DEBUG 11476 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2022-08-03 10:35:44.370 DEBUG 11476 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Secured GET /error
2022-08-03 10:35:44.377 DEBUG 11476 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for GET "/error", parameters={}
2022-08-03 10:35:44.412 DEBUG 11476 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2022-08-03 10:35:44.414 DEBUG 11476 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2022-08-03 10:35:44.508 DEBUG 11476 --- [nio-8080-exec-1] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using 'application/json', given [*/*] and supported [application/json, application/*+json, application/json, application/*+json]
2022-08-03 10:35:44.511 DEBUG 11476 --- [nio-8080-exec-1] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Writing [{timestamp=Wed Aug 03 10:35:44 CEST 2022, status=500, error=Internal Server Error, trace=org.springf (truncated)...]
2022-08-03 10:35:44.751 DEBUG 11476 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2022-08-03 10:35:44.764 DEBUG 11476 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2022-08-03 10:35:44.766 DEBUG 11476 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 500
2022-08-03 10:35:44.773 DEBUG 11476 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2022-08-03 10:35:44.773 DEBUG 11476 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
Related
On making a GET Request which returns a ModelAndView Object I am getting the following error
: GET "/tweet2?email=tim#gmail.com", parameters={masked} 2022-03-08
11:04:45.459 DEBUG 46576 --- [nio-8080-exec-3]
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to
com.example.demo.RestAPIExample#getTweetsByEmail(String) 2022-03-08
11:04:45.464 DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.s.v.ContentNegotiatingViewResolver : Selected '/' given [/]
2022-03-08 11:04:45.464 DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.servlet.view.InternalResourceView : View name 'tweets', model
{tweets=[com.example.demo.Tweet#3a7a85cb]} 2022-03-08 11:04:45.465
DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.servlet.view.InternalResourceView : Forwarding to [tweets]
2022-03-08 11:04:45.467 DEBUG 46576 --- [nio-8080-exec-3]
o.s.web.servlet.DispatcherServlet : "FORWARD" dispatch for GET
"/tweets?email=tim#gmail.com", parameters={masked} 2022-03-08
11:04:45.470 DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to
ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath
[resources/], classpath [static/], classpath [public/], ServletContext
[/]] 2022-03-08 11:04:45.472 DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2022-03-08 11:04:45.473 DEBUG 46576 --- [nio-8080-exec-3]
o.s.web.servlet.DispatcherServlet : Exiting from "FORWARD"
dispatch, status 404 2022-03-08 11:04:45.473 DEBUG 46576 ---
[nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Completed
404 NOT_FOUND 2022-03-08 11:04:45.474 DEBUG 46576 ---
[nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : "ERROR"
dispatch for GET "/error?email=tim#gmail.com", parameters={masked}
2022-03-08 11:04:45.475 DEBUG 46576 --- [nio-8080-exec-3]
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to
org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2022-03-08 11:04:45.482 DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using 'application/json',
given [/] and supported [application/json, application/+json,
application/json, application/+json] 2022-03-08 11:04:45.483 DEBUG
46576 --- [nio-8080-exec-3] o.s.w.s.m.m.a.HttpEntityMethodProcessor :
Writing [{timestamp=Tue Mar 08 11:04:45 IST 2022, status=404,
error=Not Found, path=/tweet2}] 2022-03-08 11:04:45.497 DEBUG 46576
--- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 404
Here is the code I wrote:
#GetMapping("/tweet2")
public ModelAndView getTweetsByEmail(#RequestParam String email) {
ModelAndView modelAndView = new ModelAndView("tweets");
List<Tweet> tweets = tweetMap.get(email);
modelAndView.getModel().put("tweets",tweets);
return modelAndView;
}
And there is a tweets.mustache file under the resources folder. Not sure why its unable to detect it
I'm trying to return index.html which is placed under src/main/resources/templates but it seems that it is not loading.
StackTrace
2020-07-24 00:09:11.881 DEBUG 17204 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : GET "/", parameters={}
2020-07-24 00:09:11.884 DEBUG 17204 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.Alex.Flights.FlightsController#getIndexForm(ModelMap)
2020-07-24 00:09:11.885 DEBUG 17204 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2020-07-24 00:09:11.902 DEBUG 17204 --- [nio-8080-exec-1] o.s.w.s.v.ContentNegotiatingViewResolver : Selected 'text/html' given [text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8]
2020-07-24 00:09:11.902 DEBUG 17204 --- [nio-8080-exec-1] o.s.w.servlet.view.InternalResourceView : View name 'index', model {userForm=Flights [flightNumber=dummy, origin=dummy, destination=dummy, takeOffTime=dummy, landingTime=dummy, flightDuration=dummy, takeOffDate=Fri Jul 24 00:09:11 SGT 2020, landingDate=Fri Jul 24 00:09:11 SGT 2020, flightReturn=false], org.springframework.validation.BindingResult.userForm=org.springframework.validation.BeanPropertyBindingResult: 0 errors}
2020-07-24 00:09:11.903 DEBUG 17204 --- [nio-8080-exec-1] o.s.w.servlet.view.InternalResourceView : Forwarding to [index]
2020-07-24 00:09:11.905 DEBUG 17204 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : "FORWARD" dispatch for GET "/index", parameters={}
2020-07-24 00:09:11.907 DEBUG 17204 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler ["classpath:/META-INF/resources/", "classpath:/resources/", "classpath:/static/", "classpath:/public/", "/"]
2020-07-24 00:09:11.908 DEBUG 17204 --- [nio-8080-exec-1] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
Method in controller
package com.Alex.Flights;
#RequestMapping(value = "/", method = RequestMethod.GET)
public String getIndexForm(ModelMap model) {
model.addAttribute("userForm", new Flights("dummy", "dummy", "dummy", "dummy", "dummy","dummy", new Date(), new Date(), false));
return "index";
}
Main
package com.Alex.Mains;
#SpringBootApplication
#ComponentScan(basePackages = {
"com.Alex.JPA", "com.Alex.UserPackage", "com.Alex.Flights"
})
#EntityScan( basePackages = {"com.Alex.UserPackage", "com.Alex.Flights"})
#EnableJpaRepositories({"com.Alex.UserPackage", "com.Alex.Flights"})
public class JpaApplication {
public static void main(String[] args) {
SpringApplication.run(JpaApplication.class, args);
}
}
it seems like it is only looking in folders like /resources but doesn't go to look in /templates.
Solution is to define you own ViewResolver bean and set it up
https://www.baeldung.com/spring-mvc-view-resolver-tutorial
I am using Spring Boot v2.1.7 + HATEOAS + Spring Rest + Spring Security. When consumer doesn't pass the correct Custom Header in the request, say passes X-Accept-Version=v5, it gives me below error.
Error:
2020-03-26 15:44:48.201 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : POST "/employee-catalog-api/reference-types", parameters={}
2020-03-26 15:44:48.216 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler ["classpath:/META-INF/resources/", "classpath:/resources/", "classpath:/static/", "classpath:/public/", "/"]
2020-03-26 15:44:48.217 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] .m.c.d.m.p.s.SAMLUserIdentityServiceImpl : Trying to get UserId from Security Context
2020-03-26 15:44:48.224 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2020-03-26 15:44:48.234 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2020-03-26 15:44:48.234 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#5c85f23b
2020-03-26 15:44:48.234 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2020-03-26 15:44:48.254 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2020-03-26 15:44:48.254 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND
2020-03-26 15:44:48.258 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2020-03-26 15:44:48.258 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
Code:
#PostMapping(path = "/employee-types", headers = {X-Accept-Version=v1})
public ResponseEntity<Integer> saveEmployeeType(#Valid #RequestBody EmployeeDto employeeDto) {
.....
......
......
return new ResponseEntity<>(HttpStatus.OK);
}
Why its not coming to handleNoHandlerFoundException of the #ControllerAdvice ?
#Override
protected ResponseEntity<Object> handleNoHandlerFoundException(NoHandlerFoundException ex, HttpHeaders headers,
HttpStatus status, WebRequest request) {
...................
return handleExceptionInternal(ex, error, getHeaders(), HttpStatus.BAD_REQUEST, request);
}
I was able to solve this issue by taking a reference from : How to set default value of exported as false in rest resource spring data rest.
By adding below logic, it works greatly.
#Component
public class SpringRestConfiguration extends RepositoryRestConfigurerAdapter {
#Override
public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config) {
config.setRepositoryDetectionStrategy(RepositoryDetectionStrategy.RepositoryDetectionStrategies.ANNOTATED);
config.setExposeRepositoryMethodsByDefault(false);
}
}
I am using Swagger in a Spring boot application,
I somehow can access most of Swagger's endpoints such as /v2/api-docs, /swagger-resources but I can't figure out why /swagger-ui.html is not accessible.
I am using these dependencies:
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
</dependency>
here is my Swagger Config class:
#Configuration
#EnableSwagger2
public class SwaggerConfig {
#Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("app.controllers"))
.paths(PathSelectors.any())
.build();
}
}
Here is the interesting part of the log:
2017-12-27 14:12:09.896 DEBUG 10212 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /springfox/swagger-ui.html at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-12-27 14:12:09.896 DEBUG 10212 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /springfox/swagger-ui.html at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/v2/api-docs'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/configuration/ui'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/swagger-resources'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/configuration/security'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/swagger-ui.html'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/webjars/**'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /springfox/swagger-ui.html' doesn't match 'POST /login
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /springfox/swagger-ui.html; Attributes: [authenticated]
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#8f3b828e: Principal: 0001; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN, ROLE_USER
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter#45d0a23, returned: 1
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /springfox/swagger-ui.html reached end of additional filter chain; proceeding with original chain
2017-12-27 14:12:09.904 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/springfox/swagger-ui.html]
2017-12-27 14:12:09.906 DEBUG 10212 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /springfox/swagger-ui.html
2017-12-27 14:12:09.919 DEBUG 10212 --- [nio-8080-exec-1] .m.m.a.ExceptionHandlerExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
2017-12-27 14:12:09.920 DEBUG 10212 --- [nio-8080-exec-1] .w.s.m.a.ResponseStatusExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
2017-12-27 14:12:09.920 DEBUG 10212 --- [nio-8080-exec-1] .w.s.m.s.DefaultHandlerExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
2017-12-27 14:12:09.920 WARN 10212 --- [nio-8080-exec-1] o.s.web.servlet.PageNotFound : Request method 'GET' not supported
2017-12-27 14:12:09.921 DEBUG 10212 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl#8f3b828e: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#8f3b828e: Principal: 0001; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN, ROLE_USER' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade#3bcccd7c
2017-12-27 14:12:09.921 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2017-12-27 14:12:09.921 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Successfully completed request
2017-12-27 14:12:09.922 DEBUG 10212 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] o.s.b.w.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#203209de
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost] : Processing ErrorPage[errorCode=0, location=/error]
2017-12-27 14:12:09.928 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/error]
2017-12-27 14:12:09.928 DEBUG 10212 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /error
2017-12-27 14:12:09.930 DEBUG 10212 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity io.xhub.secusid.exception.SecusidErrorHandler.error(javax.servlet.http.HttpServletRequest)]
2017-12-27 14:12:09.930 DEBUG 10212 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'secusidErrorHandler'
2017-12-27 14:12:09.930 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/error] is: -1
2017-12-27 14:12:09.943 DEBUG 10212 --- [nio-8080-exec-1] i.x.s.exception.SecusidErrorHandler : Request method 'GET' not supported
org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
Try adding a class like this
#Configuration
public class WebMvcConfiguration extends WebMvcConfigurationSupport {
#Override
public void addResourceHandlers(final ResourceHandlerRegistry registry) {
// Make Swagger meta-data available via <baseURL>/v2/api-docs/
registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
// Make Swagger UI available via <baseURL>/swagger-ui.html
registry.addResourceHandler("/**").addResourceLocations("classpath:/META-INF/resources/");
}
}
I've tried Spring Boot with Spring Spring Security login with AngularJS. The problem is when I post object after login, I get thrown back to the login page.
Log
2017-02-20 18:06:35.738 DEBUG 5084 --- [nio-8080-exec-1] o.h.l.Loader : Done entity load
2017-02-20 18:06:35.739 DEBUG 5084 --- [nio-8080-exec-1] o.h.e.i.TwoPhaseLoad : Done materializing entity [com.sopiyan.uptd.entities.entity.User#10af7fb8-ad10-459c-b985-ec24744d4630]
2017-02-20 18:06:35.739 DEBUG 5084 --- [nio-8080-exec-1] o.s.o.j.EntityManagerFactoryUtils : Closing JPA EntityManager
2017-02-20 18:06:35.877 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:35.877 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'authenticationAuditListener'
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'auditListener'
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.a.a.l.AuditListener : AuditEvent [timestamp=Mon Feb 20 18:06:35 ICT 2017, principal=admin#uptd.com, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null}]
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy#1144175
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] w.a.UsernamePasswordAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#77cb72a0: Principal: com.sopiyan.uptd.services.impl.CurrentUser#8b80352f: Username: admin#uptd.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ADMIN
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.s.w.a.r.TokenBasedRememberMeServices : Did not send remember-me cookie (principal did not set parameter 'remember-me')
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.s.w.a.r.TokenBasedRememberMeServices : Remember-me login not requested.
2017-02-20 18:06:35.879 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:35.879 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'authenticationAuditListener'
2017-02-20 18:06:36.036 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Creating instance of bean 'com.fasterxml.jackson.databind.ser.std.DateSerializer'
2017-02-20 18:06:36.038 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
2017-02-20 18:06:36.068 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
2017-02-20 18:06:36.068 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
2017-02-20 18:06:36.070 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Finished creating instance of bean 'com.fasterxml.jackson.databind.ser.std.DateSerializer'
2017-02-20 18:06:36.077 DEBUG 5084 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : HttpSession being created as SecurityContext is non-default
2017-02-20 18:06:36.086 DEBUG 5084 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl#77cb72a0: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#77cb72a0: Principal: com.sopiyan.uptd.services.impl.CurrentUser#8b80352f: Username: admin#uptd.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ADMIN' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade#89f3f
2017-02-20 18:06:36.086 DEBUG 5084 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-02-20 18:06:36.086 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.w.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#1d44db8
2017-02-20 18:06:48.699 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.w.f.OrderedRequestContextFilter : Bound request context to thread: org.apache.catalina.connector.RequestFacade#1d44db8
2017-02-20 18:06:48.700 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.h.w.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#f54084
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 4 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2017-02-20 18:06:48.702 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2017-02-20 18:06:48.702 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'GET /logout
2017-02-20 18:06:48.702 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/logout'
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'PUT /logout
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'DELETE /logout
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : No matches found
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 5 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/login'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 6 of 13 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 7 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 8 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2017-02-20 18:06:48.706 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 9 of 13 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2017-02-20 18:06:48.706 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'GET /logout
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/logout'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'PUT /logout
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'DELETE /logout
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : No matches found
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/login'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/assets/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/public/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/upload/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/dashboard/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /dashboard/kategori; Attributes: [hasAuthority('ADMIN')]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2017-02-20 18:06:48.724 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.a.v.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter#176f32b, returned: -1
2017-02-20 18:06:48.742 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:48.742 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'authorizationAuditListener'
2017-02-20 18:06:48.743 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.a.a.l.AuditListener : AuditEvent [timestamp=Mon Feb 20 18:06:48 ICT 2017, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null, type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]
2017-02-20 18:06:48.743 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:177)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at com.sopiyan.uptd.config.security.UptdCorsFilter.doFilterInternal(UptdCorsFilter.java:103)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:474)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
2017-02-20 18:06:48.752 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
2017-02-20 18:06:48.752 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/**/favicon.ico'
2017-02-20 18:06:48.753 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.NegatedRequestMatcher : matches = true
2017-02-20 18:06:48.753 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager#1a6a2d0, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[application/json, text/plain, */*]
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/json
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/json = true
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.NegatedRequestMatcher : matches = false
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AndRequestMatcher : Did not match
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.s.HttpSessionRequestCache : Request not saved as configured RequestMatcher did not match
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2017-02-20 18:06:48.758 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/login'
2017-02-20 18:06:48.758 DEBUG 5084 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-02-20 18:06:48.777 DEBUG 5084 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-02-20 18:06:48.778 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.w.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#1d44db8
Security config
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/","/login", "/assets/**","/public/**","/upload/**")
.permitAll()
.antMatchers("/dashboard/**").hasAuthority("ADMIN")
.antMatchers("/secure2/**").hasAnyRole("ADMIN", "PENGRAJIN")
.anyRequest()
.authenticated()
.and()
.formLogin()
.successHandler(authenticationSuccesHandler)
.failureHandler(authenticationFailureHandler())
.usernameParameter("email")
.permitAll()
.and()
.logout()
.logoutSuccessHandler(logoutSucessHandler)
.deleteCookies("ingatsaya")
.permitAll()
.and()
.rememberMe()
.tokenValiditySeconds(31536000)
.and()
.csrf().disable();
}
Error message
XMLHttpRequest cannot load http://localhost:8080/dashboard/kategori. Redirect from 'http://localhost:8080/dashboard/kategori' to 'http://localhost:8080/login' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect
Steps
Login successful
When POST some data I get an error
As per the error: "blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect"
Assuming your browser is Chrome:
Try installing the Chrome extension of "Allow-Control-Allow-Origin". Then configure it by setting a rule at the header level "application/json;charset=utf-8" and of course the Intercepted URL parameter.