I'm trying to use Keycloak as SSO for Camunda and Spring app. I'm using this code:
https://github.com/camunda-consulting/code/tree/master/snippets/springboot-keycloak-sso/spring-security-and-springboot-adapter
I've made only two changes to this project:
First: Changed dependency of camunda keycloak plugin to:
<dependency>
<groupId>org.camunda.bpm.extension</groupId>
<artifactId>camunda-bpm-identity-keycloak</artifactId>
<version>2.0.0</version>
</dependency>
Second: Change of application properties (spring app is running 8081, keycloak 8080 for now):
keycloak:
realm: Workflow
auth-server-url: http://localhost:8080/auth
resource: camunda-identity-service
ssl-required: none
credentials.secret : f0fee400-1b19-4f41-a018-cdc5cc351b80
plugin.identity.keycloak:
keycloakIssuerUrl: https://localhost:8080/auth/realms/Workflow
keycloakAdminUrl: https://localhost:8080/auth/admin/realms/Workflow
clientId: camunda-identity-service
clientSecret: f0fee400-1b19-4f41-a018-cdc5cc351b80
useUsernameAsCamundaUserId: true
disableSSLCertificateValidation: true
After trying to get to spring app I'm redirected to login page but I'm getting "This connection has ben lost" in browser. I've enabled keycloak logs:
2021-01-26 11:44:38.686 DEBUG 19200 --- [nio-8081-exec-3] o.k.a.s.management.HttpSessionManager : Session created: EFE6D48E75B809FF544F1E051D8C18CD
2021-01-26 11:44:38.686 DEBUG 19200 --- [nio-8081-exec-3] k.a.s.a.KeycloakAuthenticationEntryPoint : Redirecting to login URI /sso/login
2021-01-26 11:44:38.695 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:8081/sso/login
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] .k.a.t.AbstractAuthenticatedActionsValve : AuthenticatedActionsValve.invoke /sso/login
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:8081/sso/login
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:8081/sso/login
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] f.KeycloakAuthenticationProcessingFilter : Request is to process authentication
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] f.KeycloakAuthenticationProcessingFilter : Attempting Keycloak authentication
2021-01-26 11:44:38.701 DEBUG 19200 --- [nio-8081-exec-2] o.k.a.s.token.SpringSecurityTokenStore : Checking if org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticator#4bfbad9a is cached
2021-01-26 11:44:38.702 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.OAuthRequestAuthenticator : there was no code
2021-01-26 11:44:38.702 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server
2021-01-26 11:44:38.703 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.OAuthRequestAuthenticator : callback uri: http://localhost:8081/sso/login
2021-01-26 11:44:38.704 DEBUG 19200 --- [nio-8081-exec-2] f.KeycloakAuthenticationProcessingFilter : Auth outcome: NOT_ATTEMPTED
2021-01-26 11:44:38.704 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.OAuthRequestAuthenticator : Sending redirect to login page: http://localhost:8080/auth/realms/Workflow/protocol/openid-connect/auth?response_type=code&client_id=camunda-identity-service&redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fsso%2Flogin&state=a1e3b3be-422f-48e4-98a4-262817ff4349&login=true&scope=openid
What am I'm doing wrong that I can't see login page?
EDIT 1:
I changed localhost to 127.0.0.1 and now I'm redirected to form but getting this message: Invalid parameter: redirect_uri . To solve this problem I used this thread -> keycloak Invalid parameter: redirect_uri
Related
I have a strange problem. I migrated a SpringBoot 2.7.7 application to SpringBoot 3.0.2.
In some controllers I defined endpoints which return a Mono<ResponseEntity<String>>.
A service for example declares a function to send an eMail via webclient like this:
fun sendMail(mail: Mail): Mono<String> {
return factory.requestFor(mail)
.retrieve()
.toBodilessEntity()
.map { "${it.statusCode}: ${it.body}" }
.doOnSuccess { logger.debug("Request successful: $it") }
.doOnError { logger.error("Error occured sending an email: ${it.message}") }
}
The controller calls the service like that:
#PostMapping("/mail")
fun sendTestMail(#RequestBody mail: TestMail): Mono<ResponseEntity<String>> {
return sampleService.sendMail(mail)
.map {
ResponseEntity.ok("")
}
.onErrorResume {
return#onErrorResume Mono.just(
ResponseEntity
.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body(it.localizedMessage)
)
}
}
As stated in the title, this code works with SpringBoot 2.7.7 and returns http 200. However with SpringBoot 3.0.2 all code gets executed, the mail is send but the REST endpoint returns http 401.
If the request is not authenticated with a jwt token my auth filter works correctly and rejects the request. The #PreAuthorize annotation also works and rejects requests with a faulty role.
I am not sure if I missed any migration topics for webclient calls.
Update SpringSecurity TRACE logs:
2023-02-16 12:50:32.074 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Or [Mvc [pattern='/actuator/**'], Mvc [pattern='/v3/api-docs/**'], Mvc [pattern='/swagger/**']], Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter#2c82ba48, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#304a572b, org.springframework.security.web.context.SecurityContextHolderFilter#16cfb949, org.springframework.security.web.header.HeaderWriterFilter#2f83993e, org.springframework.security.web.authentication.logout.LogoutFilter#71c63303, org.springframework.security.web.authentication.www.BasicAuthenticationFilter#ef244cf, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#2bd4bd7a, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#182d9b57, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#62c46e54, org.springframework.security.web.session.SessionManagementFilter#2cbc1036, org.springframework.security.web.access.ExceptionTranslationFilter#3ea070ca, org.springframework.security.web.access.intercept.AuthorizationFilter#741a2b1b]] (1/2)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter#5048d2e6, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#d701f6f, org.springframework.security.web.context.SecurityContextHolderFilter#388f1f0d, org.springframework.security.web.header.HeaderWriterFilter#63fa5fb5, com..config.FilterChainExceptionHandler#759b5453, com.config.JwtAuthTokenFilter#1fc978f1, org.springframework.security.web.authentication.logout.LogoutFilter#3bfe17d3, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#3381b921, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#2edc4925, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#900560c, org.springframework.security.web.session.SessionManagementFilter#547d3cca, org.springframework.security.web.access.ExceptionTranslationFilter#f114f2b, org.springframework.security.web.access.intercept.AuthorizationFilter#6c1f390c]] (2/2)
2023-02-16 12:50:32.075 =DEBUG n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Securing POST /initpasswordreset
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/13)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking FilterChainExceptionHandler (5/13)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking JwtAuthTokenFilter (6/13)
2023-02-16 12:50:32.109 =TRACE n/a --- [nio-8080-exec-7] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2023-02-16 12:50:32.120 = INFO n/a --- [nio-8080-exec-7] c.e.auth.RefreshTokenService : Update RefreshToken validFrom for user test
2023-02-16 12:50:32.135 =DEBUG n/a --- [nio-8080-exec-7] c.e.config.JwtAuthTokenFilter : API request to </initpasswordreset> with token <true>
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (7/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Did not set SecurityContextHolder since already authenticated UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=test, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[ROLE_APP_USER, ROLE_USER]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_APP_USER, ROLE_USER]]
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] s.CompositeSessionAuthenticationStrategy : Preparing session with ChangeSessionIdAuthenticationStrategy (1/1)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (13/13)
2023-02-16 12:50:32.136 =DEBUG n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Secured POST /initpasswordreset
2023-02-16 12:50:32.149 =DEBUG n/a --- [nio-8080-exec-7] horizationManagerBeforeMethodInterceptor : Authorizing method invocation ReflectiveMethodInvocation: public java.lang.String com.passwordreset.rest.ResetTokenService.createPasswordResetTokenForUser(comuser.domain.User); target is of class [com.passwordreset.rest.ResetTokenService]
2023-02-16 12:50:32.150 =DEBUG n/a --- [nio-8080-exec-7] horizationManagerBeforeMethodInterceptor : Authorized method invocation ReflectiveMethodInvocation: public java.lang.String com.passwordreset.rest.ResetTokenService.createPasswordResetTokenForUser(com.user.domain.User); target is of class [com.passwordreset.rest.ResetTokenService]
2023-02-16 12:50:32.168 =TRACE n/a --- [nio-8080-exec-7] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
2023-02-16T12:50:32.290+01:00 =DEBUG 80044 --- [ctor-http-nio-4] r.netty.http.client.HttpClientConnect : [91ad2cec-1, L:/ip:port - R:test-servicegateway.test.com/195.35.76.39:443] Handler is being applied: {uri=https://servicegateway.test.com/api, method=POST}
2023-02-16T12:50:32.371+01:00 =DEBUG 80044 --- [ctor-http-nio-4] r.n.http.client.HttpClientOperations : [91ad2cec-1, L:/ip:port - R:test-servicegateway.test.com/195.35.76.39:443] Received response (auto-read:false) : RESPONSE(decodeResult: success, version: HTTP/1.1)
HTTP/1.1 200 OK
Strict-Transport-Security: <filtered>
X-XSS-Protection: <filtered>
X-Content-Type-Options: <filtered>
Date: <filtered>
Server: <filtered>
X-Backside-Transport: <filtered>
Content-Type: <filtered>
X-Global-Transaction-ID: <filtered>
Content-Length: <filtered>
2023-02-16T12:50:32.372+01:00 =DEBUG 80044 --- [ctor-http-nio-4] r.n.http.client.HttpClientOperations : [91ad2cec-1, L:/ip:port - R:test-servicegateway.test.com/ip:443] Received last HTTP packet
2023-02-16 12:50:32.372 =DEBUG n/a --- [ctor-http-nio-4] c.e.adapters.mail.MailClient : Request successful: 200 OK: null
2023-02-16 12:50:32.372 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Or [Mvc [pattern='/actuator/**'], Mvc [pattern='/v3/api-docs/**'], Mvc [pattern='/swagger/**']], Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter#2c82ba48, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#304a572b, org.springframework.security.web.context.SecurityContextHolderFilter#16cfb949, org.springframework.security.web.header.HeaderWriterFilter#2f83993e, org.springframework.security.web.authentication.logout.LogoutFilter#71c63303, org.springframework.security.web.authentication.www.BasicAuthenticationFilter#ef244cf, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#2bd4bd7a, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#182d9b57, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#62c46e54, org.springframework.security.web.session.SessionManagementFilter#2cbc1036, org.springframework.security.web.access.ExceptionTranslationFilter#3ea070ca, org.springframework.security.web.access.intercept.AuthorizationFilter#741a2b1b]] (1/2)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter#5048d2e6, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#d701f6f, org.springframework.security.web.context.SecurityContextHolderFilter#388f1f0d, org.springframework.security.web.header.HeaderWriterFilter#63fa5fb5, com..config.FilterChainExceptionHandler#759b5453, com.config.JwtAuthTokenFilter#1fc978f1, org.springframework.security.web.authentication.logout.LogoutFilter#3bfe17d3, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#3381b921, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#2edc4925, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#900560c, org.springframework.security.web.session.SessionManagementFilter#547d3cca, org.springframework.security.web.access.ExceptionTranslationFilter#f114f2b, org.springframework.security.web.access.intercept.AuthorizationFilter#6c1f390c]] (2/2)
2023-02-16 12:50:32.373 =DEBUG n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Securing POST /initpasswordreset
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking FilterChainExceptionHandler (5/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking JwtAuthTokenFilter (6/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (7/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (13/13)
2023-02-16 12:50:32.374 =TRACE n/a --- [nio-8080-exec-8] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2023-02-16 12:50:32.374 =TRACE n/a --- [nio-8080-exec-8] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
I am not sure why the chain is excuted again after the business logic is executed. Do I need to persist the SecurityContext in this case manually?
I try to use Google SSO with a Spring Boot application.
I've added this dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
and these properties:
spring.security.oauth2.client.registration.google.client-id=...
spring.security.oauth2.client.registration.google.client-secret=...
and it works. When trying to use an endpoint, I'm redirected to Google login screen, and after that I'm able to retrieve the user id on the server side.
Now, when I try to remove authentication for public endpoints, notably Swagger, I do that:
#Configuration
public class SecurityConfiguration {
#Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authz) -> authz
.mvcMatchers("/foo",
"/bar",
"/v3/api-docs/**",
"/swagger-ui/**",
"/swagger-ui.html")
.permitAll()
.anyRequest().authenticated())
.oauth2Client();
return http.csrf().disable().build();
}
}
I can then access public endpoints, but for protected endpoints I get an HTTP 403 without being redirected to the login page! My writing might not be correct, most of docs out there use the deprecated WebSecurityConfigurerAdapter.
In my understanding, I should get a token from Google before calling a secured endpoint. How could I add a "login with Google" button to Swagger and use the token to call a secured endpoint?
The log says:
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer : Before fill(): parsingHeader: [true], parsingRequestLine: [true], parsingRequestLinePhase: [0], parsingRequestLineStart: [0], byteBuffer.position(): [0], byteBuffer.limit(): [0], end: [613]
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] o.a.tomcat.util.net.SocketWrapperBase : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper#1a16ddaf:org.apache.tomcat.util.net.NioChannel#14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read from buffer: [0]
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.net.NioEndpoint : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper#1a16ddaf:org.apache.tomcat.util.net.NioChannel#14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read direct from socket: [613]
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer : Received [GET /foo/ HTTP/1.1
Host: localhost:8080
Connection: keep-alive
sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"
accept: */*
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
sec-ch-ua-platform: "macOS"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/swagger-ui/index.html
Accept-Encoding: gzip, deflate, br
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: JSESSIONID=D2C74B3FC7E65CB64D4E6BD87B1172E2
]
2022-08-07 11:10:52.123 DEBUG 2830 --- [nio-8080-exec-7] o.a.t.util.http.Rfc6265CookieProcessor : Cookies: Parsing b[]: JSESSIONID=D2C74B3FC7E65CB64D4E6BD87B1172E2
2022-08-07 11:10:52.123 DEBUG 2830 --- [nio-8080-exec-7] o.a.catalina.connector.CoyoteAdapter : Requested cookie session id is D2C74B3FC7E65CB64D4E6BD87B1172E2
2022-08-07 11:10:52.123 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.authenticator.AuthenticatorBase : Security checking request GET /foo/
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] org.apache.catalina.realm.RealmBase : No applicable constraints defined
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.authenticator.AuthenticatorBase : Not subject to any constraint
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Securing GET /foo/
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : Loaded matching saved request http://localhost:8080/foo/
2022-08-07 11:10:52.127 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2022-08-07 11:10:52.128 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
2022-08-07 11:10:52.128 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/foo/ to session
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.c.C.[Tomcat].[localhost] : Processing ErrorPage[errorCode=0, location=/error]
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Securing GET /error
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Secured GET /error
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Disabling the response for further output
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer : Before fill(): parsingHeader: [true], parsingRequestLine: [true], parsingRequestLinePhase: [0], parsingRequestLineStart: [0], byteBuffer.position(): [0], byteBuffer.limit(): [0], end: [613]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.a.tomcat.util.net.SocketWrapperBase : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper#1a16ddaf:org.apache.tomcat.util.net.NioChannel#14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read from buffer: [0]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.net.NioEndpoint : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper#1a16ddaf:org.apache.tomcat.util.net.NioChannel#14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read direct from socket: [0]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer : Received []
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.apache.coyote.http11.Http11Processor : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper#1a16ddaf:org.apache.tomcat.util.net.NioChannel#14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Status in: [OPEN_READ], State out: [OPEN]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.net.NioEndpoint : Registered read interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper#1a16ddaf:org.apache.tomcat.util.net.NioChannel#14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]]
2022-08-07 11:11:10.393 DEBUG 2830 --- [l-1 housekeeper] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Pool stats (total=10, active=0, idle=10, waiting=0)
2022-08-07 11:11:10.393 DEBUG 2830 --- [l-1 housekeeper] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Fill pool skipped, pool is at sufficient level.
I've changed .oauth2Client(); to .oauth2Login(); and it works.
I have a Spring boot app and I am trying to add swagger to it.
However, after activating SSL, swagger cannot load the resources.
The dependencies I am using in gradle are
implementation("org.springdoc:springdoc-openapi-ui:1.6.6")
implementation("org.springdoc:springdoc-openapi-kotlin:1.6.6")
implementation("org.springdoc:springdoc-openapi-security:1.6.6")
There might be a problem with my HttpSecurityConfig
override fun configure(http: HttpSecurity?) {
http!!.csrf().disable()
.sessionManagement().sessionCreationPolicy(STATELESS)
.and()
.requiresChannel {
it.anyRequest().requiresSecure()
}
.authorizeRequests().antMatchers("auth/refresh")
.permitAll()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.successForwardUrl("/home")
.and()
.addFilter(CustomAuthenticationManager(authenticationManagerBean(), jwtService, encoder()))
.addFilterBefore(
JwtAuthenticationFilter(userDetailsService, jwtService, JWT_AUTH_WHITELIST, SWAGGER_WHITELIST_PREFIX),
UsernamePasswordAuthenticationFilter::class.java
)
}
I have tried adding a swagger whitelist or something, but still doesn't resolve the issue.
I have tried configuring web security like that
override fun configure(web: WebSecurity?) {
web!!.ignoring()
// allow anonymous resource requests
.antMatchers(
HttpMethod.GET,
"/",
"/v3/api-docs", // swagger
"/webjars/**", // swagger-ui webjars
"/swagger-resources/**", // swagger-ui resources
"/configuration/**", // swagger configuration
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/swagger-ui/"
)
}
but to no avail.
As for the properties that I am using for the ssl config
server.ssl.key-store=classpath:springboot.p12
server.ssl.key-store-password=password
server.ssl.key-store-type=pkcs12
server.ssl.key-password=password
server.ssl.enabled=true
server.port=8443
And the debug message upon every attempt to go to the swagger home page is
2022-03-24 21:14:49.167 INFO 124836 --- [nio-8443-exec-4] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-03-24 21:14:49.167 INFO 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2022-03-24 21:14:49.167 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Detected StandardServletMultipartResolver
2022-03-24 21:14:49.167 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Detected AcceptHeaderLocaleResolver
2022-03-24 21:14:49.167 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Detected FixedThemeResolver
2022-03-24 21:14:49.170 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator#6a175162
2022-03-24 21:14:49.171 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Detected org.springframework.web.servlet.support.SessionFlashMapManager#6da86e98
2022-03-24 21:14:49.171 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data
2022-03-24 21:14:49.171 INFO 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Completed initialization in 4 ms
2022-03-24 21:14:49.217 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : GET "/swagger-ui/", parameters={}
2022-03-24 21:14:49.240 DEBUG 124836 --- [nio-8443-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/webjars/]]
2022-03-24 21:14:49.249 DEBUG 124836 --- [nio-8443-exec-4] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2022-03-24 21:14:49.250 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND
2022-03-24 21:14:49.260 DEBUG 124836 --- [nio-8443-exec-4] o.s.security.web.FilterChainProxy : Securing GET /error
2022-03-24 21:14:49.263 DEBUG 124836 --- [nio-8443-exec-4] o.s.s.w.a.c.ChannelProcessingFilter : Request: filter invocation [GET /error]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
2022-03-24 21:14:49.265 DEBUG 124836 --- [nio-8443-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-03-24 21:14:49.268 DEBUG 124836 --- [nio-8443-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2022-03-24 21:14:49.269 DEBUG 124836 --- [nio-8443-exec-4] o.s.s.w.session.SessionManagementFilter : Request requested invalid session id 16CDDEC21653310720625F5BEF0EF604
2022-03-24 21:14:49.270 DEBUG 124836 --- [nio-8443-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Authorized public object filter invocation [GET /error]
2022-03-24 21:14:49.272 DEBUG 124836 --- [nio-8443-exec-4] o.s.security.web.FilterChainProxy : Secured GET /error
2022-03-24 21:14:49.272 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for GET "/error", parameters={}
2022-03-24 21:14:49.277 DEBUG 124836 --- [nio-8443-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
2022-03-24 21:14:49.318 DEBUG 124836 --- [nio-8443-exec-4] o.s.w.s.v.ContentNegotiatingViewResolver : Selected 'text/html' given [text/html, text/html;q=0.8]
2022-03-24 21:14:49.326 DEBUG 124836 --- [nio-8443-exec-4] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 404
2022-03-24 21:14:49.326 DEBUG 124836 --- [nio-8443-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
I have tried following other SO answers, like configuring web mvc configures, adding resource and location handlers, but to no avail. If I switch off the ssl, everything works just fine.
As far as I understand the issue is the access to the internal resources or maybe the path the resources.
Maybe I could bypass it by having it run on a different app?
I`m setting up a Keycloak instance to work with spring boot app with spring security included. I use postman to test the service. I start with getting new access token and that works fine. When I do a HTTP GET call to secured endpoint - everything goes ok, staff is returned. But when I do a HTTP POST/PUT/DELETE call to secured endpoint Keycloak says Error 403 Forbidden. Please take a look and tell me what goes wrong.
I have already tested http.csrf().disable() option, and then works fine, but it is not the solution for production.
SecurityConfig.java
#Configuration
#EnableWebSecurity
#ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
#Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
#Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
#Bean
#Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
#Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.authorizeRequests()
.antMatchers( "/api/**").hasRole("my_admin")
.anyRequest().permitAll();
}
application.yml:
keycloak:
auth-server-url: http://localhost:11080/auth
realm: myrealm
resource: myclient
public-client: true
principal-attribute: preferred_username
ssl-required: external
use-resource-role-mappings: true
Some logs from application (keycloak trace log level):
2019-04-01 14:04:54.741 DEBUG 2952 --- [io-1080-exec-10] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:1080/api/my-endpoint
2019-04-01 14:04:54.741 DEBUG 2952 --- [io-1080-exec-10] .k.a.t.AbstractAuthenticatedActionsValve : AuthenticatedActionsValve.invoke /api/my-endpoint
2019-04-01 14:04:54.741 DEBUG 2952 --- [io-1080-exec-10] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:1080/api/my-endpoint
2019-04-01 14:04:54.741 DEBUG 2952 --- [io-1080-exec-10] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2019-04-01 14:04:54.742 DEBUG 2952 --- [io-1080-exec-10] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:1080/error
2019-04-01 14:04:54.743 DEBUG 2952 --- [io-1080-exec-10] f.KeycloakAuthenticationProcessingFilter : Request is to process authentication
2019-04-01 14:04:54.743 DEBUG 2952 --- [io-1080-exec-10] f.KeycloakAuthenticationProcessingFilter : Attempting Keycloak authentication
2019-04-01 14:04:54.743 TRACE 2952 --- [io-1080-exec-10] o.k.adapters.RequestAuthenticator : --> authenticate()
2019-04-01 14:04:54.743 TRACE 2952 --- [io-1080-exec-10] o.k.adapters.RequestAuthenticator : try bearer
2019-04-01 14:04:54.743 DEBUG 2952 --- [io-1080-exec-10] o.k.a.BearerTokenRequestAuthenticator : Found [1] values in authorization header, selecting the first value for Bearer.
2019-04-01 14:04:54.743 DEBUG 2952 --- [io-1080-exec-10] o.k.a.BearerTokenRequestAuthenticator : Verifying access_token
2019-04-01 14:04:54.743 TRACE 2952 --- [io-1080-exec-10] o.k.a.BearerTokenRequestAuthenticator : access_token: eyJhbs...blablab....signature
2019-04-01 14:04:54.744 DEBUG 2952 --- [io-1080-exec-10] o.k.a.BearerTokenRequestAuthenticator : successful authorized
2019-04-01 14:04:54.744 TRACE 2952 --- [io-1080-exec-10] o.k.a.RefreshableKeycloakSecurityContext : checking whether to refresh.
2019-04-01 14:04:54.744 TRACE 2952 --- [io-1080-exec-10] org.keycloak.adapters.AdapterUtils : useResourceRoleMappings
2019-04-01 14:04:54.744 TRACE 2952 --- [io-1080-exec-10] org.keycloak.adapters.AdapterUtils : Setting roles:
2019-04-01 14:04:54.744 TRACE 2952 --- [io-1080-exec-10] org.keycloak.adapters.AdapterUtils : role: my_admin
2019-04-01 14:04:54.744 DEBUG 2952 --- [io-1080-exec-10] a.s.a.SpringSecurityRequestAuthenticator : Completing bearer authentication. Bearer roles: [my_admin]
2019-04-01 14:04:54.745 DEBUG 2952 --- [io-1080-exec-10] o.k.adapters.RequestAuthenticator : User 'my_user' invoking 'http://localhost:1080/error' on client 'myclient'
2019-04-01 14:04:54.745 DEBUG 2952 --- [io-1080-exec-10] o.k.adapters.RequestAuthenticator : Bearer AUTHENTICATED
2019-04-01 14:04:54.745 DEBUG 2952 --- [io-1080-exec-10] f.KeycloakAuthenticationProcessingFilter : Auth outcome: AUTHENTICATED
2019-04-01 14:04:54.745 DEBUG 2952 --- [io-1080-exec-10] f.KeycloakAuthenticationProcessingFilter : Authentication success using bearer token/basic authentication. Updating SecurityContextHolder to contain: org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken#fb0506b7: Principal: my_user; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount#ecf147d; Granted Authorities: ROLE_my_admin
2019-04-01 14:04:54.745 DEBUG 2952 --- [io-1080-exec-10] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:1080/error
2019-04-01 14:04:54.745 DEBUG 2952 --- [io-1080-exec-10] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
you should do two followings config:
disable csrf in spring config http.csrf().disable()
define role in client instead of realm and assign user a client level role
I found out that I have not used CSRF token in ajax requests. Spring Security automatically enables CSRF protection. CSRF token is automatically generated for first call of web service and it has session scope. You need to save that token in meta tag. It is required to include CSRF token to every non-GET request (GET requests are not needed to be protected with CSRF token, beacuse they are designed to non-modifying API calls).
Solution: Just need to include that line in header of html page (thymeleaf):
<html xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<meta id="_csrf" name="_csrf" th:content="${_csrf.token}"/>
and use it in ajax call in header:
headers: {
'X-CSRF-TOKEN': $('#_csrf').attr('content')
},
It is a CSRF protection provided by Spring Security. Do you really need this protection with Keycloak token? The token is only included in the cookie or it is also present in the Authorization header?
I have a spring boot application, (spring 5.0.7.Release , spring boot version 2.0.3).
Where I try to login from my angular 4 app, I get an error 500
{"timestamp":"2018-07-13","status":500,"error":"Internal Server Error","message":"org.springframework.session.MapSession.getCreationTime()Ljava/time/Instant;","path":"/security/signIn/password"}
But in eclipse my console show only this
2018-07-13 12:11:59.243 DEBUG 64187 --- [nio-9000-exec-2]
f.p.a.c.CustomBasicAuthenticationFilter : Authentication success:
org.springframework.security.authentication.UsernamePasswordAuthenticationToken#aa6b860d:
Principal:
fr.pangeeconseil.purchase.core.domain.security.AuthenticatedUserDTO#75136264;
Credentials: [PROTECTED]; Authenticated: true; Details:
org.springframework.security.web.authentication.WebAuthenticationDetails#b364:
RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted
Authorities: SUPER_ADMINISTRATOR 2018-07-13 12:11:59.306 DEBUG 64187
--- [nio-9000-exec-2] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing POST
request for [/error] 2018-07-13 12:11:59.311 DEBUG 64187 ---
[nio-9000-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking
up handler method for path /error 2018-07-13 12:11:59.313 DEBUG 64187
--- [nio-9000-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public
org.springframework.http.ResponseEntity>
org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest)]
2018-07-13 12:11:59.314 DEBUG 64187 --- [nio-9000-exec-2]
f.p.a.c.web.CustomWebContentInterceptor : Looking up cache seconds
for [/error] 2018-07-13 12:11:59.314 DEBUG 64187 --- [nio-9000-exec-2]
f.p.a.c.web.CustomWebContentInterceptor : Applying default cache
seconds to [/error] 2018-07-13 12:11:59.402 DEBUG 64187 ---
[nio-9000-exec-2] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Written
[{timestamp=Fri Jul 13 12:11:59 CEST 2018, status=500, error=Internal
Server Error,
message=org.springframework.session.MapSession.getCreationTime()Ljava/time/Instant;,
path=/security/signIn/password}] as "application/json" using
[org.springframework.http.converter.json.MappingJackson2HttpMessageConverter#305deb42]
2018-07-13 12:11:59.403 DEBUG 64187 --- [nio-9000-exec-2]
o.s.web.servlet.DispatcherServlet : Null ModelAndView returned
to DispatcherServlet with name 'dispatcherServlet': assuming
HandlerAdapter completed request handling 2018-07-13 12:11:59.404
DEBUG 64187 --- [nio-9000-exec-2] o.s.web.servlet.DispatcherServlet
: Successfully completed request
Important informations :
we use redis session with the following reference in our gradle.build
compile 'org.springframework.data:spring-data-redis:2.0.8.RELEASE'
compile "org.springframework.session:spring-session:1.3.3.RELEASE"
compile "org.springframework.session:spring-session-core:2.0.0.RELEASE"
compile "org.springframework.session:spring-session-data-redis:2.0.4.RELEASE"
Here is our SecurityConfig : https://gist.github.com/RemiBou/fe3a28644cddf8b4e72ad9fdeb26d24e
I'm a very beginner with spring/spring boot so it might be obvious but I couldn't find anything online.
I figured it out : spring-session is obsolete, I needed to remove it, and change a few things in securityConfiguration because some classes where removed / renamed.