I am trying to integrate a Spring boot based application with and IDp that is using componentSpace lib for SAML.
The Spring application (service provider) working fine with other Idp like Octa. But while integrating with component Space it is facing issues and getting following error.
Differences when I compared the logs with Octa request:
Octa is sending Get request while from component space it is post request.
From Octa I am able to get userid (the login id) but from component space it is comping as anonymousUser.
So my question is can we hit Get request instead of Post. And any reason why it is not setting userId value?
Logs:
2020-12-16 07:00:55.800 TRACE 9144 --- [nio-8443-exec-1] o.s.security.web.FilterChainProxy : No security for POST /saml/sso
2020-12-16 07:00:55.800 TRACE 9144 --- [nio-8443-exec-1] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2020-12-16 07:00:55.800 TRACE 9144 --- [nio-8443-exec-1] o.s.s.w.s.HttpSessionRequestCache : No saved request
2020-12-16 07:00:55.800 TRACE 9144 --- [nio-8443-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2020-12-16 07:00:55.803 TRACE 9144 --- [nio-8443-exec-1] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2020-12-16 07:00:56.809 TRACE 9144 --- [nio-8443-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.9.109.194, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2020-12-16 07:00:56.810 TRACE 9144 --- [nio-8443-exec-1] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2020-12-16 07:00:56.810 TRACE 9144 --- [nio-8443-exec-1] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2020-12-16 07:00:56.810 TRACE 9144 --- [nio-8443-exec-1] o.s.security.web.FilterChainProxy : Invoking FilterSecurityInterceptor (13/13)
2020-12-16 07:00:56.811 TRACE 9144 --- [nio-8443-exec-1] edFilterInvocationSecurityMetadataSource : Did not match request to Ant [pattern='/saml**', OPTIONS] - [hasAnyRole('ROLE_')] (1/2)
2020-12-16 07:00:57.501 TRACE 9144 --- [nio-8443-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Did not re-authenticate AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.9.109.194, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] before authorizing
2020-12-16 07:00:57.502 TRACE 9144 --- [nio-8443-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Authorizing filter invocation [POST /saml/sso] with attributes [authenticated]
2020-12-16 07:01:03.577 TRACE 9144 --- [nio-8443-exec-1] o.s.s.w.a.expression.WebExpressionVoter : Voted to deny authorization
2020-12-16 07:01:03.580 TRACE 9144 --- [nio-8443-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Failed to authorize filter invocation [POST /saml/sso] with attributes [authenticated] using AffirmativeBased [DecisionVoters=[org.springframework.security.web.access.expression.WebExpressionVoter#24cfcf19], AllowIfAllAbstainDecisions=false]
2020-12-16 07:01:03.709 TRACE 9144 --- [nio-8443-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2020-12-16 07:01:03.709 TRACE 9144 --- [nio-8443-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'liveReloadServerEventListener'
2020-12-16 07:01:03.736 TRACE 9144 --- [nio-8443-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.9.109.194, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73) ~[spring-security-core-5.4.1.jar:5.4.1]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization(AbstractSecurityInterceptor.java:238) ~[spring-security-core-5.4.1.jar:5.4.1]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:208) ~[spring-security-core-5.4.1.jar:5.4.1]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113) ~[spring-security-web-5.4.1.jar:5.4.1]
Related
I have a strange problem. I migrated a SpringBoot 2.7.7 application to SpringBoot 3.0.2.
In some controllers I defined endpoints which return a Mono<ResponseEntity<String>>.
A service for example declares a function to send an eMail via webclient like this:
fun sendMail(mail: Mail): Mono<String> {
return factory.requestFor(mail)
.retrieve()
.toBodilessEntity()
.map { "${it.statusCode}: ${it.body}" }
.doOnSuccess { logger.debug("Request successful: $it") }
.doOnError { logger.error("Error occured sending an email: ${it.message}") }
}
The controller calls the service like that:
#PostMapping("/mail")
fun sendTestMail(#RequestBody mail: TestMail): Mono<ResponseEntity<String>> {
return sampleService.sendMail(mail)
.map {
ResponseEntity.ok("")
}
.onErrorResume {
return#onErrorResume Mono.just(
ResponseEntity
.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body(it.localizedMessage)
)
}
}
As stated in the title, this code works with SpringBoot 2.7.7 and returns http 200. However with SpringBoot 3.0.2 all code gets executed, the mail is send but the REST endpoint returns http 401.
If the request is not authenticated with a jwt token my auth filter works correctly and rejects the request. The #PreAuthorize annotation also works and rejects requests with a faulty role.
I am not sure if I missed any migration topics for webclient calls.
Update SpringSecurity TRACE logs:
2023-02-16 12:50:32.074 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Or [Mvc [pattern='/actuator/**'], Mvc [pattern='/v3/api-docs/**'], Mvc [pattern='/swagger/**']], Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter#2c82ba48, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#304a572b, org.springframework.security.web.context.SecurityContextHolderFilter#16cfb949, org.springframework.security.web.header.HeaderWriterFilter#2f83993e, org.springframework.security.web.authentication.logout.LogoutFilter#71c63303, org.springframework.security.web.authentication.www.BasicAuthenticationFilter#ef244cf, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#2bd4bd7a, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#182d9b57, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#62c46e54, org.springframework.security.web.session.SessionManagementFilter#2cbc1036, org.springframework.security.web.access.ExceptionTranslationFilter#3ea070ca, org.springframework.security.web.access.intercept.AuthorizationFilter#741a2b1b]] (1/2)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter#5048d2e6, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#d701f6f, org.springframework.security.web.context.SecurityContextHolderFilter#388f1f0d, org.springframework.security.web.header.HeaderWriterFilter#63fa5fb5, com..config.FilterChainExceptionHandler#759b5453, com.config.JwtAuthTokenFilter#1fc978f1, org.springframework.security.web.authentication.logout.LogoutFilter#3bfe17d3, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#3381b921, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#2edc4925, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#900560c, org.springframework.security.web.session.SessionManagementFilter#547d3cca, org.springframework.security.web.access.ExceptionTranslationFilter#f114f2b, org.springframework.security.web.access.intercept.AuthorizationFilter#6c1f390c]] (2/2)
2023-02-16 12:50:32.075 =DEBUG n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Securing POST /initpasswordreset
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/13)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking FilterChainExceptionHandler (5/13)
2023-02-16 12:50:32.075 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking JwtAuthTokenFilter (6/13)
2023-02-16 12:50:32.109 =TRACE n/a --- [nio-8080-exec-7] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2023-02-16 12:50:32.120 = INFO n/a --- [nio-8080-exec-7] c.e.auth.RefreshTokenService : Update RefreshToken validFrom for user test
2023-02-16 12:50:32.135 =DEBUG n/a --- [nio-8080-exec-7] c.e.config.JwtAuthTokenFilter : API request to </initpasswordreset> with token <true>
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (7/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Did not set SecurityContextHolder since already authenticated UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=test, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[ROLE_APP_USER, ROLE_USER]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_APP_USER, ROLE_USER]]
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] s.CompositeSessionAuthenticationStrategy : Preparing session with ChangeSessionIdAuthenticationStrategy (1/1)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2023-02-16 12:50:32.135 =TRACE n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (13/13)
2023-02-16 12:50:32.136 =DEBUG n/a --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Secured POST /initpasswordreset
2023-02-16 12:50:32.149 =DEBUG n/a --- [nio-8080-exec-7] horizationManagerBeforeMethodInterceptor : Authorizing method invocation ReflectiveMethodInvocation: public java.lang.String com.passwordreset.rest.ResetTokenService.createPasswordResetTokenForUser(comuser.domain.User); target is of class [com.passwordreset.rest.ResetTokenService]
2023-02-16 12:50:32.150 =DEBUG n/a --- [nio-8080-exec-7] horizationManagerBeforeMethodInterceptor : Authorized method invocation ReflectiveMethodInvocation: public java.lang.String com.passwordreset.rest.ResetTokenService.createPasswordResetTokenForUser(com.user.domain.User); target is of class [com.passwordreset.rest.ResetTokenService]
2023-02-16 12:50:32.168 =TRACE n/a --- [nio-8080-exec-7] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
2023-02-16T12:50:32.290+01:00 =DEBUG 80044 --- [ctor-http-nio-4] r.netty.http.client.HttpClientConnect : [91ad2cec-1, L:/ip:port - R:test-servicegateway.test.com/195.35.76.39:443] Handler is being applied: {uri=https://servicegateway.test.com/api, method=POST}
2023-02-16T12:50:32.371+01:00 =DEBUG 80044 --- [ctor-http-nio-4] r.n.http.client.HttpClientOperations : [91ad2cec-1, L:/ip:port - R:test-servicegateway.test.com/195.35.76.39:443] Received response (auto-read:false) : RESPONSE(decodeResult: success, version: HTTP/1.1)
HTTP/1.1 200 OK
Strict-Transport-Security: <filtered>
X-XSS-Protection: <filtered>
X-Content-Type-Options: <filtered>
Date: <filtered>
Server: <filtered>
X-Backside-Transport: <filtered>
Content-Type: <filtered>
X-Global-Transaction-ID: <filtered>
Content-Length: <filtered>
2023-02-16T12:50:32.372+01:00 =DEBUG 80044 --- [ctor-http-nio-4] r.n.http.client.HttpClientOperations : [91ad2cec-1, L:/ip:port - R:test-servicegateway.test.com/ip:443] Received last HTTP packet
2023-02-16 12:50:32.372 =DEBUG n/a --- [ctor-http-nio-4] c.e.adapters.mail.MailClient : Request successful: 200 OK: null
2023-02-16 12:50:32.372 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Or [Mvc [pattern='/actuator/**'], Mvc [pattern='/v3/api-docs/**'], Mvc [pattern='/swagger/**']], Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter#2c82ba48, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#304a572b, org.springframework.security.web.context.SecurityContextHolderFilter#16cfb949, org.springframework.security.web.header.HeaderWriterFilter#2f83993e, org.springframework.security.web.authentication.logout.LogoutFilter#71c63303, org.springframework.security.web.authentication.www.BasicAuthenticationFilter#ef244cf, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#2bd4bd7a, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#182d9b57, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#62c46e54, org.springframework.security.web.session.SessionManagementFilter#2cbc1036, org.springframework.security.web.access.ExceptionTranslationFilter#3ea070ca, org.springframework.security.web.access.intercept.AuthorizationFilter#741a2b1b]] (1/2)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter#5048d2e6, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#d701f6f, org.springframework.security.web.context.SecurityContextHolderFilter#388f1f0d, org.springframework.security.web.header.HeaderWriterFilter#63fa5fb5, com..config.FilterChainExceptionHandler#759b5453, com.config.JwtAuthTokenFilter#1fc978f1, org.springframework.security.web.authentication.logout.LogoutFilter#3bfe17d3, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#3381b921, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#2edc4925, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#900560c, org.springframework.security.web.session.SessionManagementFilter#547d3cca, org.springframework.security.web.access.ExceptionTranslationFilter#f114f2b, org.springframework.security.web.access.intercept.AuthorizationFilter#6c1f390c]] (2/2)
2023-02-16 12:50:32.373 =DEBUG n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Securing POST /initpasswordreset
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking FilterChainExceptionHandler (5/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking JwtAuthTokenFilter (6/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (7/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2023-02-16 12:50:32.373 =TRACE n/a --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (13/13)
2023-02-16 12:50:32.374 =TRACE n/a --- [nio-8080-exec-8] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2023-02-16 12:50:32.374 =TRACE n/a --- [nio-8080-exec-8] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
I am not sure why the chain is excuted again after the business logic is executed. Do I need to persist the SecurityContext in this case manually?
I am with my first spring-boot project. I did succesfully configure it to check for authentication; if the user/password was wrong the method was not invoked (status 401 unauthorized), if it was right it succeeded.
Now I have added authorization with JSR250 and I am only getting 403 Access denied.
The WS:
#RestController
#RequestMapping("/password")
public class ServicioPassword {
#GetMapping(path = "ldap")
public ResponseEntity<String> getLdap() {
var authentication = SecurityContextHolder.getContext().getAuthentication();
System.out.println("EN LDAP " + authentication.getPrincipal() + " - " + authentication.isAuthenticated());
for (var authority : authentication.getAuthorities()) {
System.out.println("Authority= " + authority);
}
return ResponseEntity.ok("DE LDAP");
}
When invoked, I get this on console:
EN LDAP LdapUserDetailsImpl [Dn=cn=ivr_apl_user,ou=IVR,ou=Aplicaciones,dc=pre,dc=aplssib; Username=ivr_apl_user; Password=[PROTECTED]; Enabled=true; AccountNonExpired=true; CredentialsNonExpired=true; AccountNonLocked=true; Granted Authorities=[AGNI_OIMIVR]] - true
Authority= AGNI_OIMIVR
Yet, if I add #RolesAllowed("AGNI_OIMIVR"), when I invoke it I get a 403 Forbidden.
The MethodSecurityConfig:
#Configuration
#EnableGlobalMethodSecurity(jsr250Enabled = true, prePostEnabled = true)
public class MethodSecurityConfig
extends GlobalMethodSecurityConfiguration{
}
I have kept the WebSecurityConfig:
#Configuration
#EnableWebSecurity
public class WebSecurityConfig {
#Configuration
#EnableWebSecurity
public class WebSecurityConfig {
#Autowired
private Environment environment;
#Bean
BindAuthenticator bindAuthenticator(
final BaseLdapPathContextSource contextSource) {
var bindAuthenticator = new BindAuthenticator(contextSource);
bindAuthenticator.setUserDnPatterns(new String[]{environment.getRequiredProperty("spring.ldap.userdnpattern")});
return bindAuthenticator;
}
#Bean
AuthenticationProvider ldapAuthenticationProvider(
final LdapAuthenticator ldapAuthenticator) {
var ldapAuthenticationProvider = new LdapAuthenticationProvider(ldapAuthenticator);
var ldapUserDetailsMapper = new CustomUserDetailsMapper();
var ldapMemberRoles = environment.getRequiredProperty("spring.ldap.roleattributes");
ldapUserDetailsMapper.setRoleAttributes(ldapMemberRoles.split(","));
ldapUserDetailsMapper.setRolePrefix("");
ldapAuthenticationProvider.setUserDetailsContextMapper(ldapUserDetailsMapper);
return ldapAuthenticationProvider;
}
#Bean
SecurityFilterChain filterChain(
final HttpSecurity http)
throws Exception {
http.csrf().disable()
.cors().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER).and()
.authorizeRequests()
.anyRequest().authenticated().and()
.httpBasic();
return http.build();
}
UPDATE: Adding log after setting logging.level.org.springframework.security=TRACE:
Note that the line: 2022-07-07 13:04:27.464 WARN 81968 --- [nio-8080-exec-2] e.s.d.o.s.ws.CustomUserDetailsMapper : createAuthority agni_oimivr comes from a log from one of my custom classes.
2022-07-07 13:04:27.441 TRACE 81968 --- [nio-8080-exec-2] o.s.s.w.a.www.BasicAuthenticationFilter : Found username 'ivr_apl_user' in Basic Authorization header
2022-07-07 13:04:27.442 TRACE 81968 --- [nio-8080-exec-2] o.s.s.authentication.ProviderManager : Authenticating request with LdapAuthenticationProvider (1/1)
2022-07-07 13:04:27.444 TRACE 81968 --- [nio-8080-exec-2] o.s.s.l.a.BindAuthenticator : Attempting to bind as cn=ivr_apl_user,ou=[REDACTED]
2022-07-07 13:04:27.444 TRACE 81968 --- [nio-8080-exec-2] s.s.l.DefaultSpringSecurityContextSource : Removing pooling flag for user cn=ivr_apl_user,ou=[REDACTED]
2022-07-07 13:04:27.463 DEBUG 81968 --- [nio-8080-exec-2] o.s.s.l.a.BindAuthenticator : Bound cn=ivr_apl_user,ou=[REDACTED]
2022-07-07 13:04:27.463 DEBUG 81968 --- [nio-8080-exec-2] o.s.s.l.u.LdapUserDetailsMapper : Mapping user details from context with DN cn=ivr_apl_user,ou=[REDACTED]
2022-07-07 13:04:27.464 WARN 81968 --- [nio-8080-exec-2] e.s.d.o.s.ws.CustomUserDetailsMapper : createAuthority agni_oimivr
2022-07-07 13:04:27.464 DEBUG 81968 --- [nio-8080-exec-2] o.s.s.l.a.LdapAuthenticationProvider : Authenticated user
2022-07-07 13:04:27.465 DEBUG 81968 --- [nio-8080-exec-2] o.s.s.w.a.www.BasicAuthenticationFilter : Set SecurityContextHolder to UsernamePasswordAuthenticationToken [Principal=LdapUserDetailsImpl [Dn=cn=ivr_apl_user,ou=IVR,ou=Aplicaciones,dc=pre,dc=aplssib; Username=ivr_apl_user; Password=[PROTECTED]; Enabled=true; AccountNonExpired=true; CredentialsNonExpired=true; AccountNonLocked=true; Granted Authorities=[AGNI_OIMIVR]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[AGNI_OIMIVR]]
2022-07-07 13:04:27.465 TRACE 81968 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (7/12)
2022-07-07 13:04:27.465 TRACE 81968 --- [nio-8080-exec-2] o.s.s.w.s.HttpSessionRequestCache : No saved request
2022-07-07 13:04:27.465 TRACE 81968 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (8/12)
2022-07-07 13:04:27.466 TRACE 81968 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (9/12)
2022-07-07 13:04:27.466 TRACE 81968 --- [nio-8080-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter : Did not set SecurityContextHolder since already authenticated UsernamePasswordAuthenticationToken [Principal=LdapUserDetailsImpl [Dn=cn=ivr_apl_user,ou=IVR,ou=Aplicaciones,dc=pre,dc=aplssib; Username=ivr_apl_user; Password=[PROTECTED]; Enabled=true; AccountNonExpired=true; CredentialsNonExpired=true; AccountNonLocked=true; Granted Authorities=[AGNI_OIMIVR]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[AGNI_OIMIVR]]
2022-07-07 13:04:27.466 TRACE 81968 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (10/12)
2022-07-07 13:04:27.467 TRACE 81968 --- [nio-8080-exec-2] s.CompositeSessionAuthenticationStrategy : Preparing session with ChangeSessionIdAuthenticationStrategy (1/1)
2022-07-07 13:04:27.467 DEBUG 81968 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : The HttpSession is currently null, and the HttpSessionSecurityContextRepository is prohibited from creating an HttpSession (because the allowSessionCreation property is false) - SecurityContext thus not stored for next request
2022-07-07 13:04:27.467 TRACE 81968 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (11/12)
2022-07-07 13:04:27.467 TRACE 81968 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Invoking FilterSecurityInterceptor (12/12)
2022-07-07 13:04:27.468 TRACE 81968 --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Did not re-authenticate UsernamePasswordAuthenticationToken [Principal=LdapUserDetailsImpl [Dn=cn=ivr_apl_user,ou=IVR,ou=Aplicaciones,dc=pre,dc=aplssib; Username=ivr_apl_user; Password=[PROTECTED]; Enabled=true; AccountNonExpired=true; CredentialsNonExpired=true; AccountNonLocked=true; Granted Authorities=[AGNI_OIMIVR]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[AGNI_OIMIVR]] before authorizing
2022-07-07 13:04:27.468 TRACE 81968 --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Authorizing filter invocation [GET /password/ldap] with attributes [authenticated]
2022-07-07 13:04:27.469 DEBUG 81968 --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Authorized filter invocation [GET /password/ldap] with attributes [authenticated]
2022-07-07 13:04:27.470 TRACE 81968 --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Did not switch RunAs authentication since RunAsManager returned null
2022-07-07 13:04:27.470 DEBUG 81968 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Secured GET /password/ldap
2022-07-07 13:04:27.471 TRACE 81968 --- [nio-8080-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : Did not re-authenticate UsernamePasswordAuthenticationToken [Principal=LdapUserDetailsImpl [Dn=cn=ivr_apl_user,ou=IVR,ou=Aplicaciones,dc=pre,dc=aplssib; Username=ivr_apl_user; Password=[PROTECTED]; Enabled=true; AccountNonExpired=true; CredentialsNonExpired=true; AccountNonLocked=true; Granted Authorities=[AGNI_OIMIVR]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[AGNI_OIMIVR]] before authorizing
2022-07-07 13:04:27.472 TRACE 81968 --- [nio-8080-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : Authorizing ReflectiveMethodInvocation: public org.springframework.http.ResponseEntity es.ssib.dtic.oimivr.service.ws.v1.ServicioPassword.getLdap(); target is of class [es.ssib.dtic.oimivr.service.ws.v1.ServicioPassword] with attributes [ROLE_AGNI_OIMIVR]
2022-07-07 13:04:27.475 TRACE 81968 --- [nio-8080-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : Failed to authorize ReflectiveMethodInvocation: public org.springframework.http.ResponseEntity es.ssib.dtic.oimivr.service.ws.v1.ServicioPassword.getLdap(); target is of class [es.ssib.dtic.oimivr.service.ws.v1.ServicioPassword] with attributes [ROLE_AGNI_OIMIVR] using AffirmativeBased [DecisionVoters=[org.springframework.security.access.annotation.Jsr250Voter#6797e2e2, org.springframework.security.access.vote.RoleVoter#2ab76862, org.springframework.security.access.vote.AuthenticatedVoter#152f6a2e], AllowIfAllAbstainDecisions=false]
2022-07-07 13:04:27.484 TRACE 81968 --- [nio-8080-exec-2] o.s.s.w.a.ExceptionTranslationFilter : Sending UsernamePasswordAuthenticationToken [Principal=LdapUserDetailsImpl [Dn=cn=ivr_apl_user,ou=IVR,ou=Aplicaciones,dc=pre,dc=aplssib; Username=ivr_apl_user; Password=[PROTECTED]; Enabled=true; AccountNonExpired=true; CredentialsNonExpired=true; AccountNonLocked=true; Granted Authorities=[AGNI_OIMIVR]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[AGNI_OIMIVR]] to access denied handler since access is denied
org.springframework.security.access.AccessDeniedException: Acceso denegado
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73) ~[spring-security-core-5.7.1.jar:5.7.1]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization(AbstractSecurityInterceptor.java:239) ~[spring-security-core-5.7.1.jar:5.7.1]
[...]
2022-07-07 13:04:27.497 DEBUG 81968 --- [nio-8080-exec-2] o.s.s.w.access.AccessDeniedHandlerImpl : Responding with 403 status code
What am I doing wrong?
The Authentication object of your authenticated user is:
UsernamePasswordAuthenticationToken [Principal=LdapUserDetailsImpl [Dn=cn=ivr_apl_user,ou=IVR,ou=Aplicaciones,dc=pre,dc=aplssib; Username=ivr_apl_user; Password=[PROTECTED]; Enabled=true; AccountNonExpired=true; CredentialsNonExpired=true; AccountNonLocked=true; Granted Authorities=[AGNI_OIMIVR]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[AGNI_OIMIVR]]
Note that the GrantedAuthorities is Granted Authorities=[AGNI_OIMIVR], there is no ROLE_ prefix there. When you add #RolesAllowed("AGNI_OIMIVR") to the method, the ROLE_ prefix will be added automatically to the authority that you passed as an argument to the annotation, becoming ROLE_AGNI_OIMIVR.
Spring Security will try to match ROLE_AGNI_OIMIVR that is in the annotation with AGNI_OIMIVR that is in the granted authorities' property, but they do not match.
You have three options:
Change the role in LDAP to have the ROLE_ prefix
Expose a Bean of GrantedAuthorityDefaults removing the rolePrefix, like so:
#Bean
GrantedAuthorityDefaults grantedAuthorityDefaults() {
return new GrantedAuthorityDefaults("");
}
Use #PreAuthorize("hasAuthority('AGNI_OIMIVR')")
Another tip would be to use the new #EnableMethodSecurity(jsr250Enabled = true) which uses the simplified AuthorizationManager API, improve logging, amongst others.
I have been trying to log into my application through the default login provided by Spring Boot Security, but I am getting the following error message after typing the correct credentials:
"This application has no explicit mapping for /error, so you are seeing this as a fallback."
Here is my Pom.xml:
4.0.0
org.springframework.boot
spring-boot-starter-parent
2.4.0
com.pma
Project-Management-Application
0.0.1-SNAPSHOT
Project-Management-Application
Project Management Application
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
Here is the Security log:
2020-12-18 15:41:27.518 INFO 12460 --- [ restartedMain] com.pma.ProjectManagementApplication : Starting ProjectManagementApplication using Java 15 on DESKTOP-K6PLQI6 with PID 12460 (C:\Users\RaviKiranKrovvidi\Documents\workspace-spring-tool-suite-4-4.8.1.RELEASE\Project-Management-Application\target\classes started by RaviKiranKrovvidi in C:\Users\RaviKiranKrovvidi\Documents\workspace-spring-tool-suite-4-4.8.1.RELEASE\Project-Management-Application)
2020-12-18 15:41:27.522 DEBUG 12460 --- [ restartedMain] com.pma.ProjectManagementApplication : Running with Spring Boot v2.4.0, Spring v5.3.1
2020-12-18 15:41:27.523 INFO 12460 --- [ restartedMain] com.pma.ProjectManagementApplication : The following profiles are active: dev
2020-12-18 15:41:27.596 INFO 12460 --- [ restartedMain] .e.DevToolsPropertyDefaultsPostProcessor : Devtools property defaults active! Set 'spring.devtools.add-properties' to 'false' to disable
2020-12-18 15:41:27.596 INFO 12460 --- [ restartedMain] .e.DevToolsPropertyDefaultsPostProcessor : For additional web related logging consider setting the 'logging.level.web' property to 'DEBUG'
2020-12-18 15:41:28.852 INFO 12460 --- [ restartedMain] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFERRED mode.
2020-12-18 15:41:28.924 INFO 12460 --- [ restartedMain] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 61 ms. Found 2 JPA repository interfaces.
2020-12-18 15:41:29.731 INFO 12460 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2020-12-18 15:41:29.926 INFO 12460 --- [ restartedMain] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 2329 ms
2020-12-18 15:41:30.485 INFO 12460 --- [ restartedMain] o.s.b.a.h2.H2ConsoleAutoConfiguration : H2 console available at '/h2-console'. Database available at 'jdbc:mysql://localhost:3306/pma_springbootdb'
2020-12-18 15:41:30.811 INFO 12460 --- [ restartedMain] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2020-12-18 15:41:31.149 WARN 12460 --- [ restartedMain] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2020-12-18 15:41:31.998 INFO 12460 --- [ restartedMain] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: d0a18f3e-7ebf-483c-b3e1-eb5248836d76
2020-12-18 15:41:32.290 DEBUG 12460 --- [ restartedMain] edFilterInvocationSecurityMetadataSource : Adding web access control expression [authenticated] for any request
2020-12-18 15:41:32.354 INFO 12460 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#35a4d566, org.springframework.security.web.context.SecurityContextPersistenceFilter#72cafdb2, org.springframework.security.web.header.HeaderWriterFilter#716a21b0, org.springframework.security.web.csrf.CsrfFilter#6f94b191, org.springframework.security.web.authentication.logout.LogoutFilter#52486c35, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#5cd6385c, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter#250bb4ff, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter#2a7a8ca7, org.springframework.security.web.authentication.www.BasicAuthenticationFilter#6fc788ed, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#7380a413, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#19fe6101, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#7929e9e5, org.springframework.security.web.session.SessionManagementFilter#7ea5da27, org.springframework.security.web.access.ExceptionTranslationFilter#290ebb3a, org.springframework.security.web.access.intercept.FilterSecurityInterceptor#a638441]
2020-12-18 15:41:32.518 INFO 12460 --- [ restartedMain] o.s.b.d.a.OptionalLiveReloadServer : LiveReload server is running on port 35729
2020-12-18 15:41:32.649 INFO 12460 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2020-12-18 15:41:32.654 INFO 12460 --- [ restartedMain] DeferredRepositoryInitializationListener : Triggering deferred initialization of Spring Data repositories…
2020-12-18 15:41:33.618 INFO 12460 --- [ task-1] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2020-12-18 15:41:33.986 INFO 12460 --- [ restartedMain] DeferredRepositoryInitializationListener : Spring Data repositories initialized!
2020-12-18 15:41:33.999 INFO 12460 --- [ restartedMain] com.pma.ProjectManagementApplication : Started ProjectManagementApplication in 7.018 seconds (JVM running for 8.606)
2020-12-18 15:43:26.881 INFO 12460 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2020-12-18 15:43:26.883 INFO 12460 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
2020-12-18 15:43:26.895 DEBUG 12460 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing GET /login
2020-12-18 15:43:26.899 DEBUG 12460 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2020-12-18 15:43:27.026 DEBUG 12460 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2020-12-18 15:43:27.029 DEBUG 12460 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2020-12-18 15:43:28.245 DEBUG 12460 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Securing GET /login
2020-12-18 15:43:28.246 DEBUG 12460 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2020-12-18 15:43:28.247 DEBUG 12460 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2020-12-18 15:43:28.247 DEBUG 12460 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2020-12-18 15:43:32.406 DEBUG 12460 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : Securing POST /login
2020-12-18 15:43:32.407 DEBUG 12460 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2020-12-18 15:43:32.656 DEBUG 12460 --- [nio-8080-exec-3] o.s.s.a.dao.DaoAuthenticationProvider : Authenticated user
2020-12-18 15:43:32.658 DEBUG 12460 --- [nio-8080-exec-3] .s.ChangeSessionIdAuthenticationStrategy : Changed session id from 98920E20F226D1EB6BF133DBECF0E72E
2020-12-18 15:43:32.658 DEBUG 12460 --- [nio-8080-exec-3] o.s.s.w.csrf.CsrfAuthenticationStrategy : Replaced CSRF Token
2020-12-18 15:43:32.659 DEBUG 12460 --- [nio-8080-exec-3] w.a.UsernamePasswordAuthenticationFilter : Set SecurityContextHolder to UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=user, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=98920E20F226D1EB6BF133DBECF0E72E], Granted Authorities=[]]
2020-12-18 15:43:32.660 DEBUG 12460 --- [nio-8080-exec-3] o.s.s.web.DefaultRedirectStrategy : Redirecting to /
2020-12-18 15:43:32.661 DEBUG 12460 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=user, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=98920E20F226D1EB6BF133DBECF0E72E], Granted Authorities=[]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade#6bd7f0d3]
2020-12-18 15:43:32.661 DEBUG 12460 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2020-12-18 15:43:32.667 DEBUG 12460 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Securing GET /
2020-12-18 15:43:32.668 DEBUG 12460 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=user, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=98920E20F226D1EB6BF133DBECF0E72E], Granted Authorities=[]]]
2020-12-18 15:43:32.668 DEBUG 12460 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=user, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=98920E20F226D1EB6BF133DBECF0E72E], Granted Authorities=[]]]
2020-12-18 15:43:32.676 DEBUG 12460 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Authorized filter invocation [GET /] with attributes [authenticated]
2020-12-18 15:43:32.677 DEBUG 12460 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Secured GET /
2020-12-18 15:43:32.689 DEBUG 12460 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2020-12-18 15:43:32.691 DEBUG 12460 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Securing GET /error
2020-12-18 15:43:32.691 DEBUG 12460 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=user, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=98920E20F226D1EB6BF133DBECF0E72E], Granted Authorities=[]]]
2020-12-18 15:43:32.692 DEBUG 12460 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=user, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=98920E20F226D1EB6BF133DBECF0E72E], Granted Authorities=[]]]
2020-12-18 15:43:32.692 DEBUG 12460 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Secured GET /error
2020-12-18 15:43:32.737 DEBUG 12460 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
I am using Swagger in a Spring boot application,
I somehow can access most of Swagger's endpoints such as /v2/api-docs, /swagger-resources but I can't figure out why /swagger-ui.html is not accessible.
I am using these dependencies:
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
</dependency>
here is my Swagger Config class:
#Configuration
#EnableSwagger2
public class SwaggerConfig {
#Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("app.controllers"))
.paths(PathSelectors.any())
.build();
}
}
Here is the interesting part of the log:
2017-12-27 14:12:09.896 DEBUG 10212 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /springfox/swagger-ui.html at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-12-27 14:12:09.896 DEBUG 10212 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /springfox/swagger-ui.html at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/v2/api-docs'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/configuration/ui'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/swagger-resources'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/configuration/security'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/swagger-ui.html'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/webjars/**'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /springfox/swagger-ui.html' doesn't match 'POST /login
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /springfox/swagger-ui.html; Attributes: [authenticated]
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#8f3b828e: Principal: 0001; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN, ROLE_USER
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter#45d0a23, returned: 1
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /springfox/swagger-ui.html reached end of additional filter chain; proceeding with original chain
2017-12-27 14:12:09.904 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/springfox/swagger-ui.html]
2017-12-27 14:12:09.906 DEBUG 10212 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /springfox/swagger-ui.html
2017-12-27 14:12:09.919 DEBUG 10212 --- [nio-8080-exec-1] .m.m.a.ExceptionHandlerExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
2017-12-27 14:12:09.920 DEBUG 10212 --- [nio-8080-exec-1] .w.s.m.a.ResponseStatusExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
2017-12-27 14:12:09.920 DEBUG 10212 --- [nio-8080-exec-1] .w.s.m.s.DefaultHandlerExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
2017-12-27 14:12:09.920 WARN 10212 --- [nio-8080-exec-1] o.s.web.servlet.PageNotFound : Request method 'GET' not supported
2017-12-27 14:12:09.921 DEBUG 10212 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl#8f3b828e: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#8f3b828e: Principal: 0001; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN, ROLE_USER' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade#3bcccd7c
2017-12-27 14:12:09.921 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2017-12-27 14:12:09.921 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Successfully completed request
2017-12-27 14:12:09.922 DEBUG 10212 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] o.s.b.w.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#203209de
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost] : Processing ErrorPage[errorCode=0, location=/error]
2017-12-27 14:12:09.928 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/error]
2017-12-27 14:12:09.928 DEBUG 10212 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /error
2017-12-27 14:12:09.930 DEBUG 10212 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity io.xhub.secusid.exception.SecusidErrorHandler.error(javax.servlet.http.HttpServletRequest)]
2017-12-27 14:12:09.930 DEBUG 10212 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'secusidErrorHandler'
2017-12-27 14:12:09.930 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/error] is: -1
2017-12-27 14:12:09.943 DEBUG 10212 --- [nio-8080-exec-1] i.x.s.exception.SecusidErrorHandler : Request method 'GET' not supported
org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
Try adding a class like this
#Configuration
public class WebMvcConfiguration extends WebMvcConfigurationSupport {
#Override
public void addResourceHandlers(final ResourceHandlerRegistry registry) {
// Make Swagger meta-data available via <baseURL>/v2/api-docs/
registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
// Make Swagger UI available via <baseURL>/swagger-ui.html
registry.addResourceHandler("/**").addResourceLocations("classpath:/META-INF/resources/");
}
}
I've tried Spring Boot with Spring Spring Security login with AngularJS. The problem is when I post object after login, I get thrown back to the login page.
Log
2017-02-20 18:06:35.738 DEBUG 5084 --- [nio-8080-exec-1] o.h.l.Loader : Done entity load
2017-02-20 18:06:35.739 DEBUG 5084 --- [nio-8080-exec-1] o.h.e.i.TwoPhaseLoad : Done materializing entity [com.sopiyan.uptd.entities.entity.User#10af7fb8-ad10-459c-b985-ec24744d4630]
2017-02-20 18:06:35.739 DEBUG 5084 --- [nio-8080-exec-1] o.s.o.j.EntityManagerFactoryUtils : Closing JPA EntityManager
2017-02-20 18:06:35.877 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:35.877 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'authenticationAuditListener'
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'auditListener'
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.a.a.l.AuditListener : AuditEvent [timestamp=Mon Feb 20 18:06:35 ICT 2017, principal=admin#uptd.com, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null}]
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy#1144175
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] w.a.UsernamePasswordAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#77cb72a0: Principal: com.sopiyan.uptd.services.impl.CurrentUser#8b80352f: Username: admin#uptd.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ADMIN
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.s.w.a.r.TokenBasedRememberMeServices : Did not send remember-me cookie (principal did not set parameter 'remember-me')
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.s.w.a.r.TokenBasedRememberMeServices : Remember-me login not requested.
2017-02-20 18:06:35.879 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:35.879 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'authenticationAuditListener'
2017-02-20 18:06:36.036 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Creating instance of bean 'com.fasterxml.jackson.databind.ser.std.DateSerializer'
2017-02-20 18:06:36.038 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
2017-02-20 18:06:36.068 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
2017-02-20 18:06:36.068 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
2017-02-20 18:06:36.070 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Finished creating instance of bean 'com.fasterxml.jackson.databind.ser.std.DateSerializer'
2017-02-20 18:06:36.077 DEBUG 5084 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : HttpSession being created as SecurityContext is non-default
2017-02-20 18:06:36.086 DEBUG 5084 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl#77cb72a0: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#77cb72a0: Principal: com.sopiyan.uptd.services.impl.CurrentUser#8b80352f: Username: admin#uptd.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ADMIN' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade#89f3f
2017-02-20 18:06:36.086 DEBUG 5084 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-02-20 18:06:36.086 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.w.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#1d44db8
2017-02-20 18:06:48.699 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.w.f.OrderedRequestContextFilter : Bound request context to thread: org.apache.catalina.connector.RequestFacade#1d44db8
2017-02-20 18:06:48.700 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.h.w.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#f54084
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 4 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2017-02-20 18:06:48.702 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2017-02-20 18:06:48.702 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'GET /logout
2017-02-20 18:06:48.702 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/logout'
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'PUT /logout
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'DELETE /logout
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : No matches found
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 5 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/login'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 6 of 13 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 7 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 8 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2017-02-20 18:06:48.706 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 9 of 13 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2017-02-20 18:06:48.706 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'GET /logout
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/logout'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'PUT /logout
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'DELETE /logout
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : No matches found
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/login'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/assets/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/public/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/upload/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/dashboard/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /dashboard/kategori; Attributes: [hasAuthority('ADMIN')]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2017-02-20 18:06:48.724 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.a.v.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter#176f32b, returned: -1
2017-02-20 18:06:48.742 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:48.742 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'authorizationAuditListener'
2017-02-20 18:06:48.743 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.a.a.l.AuditListener : AuditEvent [timestamp=Mon Feb 20 18:06:48 ICT 2017, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null, type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]
2017-02-20 18:06:48.743 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:177)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at com.sopiyan.uptd.config.security.UptdCorsFilter.doFilterInternal(UptdCorsFilter.java:103)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:474)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
2017-02-20 18:06:48.752 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
2017-02-20 18:06:48.752 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/**/favicon.ico'
2017-02-20 18:06:48.753 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.NegatedRequestMatcher : matches = true
2017-02-20 18:06:48.753 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager#1a6a2d0, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[application/json, text/plain, */*]
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/json
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/json = true
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.NegatedRequestMatcher : matches = false
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AndRequestMatcher : Did not match
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.s.HttpSessionRequestCache : Request not saved as configured RequestMatcher did not match
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2017-02-20 18:06:48.758 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/login'
2017-02-20 18:06:48.758 DEBUG 5084 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-02-20 18:06:48.777 DEBUG 5084 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-02-20 18:06:48.778 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.w.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#1d44db8
Security config
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/","/login", "/assets/**","/public/**","/upload/**")
.permitAll()
.antMatchers("/dashboard/**").hasAuthority("ADMIN")
.antMatchers("/secure2/**").hasAnyRole("ADMIN", "PENGRAJIN")
.anyRequest()
.authenticated()
.and()
.formLogin()
.successHandler(authenticationSuccesHandler)
.failureHandler(authenticationFailureHandler())
.usernameParameter("email")
.permitAll()
.and()
.logout()
.logoutSuccessHandler(logoutSucessHandler)
.deleteCookies("ingatsaya")
.permitAll()
.and()
.rememberMe()
.tokenValiditySeconds(31536000)
.and()
.csrf().disable();
}
Error message
XMLHttpRequest cannot load http://localhost:8080/dashboard/kategori. Redirect from 'http://localhost:8080/dashboard/kategori' to 'http://localhost:8080/login' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect
Steps
Login successful
When POST some data I get an error
As per the error: "blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect"
Assuming your browser is Chrome:
Try installing the Chrome extension of "Allow-Control-Allow-Origin". Then configure it by setting a rule at the header level "application/json;charset=utf-8" and of course the Intercepted URL parameter.