I am using Swagger in a Spring boot application,
I somehow can access most of Swagger's endpoints such as /v2/api-docs, /swagger-resources but I can't figure out why /swagger-ui.html is not accessible.
I am using these dependencies:
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
</dependency>
here is my Swagger Config class:
#Configuration
#EnableSwagger2
public class SwaggerConfig {
#Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("app.controllers"))
.paths(PathSelectors.any())
.build();
}
}
Here is the interesting part of the log:
2017-12-27 14:12:09.896 DEBUG 10212 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /springfox/swagger-ui.html at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-12-27 14:12:09.896 DEBUG 10212 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /springfox/swagger-ui.html at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/v2/api-docs'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/configuration/ui'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/swagger-resources'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/configuration/security'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/swagger-ui.html'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/springfox/swagger-ui.html'; against '/webjars/**'
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /springfox/swagger-ui.html' doesn't match 'POST /login
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /springfox/swagger-ui.html; Attributes: [authenticated]
2017-12-27 14:12:09.897 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#8f3b828e: Principal: 0001; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN, ROLE_USER
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter#45d0a23, returned: 1
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2017-12-27 14:12:09.903 DEBUG 10212 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /springfox/swagger-ui.html reached end of additional filter chain; proceeding with original chain
2017-12-27 14:12:09.904 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/springfox/swagger-ui.html]
2017-12-27 14:12:09.906 DEBUG 10212 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /springfox/swagger-ui.html
2017-12-27 14:12:09.919 DEBUG 10212 --- [nio-8080-exec-1] .m.m.a.ExceptionHandlerExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
2017-12-27 14:12:09.920 DEBUG 10212 --- [nio-8080-exec-1] .w.s.m.a.ResponseStatusExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
2017-12-27 14:12:09.920 DEBUG 10212 --- [nio-8080-exec-1] .w.s.m.s.DefaultHandlerExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
2017-12-27 14:12:09.920 WARN 10212 --- [nio-8080-exec-1] o.s.web.servlet.PageNotFound : Request method 'GET' not supported
2017-12-27 14:12:09.921 DEBUG 10212 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl#8f3b828e: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#8f3b828e: Principal: 0001; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN, ROLE_USER' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade#3bcccd7c
2017-12-27 14:12:09.921 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2017-12-27 14:12:09.921 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Successfully completed request
2017-12-27 14:12:09.922 DEBUG 10212 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] o.s.b.w.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#203209de
2017-12-27 14:12:09.923 DEBUG 10212 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost] : Processing ErrorPage[errorCode=0, location=/error]
2017-12-27 14:12:09.928 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/error]
2017-12-27 14:12:09.928 DEBUG 10212 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /error
2017-12-27 14:12:09.930 DEBUG 10212 --- [nio-8080-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity io.xhub.secusid.exception.SecusidErrorHandler.error(javax.servlet.http.HttpServletRequest)]
2017-12-27 14:12:09.930 DEBUG 10212 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'secusidErrorHandler'
2017-12-27 14:12:09.930 DEBUG 10212 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/error] is: -1
2017-12-27 14:12:09.943 DEBUG 10212 --- [nio-8080-exec-1] i.x.s.exception.SecusidErrorHandler : Request method 'GET' not supported
org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported
Try adding a class like this
#Configuration
public class WebMvcConfiguration extends WebMvcConfigurationSupport {
#Override
public void addResourceHandlers(final ResourceHandlerRegistry registry) {
// Make Swagger meta-data available via <baseURL>/v2/api-docs/
registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
// Make Swagger UI available via <baseURL>/swagger-ui.html
registry.addResourceHandler("/**").addResourceLocations("classpath:/META-INF/resources/");
}
}
Related
On making a GET Request which returns a ModelAndView Object I am getting the following error
: GET "/tweet2?email=tim#gmail.com", parameters={masked} 2022-03-08
11:04:45.459 DEBUG 46576 --- [nio-8080-exec-3]
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to
com.example.demo.RestAPIExample#getTweetsByEmail(String) 2022-03-08
11:04:45.464 DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.s.v.ContentNegotiatingViewResolver : Selected '/' given [/]
2022-03-08 11:04:45.464 DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.servlet.view.InternalResourceView : View name 'tweets', model
{tweets=[com.example.demo.Tweet#3a7a85cb]} 2022-03-08 11:04:45.465
DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.servlet.view.InternalResourceView : Forwarding to [tweets]
2022-03-08 11:04:45.467 DEBUG 46576 --- [nio-8080-exec-3]
o.s.web.servlet.DispatcherServlet : "FORWARD" dispatch for GET
"/tweets?email=tim#gmail.com", parameters={masked} 2022-03-08
11:04:45.470 DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to
ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath
[resources/], classpath [static/], classpath [public/], ServletContext
[/]] 2022-03-08 11:04:45.472 DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2022-03-08 11:04:45.473 DEBUG 46576 --- [nio-8080-exec-3]
o.s.web.servlet.DispatcherServlet : Exiting from "FORWARD"
dispatch, status 404 2022-03-08 11:04:45.473 DEBUG 46576 ---
[nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Completed
404 NOT_FOUND 2022-03-08 11:04:45.474 DEBUG 46576 ---
[nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : "ERROR"
dispatch for GET "/error?email=tim#gmail.com", parameters={masked}
2022-03-08 11:04:45.475 DEBUG 46576 --- [nio-8080-exec-3]
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to
org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2022-03-08 11:04:45.482 DEBUG 46576 --- [nio-8080-exec-3]
o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using 'application/json',
given [/] and supported [application/json, application/+json,
application/json, application/+json] 2022-03-08 11:04:45.483 DEBUG
46576 --- [nio-8080-exec-3] o.s.w.s.m.m.a.HttpEntityMethodProcessor :
Writing [{timestamp=Tue Mar 08 11:04:45 IST 2022, status=404,
error=Not Found, path=/tweet2}] 2022-03-08 11:04:45.497 DEBUG 46576
--- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 404
Here is the code I wrote:
#GetMapping("/tweet2")
public ModelAndView getTweetsByEmail(#RequestParam String email) {
ModelAndView modelAndView = new ModelAndView("tweets");
List<Tweet> tweets = tweetMap.get(email);
modelAndView.getModel().put("tweets",tweets);
return modelAndView;
}
And there is a tweets.mustache file under the resources folder. Not sure why its unable to detect it
I am using Spring Boot v2.1.7 + HATEOAS + Spring Rest + Spring Security. When consumer doesn't pass the correct Custom Header in the request, say passes X-Accept-Version=v5, it gives me below error.
Error:
2020-03-26 15:44:48.201 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : POST "/employee-catalog-api/reference-types", parameters={}
2020-03-26 15:44:48.216 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler ["classpath:/META-INF/resources/", "classpath:/resources/", "classpath:/static/", "classpath:/public/", "/"]
2020-03-26 15:44:48.217 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] .m.c.d.m.p.s.SAMLUserIdentityServiceImpl : Trying to get UserId from Security Context
2020-03-26 15:44:48.224 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2020-03-26 15:44:48.234 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2020-03-26 15:44:48.234 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#5c85f23b
2020-03-26 15:44:48.234 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2020-03-26 15:44:48.254 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2020-03-26 15:44:48.254 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND
2020-03-26 15:44:48.258 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2020-03-26 15:44:48.258 DEBUG [employee-service,14c23adbe2664530,14c23adbe2664530,false] 3608 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
Code:
#PostMapping(path = "/employee-types", headers = {X-Accept-Version=v1})
public ResponseEntity<Integer> saveEmployeeType(#Valid #RequestBody EmployeeDto employeeDto) {
.....
......
......
return new ResponseEntity<>(HttpStatus.OK);
}
Why its not coming to handleNoHandlerFoundException of the #ControllerAdvice ?
#Override
protected ResponseEntity<Object> handleNoHandlerFoundException(NoHandlerFoundException ex, HttpHeaders headers,
HttpStatus status, WebRequest request) {
...................
return handleExceptionInternal(ex, error, getHeaders(), HttpStatus.BAD_REQUEST, request);
}
I was able to solve this issue by taking a reference from : How to set default value of exported as false in rest resource spring data rest.
By adding below logic, it works greatly.
#Component
public class SpringRestConfiguration extends RepositoryRestConfigurerAdapter {
#Override
public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config) {
config.setRepositoryDetectionStrategy(RepositoryDetectionStrategy.RepositoryDetectionStrategies.ANNOTATED);
config.setExposeRepositoryMethodsByDefault(false);
}
}
I've tried Spring Boot with Spring Spring Security login with AngularJS. The problem is when I post object after login, I get thrown back to the login page.
Log
2017-02-20 18:06:35.738 DEBUG 5084 --- [nio-8080-exec-1] o.h.l.Loader : Done entity load
2017-02-20 18:06:35.739 DEBUG 5084 --- [nio-8080-exec-1] o.h.e.i.TwoPhaseLoad : Done materializing entity [com.sopiyan.uptd.entities.entity.User#10af7fb8-ad10-459c-b985-ec24744d4630]
2017-02-20 18:06:35.739 DEBUG 5084 --- [nio-8080-exec-1] o.s.o.j.EntityManagerFactoryUtils : Closing JPA EntityManager
2017-02-20 18:06:35.877 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:35.877 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'authenticationAuditListener'
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'auditListener'
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.a.a.l.AuditListener : AuditEvent [timestamp=Mon Feb 20 18:06:35 ICT 2017, principal=admin#uptd.com, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null}]
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy#1144175
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] w.a.UsernamePasswordAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#77cb72a0: Principal: com.sopiyan.uptd.services.impl.CurrentUser#8b80352f: Username: admin#uptd.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ADMIN
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.s.w.a.r.TokenBasedRememberMeServices : Did not send remember-me cookie (principal did not set parameter 'remember-me')
2017-02-20 18:06:35.878 DEBUG 5084 --- [nio-8080-exec-1] o.s.s.w.a.r.TokenBasedRememberMeServices : Remember-me login not requested.
2017-02-20 18:06:35.879 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:35.879 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'authenticationAuditListener'
2017-02-20 18:06:36.036 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Creating instance of bean 'com.fasterxml.jackson.databind.ser.std.DateSerializer'
2017-02-20 18:06:36.038 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
2017-02-20 18:06:36.068 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
2017-02-20 18:06:36.068 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
2017-02-20 18:06:36.070 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Finished creating instance of bean 'com.fasterxml.jackson.databind.ser.std.DateSerializer'
2017-02-20 18:06:36.077 DEBUG 5084 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : HttpSession being created as SecurityContext is non-default
2017-02-20 18:06:36.086 DEBUG 5084 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl#77cb72a0: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#77cb72a0: Principal: com.sopiyan.uptd.services.impl.CurrentUser#8b80352f: Username: admin#uptd.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ADMIN' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade#89f3f
2017-02-20 18:06:36.086 DEBUG 5084 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-02-20 18:06:36.086 DEBUG 5084 --- [nio-8080-exec-1] o.s.b.w.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#1d44db8
2017-02-20 18:06:48.699 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.w.f.OrderedRequestContextFilter : Bound request context to thread: org.apache.catalina.connector.RequestFacade#1d44db8
2017-02-20 18:06:48.700 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.h.w.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#f54084
2017-02-20 18:06:48.701 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 4 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2017-02-20 18:06:48.702 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2017-02-20 18:06:48.702 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'GET /logout
2017-02-20 18:06:48.702 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/logout'
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'PUT /logout
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2017-02-20 18:06:48.703 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'DELETE /logout
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : No matches found
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 5 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/login'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 6 of 13 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 7 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2017-02-20 18:06:48.704 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 8 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2017-02-20 18:06:48.706 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 9 of 13 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2017-02-20 18:06:48.706 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-02-20 18:06:48.707 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.FilterChainProxy : /dashboard/kategori at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'GET /logout
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/logout'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'PUT /logout
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Request 'POST /dashboard/kategori' doesn't match 'DELETE /logout
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.OrRequestMatcher : No matches found
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/login'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/assets/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/public/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/upload/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/dashboard/**'
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /dashboard/kategori; Attributes: [hasAuthority('ADMIN')]
2017-02-20 18:06:48.708 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2017-02-20 18:06:48.724 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.a.v.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter#176f32b, returned: -1
2017-02-20 18:06:48.742 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-02-20 18:06:48.742 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'authorizationAuditListener'
2017-02-20 18:06:48.743 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.a.a.l.AuditListener : AuditEvent [timestamp=Mon Feb 20 18:06:48 ICT 2017, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null, type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]
2017-02-20 18:06:48.743 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:177)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at com.sopiyan.uptd.config.security.UptdCorsFilter.doFilterInternal(UptdCorsFilter.java:103)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:474)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
2017-02-20 18:06:48.752 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
2017-02-20 18:06:48.752 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AntPathRequestMatcher : Checking match of request : '/dashboard/kategori'; against '/**/favicon.ico'
2017-02-20 18:06:48.753 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.NegatedRequestMatcher : matches = true
2017-02-20 18:06:48.753 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager#1a6a2d0, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[application/json, text/plain, */*]
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/json
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/json = true
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.NegatedRequestMatcher : matches = false
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.u.m.AndRequestMatcher : Did not match
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.s.HttpSessionRequestCache : Request not saved as configured RequestMatcher did not match
2017-02-20 18:06:48.756 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2017-02-20 18:06:48.758 DEBUG 5084 --- [nio-8080-exec-4] o.s.s.w.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/login'
2017-02-20 18:06:48.758 DEBUG 5084 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-02-20 18:06:48.777 DEBUG 5084 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-02-20 18:06:48.778 DEBUG 5084 --- [nio-8080-exec-4] o.s.b.w.f.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#1d44db8
Security config
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/","/login", "/assets/**","/public/**","/upload/**")
.permitAll()
.antMatchers("/dashboard/**").hasAuthority("ADMIN")
.antMatchers("/secure2/**").hasAnyRole("ADMIN", "PENGRAJIN")
.anyRequest()
.authenticated()
.and()
.formLogin()
.successHandler(authenticationSuccesHandler)
.failureHandler(authenticationFailureHandler())
.usernameParameter("email")
.permitAll()
.and()
.logout()
.logoutSuccessHandler(logoutSucessHandler)
.deleteCookies("ingatsaya")
.permitAll()
.and()
.rememberMe()
.tokenValiditySeconds(31536000)
.and()
.csrf().disable();
}
Error message
XMLHttpRequest cannot load http://localhost:8080/dashboard/kategori. Redirect from 'http://localhost:8080/dashboard/kategori' to 'http://localhost:8080/login' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect
Steps
Login successful
When POST some data I get an error
As per the error: "blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect"
Assuming your browser is Chrome:
Try installing the Chrome extension of "Allow-Control-Allow-Origin". Then configure it by setting a rule at the header level "application/json;charset=utf-8" and of course the Intercepted URL parameter.
I have a small ajax request which is lead to exeption PUT http://localhost:8080/carwash/add 405 (Method Not Allowed). Can you explaim me where is a problem?
Ajax request:
$.ajax({
url: '/carwash/add',
dataType: 'json',
type: 'PUT',
success: function(data) {
this.setState({});
}.bind(this),
error: function(xhr, status, err) {
console.error('/carwash/add', status, err.toString());
}.bind(this)
})
My application is handeling by spring security which has the following configuration:
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/login", "/logout", "/resources/*").permitAll()
.antMatchers("/owner").access("hasRole('ROLE_OWNER')")
.antMatchers("/admin").access("hasRole('ROLE_ADMIN')")
.antMatchers("/carwash").access("hasRole('ROLE_OWNER')")
.and().formLogin().loginPage("/login").successHandler(authenticationSuccessHandler)
.usernameParameter("username").passwordParameter("password")
.and().exceptionHandling().accessDeniedPage("/login?error");
}
NB: user that call ajax requst has role 'ROLE_OWNER' and can reach "/owner" and "/carwash" without problem.
Also my controller which is resposible for put request:
#RequestMapping(value = "/carwash/add", method = RequestMethod.POST)
#ResponseStatus(HttpStatus.OK)
#ResponseBody
public void addCarWashPOST(){
System.out.println("inside addCarWash");
}
#RequestMapping(value = "/carwash/add", method = RequestMethod.PUT)
#ResponseStatus(HttpStatus.OK)
#ResponseBody
public void addCarWashPUT(){
System.out.println("inside addCarWash");
}
All my application is based on spring boot therefore I have also log after this PUT request:
DEBUG 12640 --- [nio-8080-exec-9] o.s.web.servlet.DispatcherServlet : Successfully completed request
DEBUG 12640 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing PUT request for [/login]
DEBUG 12640 --- [io-8080-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /login
DEBUG 12640 --- [io-8080-exec-10] .m.m.a.ExceptionHandlerExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'PUT' not supported
DEBUG 12640 --- [io-8080-exec-10] .w.s.m.a.ResponseStatusExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'PUT' not supported
DEBUG 12640 --- [io-8080-exec-10] .w.s.m.s.DefaultHandlerExceptionResolver : Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'PUT' not supported
WARN 12640 --- [io-8080-exec-10] o.s.web.servlet.PageNotFound : Request method 'PUT' not supported
DEBUG 12640 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
DEBUG 12640 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet : Successfully completed request
DEBUG 12640 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing PUT request for [/error]
DEBUG 12640 --- [io-8080-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /error
DEBUG 12640 --- [io-8080-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)]
DEBUG 12640 --- [io-8080-exec-10] o.s.web.cors.DefaultCorsProcessor : Skip CORS processing: request is from same origin
DEBUG 12640 --- [io-8080-exec-10] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Written [{timestamp=Wed Sep 14 20:17:20 CEST 2016, status=405, error=Method Not Allowed, exception=org.springframework.web.HttpRequestMethodNotSupportedException, message=Request method 'PUT' not supported, path=/carwash/add}] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter#78b6776e]
DEBUG 12640 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
DEBUG 12640 --- [io-8080-exec-10] o.s.web.servlet.DispatcherServlet : Successfully completed request
One more interesting issue, if substitute in ajax request type to POST the exeption will be different: /carwash/add parsererror SyntaxError: Unexpected token < in JSON at position 0
The log from spring boot for POST request:
DEBUG 13348 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/login]
DEBUG 13348 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /login
DEBUG 13348 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String biz.controllers.mvc.LoginController.login()]
DEBUG 13348 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/login] is: -1
DEBUG 13348 --- [nio-8080-exec-2] o.s.w.servlet.view.BeanNameViewResolver : No matching bean found for view name 'login'
DEBUG 13348 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Rendering view [org.springframework.web.servlet.view.InternalResourceView: name 'login'; URL [WEB-INF/pages/login.html]] in DispatcherServlet with name 'dispatcherServlet'
DEBUG 13348 --- [nio-8080-exec-2] o.s.w.servlet.view.InternalResourceView : Forwarding to resource [WEB-INF/pages/login.html] in InternalResourceView 'login'
DEBUG 13348 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/WEB-INF/pages/login.html]
DEBUG 13348 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /WEB-INF/pages/login.html
DEBUG 13348 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/WEB-INF/pages/login.html]
DEBUG 13348 --- [nio-8080-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/WEB-INF/pages/login.html] are [/**]
DEBUG 13348 --- [nio-8080-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/WEB-INF/pages/login.html] are {}
DEBUG 13348 --- [nio-8080-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/WEB-INF/pages/login.html] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler#1aa2d29f] and 1 interceptor
DEBUG 13348 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/WEB-INF/pages/login.html] is: -1
DEBUG 13348 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
DEBUG 13348 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Successfully completed request
DEBUG 13348 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet : Successfully completed request
and as I undestand from log, the application cannot No matching bean found for view name 'login' how ever I have a controller for #RequestMapping(value ={"/", "/login"}, method = RequestMethod.GET) and without problem can open page with link /login... What I miss ?
Controller for "/" and "/login"
#RequestMapping(value ={"/", "/login"}, method = RequestMethod.GET)
public String login() {
return "login";
}
Configuration:
#Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("WEB-INF/pages/");
resolver.setSuffix(".html");
return resolver;
}
To make an AJAX/JSON request with CSRF enabled you have to pass CSRF token as a HTTP Request Header, not a parameter or other data.
On the page, your meta tags should look like these:
<meta name="_csrf" content="${_csrf.token}"/>
<meta name="_csrf_header" content="${_csrf.headerName}"/>
Then, prepare values somewhere in the JS code:
var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
Pass the CSRF token as a header:
$.ajax({
type: "PUT",
async: false,
url: '/carwash/add',
data: [your data],
beforeSend: function(xhr) {
// here it is
xhr.setRequestHeader(header, token);
},
success: function(obj) {
// ....
},
....
You can see more here
http://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html
When I access my app via browser I get an 404 (Whitelabel Error Page).
After searching around, I think it could be a problem with my sitemesh filter.
#Bean
public FilterRegistrationBean sitemesh() throws Exception {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new MySiteMeshFilter());
return filterRegistrationBean;
}
MySitemeshFilter:
protected static class MySiteMeshFilter extends ConfigurableSiteMeshFilter {
protected void applyCustomConfiguration(SiteMeshFilterBuilder builder) {
builder.addDecoratorPath("/*", "/decorators/basic-theme.jsp");
}
}
What do you think? Thank you!
EDIT:
It could be also possible, that my Security Configuration is the problem:
#Configuration
#Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
#Autowired
private MongoTemplate mongoTemplate;
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/error").permitAll()
.antMatchers("/register*", "/login", "/lostPassword").anonymous()
.antMatchers("/admin","/admin**").hasRole("ADMIN")
.antMatchers("/user", "/user/**", "/offer/*", "/page", "/page/**").hasAnyRole("USER", "COMPANY_USER", "COMPANY_MASTER", "ADMIN")
.antMatchers("/company", "/company/**").hasAnyRole("COMPANY_USER", "COMPANY_MASTER", "ADMIN")
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").failureUrl("/login?error=true").usernameParameter("username").passwordParameter("password").loginProcessingUrl("/security_check")
.successHandler(new MyAuthenticationSuccessHandler(this.mongoTemplate));
http.logout().logoutUrl("/logout").invalidateHttpSession(true).logoutSuccessUrl("/");
}
#Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(new MyUserDetailsService(this.mongoTemplate)).passwordEncoder(new ShaPasswordEncoder(256));
}
}
EDIT 2:
The controllers are not resolved. Setting the #ComponentScan "basePackages" attribute helps. The controller-methods are now being executed. But it looks like spring boot cannot find my views(directory) to render the page.
EDIT 3:
This is a part of my logging output. Is there anything unusual? It starts with INFO log (log4j) "starting page" which I put in the method ("/") of my controller. The controller method belonging to the RequestMapping is fired, but I think spring boot cannot find the jsp.
2014-12-30 10:20:09.422 INFO 5884 --- [nio-8080-exec-3] c.l.c.controller.PublicController : starting page
2014-12-30 10:20:09.426 DEBUG 5884 --- [nio-8080-exec-3] o.s.w.s.v.ContentNegotiatingViewResolver : Requested media types are [text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8] based on Accept header types and producible media types [*/*])
2014-12-30 10:20:09.427 DEBUG 5884 --- [nio-8080-exec-3] o.s.w.servlet.view.BeanNameViewResolver : No matching bean found for view name 'home'
2014-12-30 10:20:09.427 DEBUG 5884 --- [nio-8080-exec-3] o.s.w.s.v.ContentNegotiatingViewResolver : Returning [org.springframework.web.servlet.view.JstlView: name 'home'; URL [/WEB-INF/views/home.jsp]] based on requested media type 'text/html'
2014-12-30 10:20:09.427 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Rendering view [org.springframework.web.servlet.view.JstlView: name 'home'; URL [/WEB-INF/views/home.jsp]] in DispatcherServlet with name 'dispatcherServlet'
2014-12-30 10:20:09.433 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.view.JstlView : Forwarding to resource [/WEB-INF/views/home.jsp] in InternalResourceView 'home'
2014-12-30 10:20:09.435 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/WEB-INF/views/home.jsp]
2014-12-30 10:20:09.436 DEBUG 5884 --- [nio-8080-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /WEB-INF/views/home.jsp
2014-12-30 10:20:09.446 DEBUG 5884 --- [nio-8080-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/WEB-INF/views/home.jsp]
2014-12-30 10:20:09.446 DEBUG 5884 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/WEB-INF/views/home.jsp] are [/**]
2014-12-30 10:20:09.446 DEBUG 5884 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/WEB-INF/views/home.jsp] are {}
2014-12-30 10:20:09.447 DEBUG 5884 --- [nio-8080-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/WEB-INF/views/home.jsp] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[ServletContext resource [/], class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver#727d5eda]]] and 1 interceptor
2014-12-30 10:20:09.448 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/WEB-INF/views/home.jsp] is: -1
2014-12-30 10:20:09.448 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2014-12-30 10:20:09.448 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Successfully completed request
2014-12-30 10:20:09.449 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Successfully completed request
2014-12-30 10:20:09.450 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/error]
2014-12-30 10:20:09.451 DEBUG 5884 --- [nio-8080-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /error
2014-12-30 10:20:09.452 DEBUG 5884 --- [nio-8080-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest)]
2014-12-30 10:20:09.452 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/error] is: -1
2014-12-30 10:20:09.453 DEBUG 5884 --- [nio-8080-exec-3] o.s.w.s.v.ContentNegotiatingViewResolver : Requested media types are [text/html, text/html;q=0.8] based on Accept header types and producible media types [text/html])
2014-12-30 10:20:09.453 DEBUG 5884 --- [nio-8080-exec-3] o.s.w.s.v.ContentNegotiatingViewResolver : Returning [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView#5dbc9982] based on requested media type 'text/html'
2014-12-30 10:20:09.453 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Rendering view [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView#5dbc9982] in DispatcherServlet with name 'dispatcherServlet'
2014-12-30 10:20:09.454 DEBUG 5884 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Successfully completed request
2014-12-30 10:20:09.480 DEBUG 5884 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/favicon.ico]
2014-12-30 10:20:09.481 DEBUG 5884 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : Matching patterns for request [/favicon.ico] are [/**/favicon.ico]
2014-12-30 10:20:09.481 DEBUG 5884 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : URI Template variables for request [/favicon.ico] are {}
2014-12-30 10:20:09.481 DEBUG 5884 --- [nio-8080-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapping [/favicon.ico] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/], class path resource []], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver#1742114b]]] and 1 interceptor
2014-12-30 10:20:09.481 DEBUG 5884 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/favicon.ico] is: -1
2014-12-30 10:20:09.490 DEBUG 5884 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2014-12-30 10:20:09.491 DEBUG 5884 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet : Successfully completed request
In my application.properties I added:
spring.view.prefix=/WEB-INF/views/
spring.view.suffix=.jsp
For any of you who stumbled here looking for an answer to 'o.s.w.servlet.view.BeanNameViewResolver : No matching bean found for view name 'home'', Spring has tried and failed to locate a view resolver for 'home'.
If it is pure html you want to serve, you need just return '/home.html' from your controller. Spring will look for this file under /src/main/resources/static and return a response accordingly.
For other ways to resolve views, read this excellent answer, How to map requests to HTML file in Spring MVC?