Spring Security no HttpSession currently exists - spring

I'm trying to set a Spring WebApplication in order to connect with an ADFS Server in order to accomplish a Web SSO.
The SAML request works fine but when I receive the response from the ADFS I have a redirect loop caused by an authentication problem.
Seems like that after I succesfully stored the UserDetails in Session the next request can't find an HttpSession available so an Anonymous Token is created.
I'm using the wonderful SAML Extension library (http://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/) and I've implemented The SAMLUserDetailsService in order to build the UserDetails.
In a second WebApp similar to this everything works fine.
Here my logs:
(SAMLDefaultLogger.java:127) - AuthNResponse;SUCCESS; ...
(AbstractAuthenticationProcessingFilter.java:319) - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.providers.ExpiringUsernameAuthenticationToken#aecd14bd:
(SavedRequestAwareAuthenticationSuccessHandler.java:79) - Redirecting to DefaultSavedRequest Url: ...
(DefaultRedirectStrategy.java:36) - Redirecting to ....
(HttpSessionSecurityContextRepository.java:327) - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl#aecd14bd: Authentication: org.springframework.security.providers.ExpiringUsernameAuthenticationToken#aecd14bd: ...
(SecurityContextPersistenceFilter.java:97) - SecurityContextHolder now cleared, as request processing completed
(FilterChainProxy.java:337) - / at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
(HttpSessionSecurityContextRepository.java:140) - No HttpSession currently exists
(HttpSessionSecurityContextRepository.java:91) - No SecurityContext was available from the HttpSession: null. A new one will be created.
(FilterChainProxy.java:337) - / at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
(FilterChainProxy.java:337) - / at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
(FilterChainProxy.java:337) - / at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
(FilterChainProxy.java:337) - / at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
(FilterChainProxy.java:337) - / at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
(FilterChainProxy.java:337) - / at position 7 of 12 in additional filter chain; firing Filter: 'FilterChainProxy'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/login/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/logout/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/sso/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/ssohok/**'
(AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/singlelogout/**'
(FilterChainProxy.java:180) - / has no matching filters
(FilterChainProxy.java:337) - / at position 8 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
(FilterChainProxy.java:337) - / at position 9 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
(FilterChainProxy.java:337) - / at position 10 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
(AnonymousAuthenticationFilter.java:102) - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken#6faa3d44:
(ExceptionTranslationFilter.java:165) - Access is denied (user is anonymous); redirecting to authentication entry point ...
I'm using Spring Security 3.2.5.RELEASE
Thanks in advance and sorry for my english


I solved,
the problem was related to the context path.
After a cookie was set to context path ending slash "/" the next request without this slash could not pass the cookie session.
I think this is related to this Tomcat setting (sessionCookiePathUsesTrailingSlash) and its security issue.

Related

Keycloak 400 bad request when [state] is old

I have a Spring Boot application protected by Keycloak (15.0.2).
Let's say that I have a browser with two tabs opened for the same user and that user is authenticated.
Now I logout in tab 1 and I get the Keycloak login form with the following Url:
http://localhost:8180/auth/realms/AUTOTEST_PG/protocol/openid-connect/auth?response_type=code&client_id=mcd-client&state=e01b8a88-6945-4c56-9ee1-46fb156d33be&login=true&scope=openid
Now I logout in tab 2 and I get the Keycloak login form with the following Url:
http://localhost:8180/auth/realms/AUTOTEST_PG/protocol/openid-connect/auth?response_type=code&client_id=mcd-client&state=b9607387-7a05-4226-8313-4c5c80a1b145&login=true&scope=openid
Next, I tried to login in tab 1 and I get a 400 Bad Request response.
Looking at the Spring Boot log I get the following:
14554520 2021-12-14 00:02:06,100 [ajp-nio-0.0.0.0-8009-exec-8] DEBUG sample.controller.filters.MyKeycloakAuthenticationProcessingFilter ?:? - - - - - attemptAuthentication
14554520 2021-12-14 00:02:06,100 [ajp-nio-0.0.0.0-8009-exec-8] DEBUG sample.security.RealmProvider ?:? - - - - - getRealmName - requestUri: https://10.161.54.36/sso/login?redirect_url=/sctools/&state=e01b8a88-6945-4c56-9ee1-46fb156d33be&session_state=4fe8d159-5ada-4522-a422-07c5a0ce9d15&code=c5dda8ef-0fd9-4323-9922-fa5c73b28f89.4fe8d159-5ada-4522-a422-07c5a0ce9d15.442a440e-6df0-40c7-b8cb-3a52123430a0
14554520 2021-12-14 00:02:06,100 [ajp-nio-0.0.0.0-8009-exec-8] WARN org.keycloak.adapters.OAuthRequestAuthenticator ?:? - - - - - state parameter invalid
14554520 2021-12-14 00:02:06,100 [ajp-nio-0.0.0.0-8009-exec-8] WARN org.keycloak.adapters.OAuthRequestAuthenticator ?:? - - - - - cookie: b9607387-7a05-4226-8313-4c5c80a1b145
14554520 2021-12-14 00:02:06,100 [ajp-nio-0.0.0.0-8009-exec-8] WARN org.keycloak.adapters.OAuthRequestAuthenticator ?:? - - - - - queryParam: e01b8a88-6945-4c56-9ee1-46fb156d33be
14554521 2021-12-14 00:02:06,101 [ajp-nio-0.0.0.0-8009-exec-8] DEBUG sample.controller.filters.MyKeycloakAuthenticationProcessingFilter ?:? - - - - - unsuccessfulAuthentication - committed: true
14554521 2021-12-14 00:02:06,101 [ajp-nio-0.0.0.0-8009-exec-8] DEBUG sample.security.MyKeycloakAuthenticationFailureHandler ?:? - - - - - onAuthenticationFailure org.keycloak.adapters.springsecurity.KeycloakAuthenticationException: Invalid authorization header, see WWW-Authenticate header for details
14554521 2021-12-14 00:02:06,101 [ajp-nio-0.0.0.0-8009-exec-8] DEBUG sample.security.MyKeycloakAuthenticationFailureHandler ?:? - - - - - onAuthenticationFailure - response isCommitted - Status: 400
It seems that the cookie sent and the state value doesn't match and that is the reason why I get a bad request.
How can I login from any of the tabs without getting the Bad Request ?
Note: If I go to the tab2 and login, then I get a message telling me that the user is already login.
UPDATE
When doing the same operation on the Keycloak console, if the user logout from one tab the second tab is automatically logout and the Url doesn't get an state variable it gets a challenge variable, something like:
http://10.161.54.36:8180/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=http%3A%2F%2F10.161.54.36%3A8180%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F%23%2Frealms&state=c3015df8-4c50-4454-be8d-0555f25e3bd0&response_mode=fragment&response_type=code&scope=openid&nonce=acb2a07d-c4a3-4cd3-8a7a-e23580a97d14&code_challenge=2W6-09eeD_WEwtWct3a5MojpIQJMe-9brcOH-7fbT6A&code_challenge_method=S256
How is it done ?

Spring returning 200 with no content and not hitting controller

I have a controller as
#Controller
#RequestMapping("/v2/**")
public class ReactController {
#RequestMapping(method = RequestMethod.GET)
public String reactEntry() {
return "react-entry";
}
}
When I log into the app and go through the login page, then navigate to the page that hits this URL, I get the content. However, if I go directly to the URL (it hits the login page but then forwards directly to this URL) spring returns a status code of 200 with a content length of 0 and my controller is never hit.
In debug logging, in the normal case I see:
[DEBUG] 17 Aug 2018 10:41:50,805 org.springframework.security.web.FilterChainProxy - /v2/ reached end of additional filter chain; proceeding with original chain
[TRACE] 17 Aug 2018 10:41:50,807 org.springframework.web.servlet.DispatcherServlet - Bound request context to thread: SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.context.HttpSessionSecurityContextRepository Servlet3SaveToSessionRequestWrapper#38f60506]
[DEBUG] 17 Aug 2018 10:41:50,807 org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'cem' processing GET request for [/cems/v2/]
[TRACE] 17 Aug 2018 10:41:50,807 org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping#746fb8d3] in DispatcherServlet with name 'cem'
[DEBUG] 17 Aug 2018 10:41:50,807 org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /v2/
[TRACE] 17 Aug 2018 10:41:50,842 org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Found 1 matching mapping(s) for [/v2/] : [{[/v2/**],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}]
[DEBUG] 17 Aug 2018 10:41:50,842 org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Returning handler method [public java.lang.String rest.controller.ReactController.reactEntry()]
However, when hit via the second mechanism, I get:
[DEBUG] 17 Aug 2018 10:45:32,702 org.springframework.security.web.FilterChainProxy - /v2/ reached end of additional filter chain; proceeding with original chain
[DEBUG] 17 Aug 2018 10:45:32,779 org.springframework.beans.factory.annotation.InjectionMetadata - Processing injected element of bean 'domain.User': PersistenceElement for transient javax.persistence.EntityManager rest.domain.Personnel.entityManager
Notice the time gap which suggests that second line is part of a different request.
It appears that in the second case, the request is not being mapping to the cems DispatcherServlet even though it is the same URL.

Strange logs when vaadin page opened in osgi

I have following logs when opening a vaadin page.
The strange logs stop when I close my webpage.
[qtp948395645-39] DEBUG org.eclipse.jetty.http.HttpParser - filled 447/447
[qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.Server - REQUEST / on AsyncHttpConnection#5444c658,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-5,l=48,c=0},r=11
[qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/ # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/ # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie
[qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320
[qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909
[qtp948395645-39 - /] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/ -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c
[qtp948395645-39 - /] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null
[qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.Server - RESPONSE / 200 handled=true
[qtp948395645-39] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#11dfd090{l(/10.221.137.111:56461)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#5444c658,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=0},r=11}
[qtp948395645-39] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0
[qtp948395645-36] DEBUG org.eclipse.jetty.http.HttpParser - filled 474/474
[qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.Server - REQUEST /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js on AsyncHttpConnection#5444c658,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-5,l=48,c=0},r=12
[qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie
[qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320
[qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909
[qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c
[qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null
[qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.Server - RESPONSE /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js 200 handled=true
[qtp948395645-36] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#11dfd090{l(/10.221.137.111:56461)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#5444c658,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=0},r=12}
[qtp948395645-40] DEBUG org.eclipse.jetty.http.HttpParser - filled 731/731
[qtp948395645-36] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0
[qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.Server - REQUEST / on AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=2,l=48,c=246},r=3
[qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/ # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/ # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie
[qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320
[qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909
[qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/ -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c
[qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null
[qtp948395645-40 - /?v-1443457921854] INFO com.bekaert.handling.ui.core - Rebuilding session from cookie for user 'admin'
[qtp948395645-40 - /?v-1443457921854] WARN com.bekaert.handling.ui.core.main.ErrorView - Entered in error view:
[qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.Server - RESPONSE / 200 handled=true
[qtp948395645-40] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=246},r=3}
[qtp948395645-40] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0
[qtp948395645-42] DEBUG org.eclipse.jetty.http.HttpParser - filled 695/695
[qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.Server - REQUEST /UIDL/ on AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=2,l=48,c=200},r=4
[qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/UIDL/ # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/UIDL/ # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie
[qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320
[qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909
[qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/UIDL/ -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c
[qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null
[qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.Server - RESPONSE /UIDL/ 200 handled=true
[qtp948395645-42] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=200},r=4}
[qtp948395645-42] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0
[qtp948395645-37] DEBUG org.eclipse.jetty.http.HttpParser - filled 607/607
[qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.Server - REQUEST /UIDL/ on AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=2,l=48,c=126},r=5
[qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/UIDL/ # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/UIDL/ # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie
[qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320
[qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909
[qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/UIDL/ -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c
[qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null
[qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.Server - RESPONSE /UIDL/ 200 handled=true
[qtp948395645-37] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=126},r=5}
[qtp948395645-37] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0
[DefaultQuartzScheduler_Worker-10] DEBUG com.bekaert.handling.order.location.sap.connector.impl - Start search for new SAP orders
[qtp948395645-39] DEBUG org.eclipse.jetty.http.HttpParser - filled 607/607
[qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.Server - REQUEST /UIDL/ on AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=2,l=48,c=126},r=6
[qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/UIDL/ # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/UIDL/ # o.e.j.s.ServletContextHandler{/,null}
[qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie
[qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320
[qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909
[qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/UIDL/ -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c
[qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null
[qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.Server - RESPONSE /UIDL/ 200 handled=true
[qtp948395645-39] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=126},r=6}
[qtp948395645-39] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0
[qtp948395645-36] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - ishut SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=-3},r=6}
[qtp948395645-36] DEBUG org.eclipse.jetty.http.HttpParser - filled -1/0
[qtp948395645-36] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Disabled read interest while writing response SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=6}
[qtp948395645-36] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - close SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=6}
[qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.io.nio - destroyEndPoint SCEP#61bf045{l(null)<->r(0.0.0.0/0.0.0.0:80),s=0,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=6}
[qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.server.AbstractHttpConnection - closed AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=6
[qtp948395645-37] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - ishut SCEP#5534412c{l(/10.221.137.111:56463)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#cf40a17,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0}
[qtp948395645-37] DEBUG org.eclipse.jetty.http.HttpParser - filled -1/0
[qtp948395645-37] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Disabled read interest while writing response SCEP#5534412c{l(/10.221.137.111:56463)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#cf40a17,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-37] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - close SCEP#5534412c{l(/10.221.137.111:56463)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#cf40a17,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-42] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - ishut SCEP#1dcb12a9{l(/10.221.137.111:56464)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#6a011d1d,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0}
[qtp948395645-42] DEBUG org.eclipse.jetty.http.HttpParser - filled -1/0
[qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.io.nio - destroyEndPoint SCEP#5534412c{l(null)<->r(0.0.0.0/0.0.0.0:80),s=0,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#cf40a17,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-42] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Disabled read interest while writing response SCEP#1dcb12a9{l(/10.221.137.111:56464)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#6a011d1d,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.server.AbstractHttpConnection - closed AsyncHttpConnection#cf40a17,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0
[qtp948395645-42] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - close SCEP#1dcb12a9{l(/10.221.137.111:56464)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#6a011d1d,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-42] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - ishut SCEP#6d491226{l(/10.221.137.111:56466)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#2c01d086,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0}
[qtp948395645-42] DEBUG org.eclipse.jetty.http.HttpParser - filled -1/0
[qtp948395645-42] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Disabled read interest while writing response SCEP#6d491226{l(/10.221.137.111:56466)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#2c01d086,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-42] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - close SCEP#6d491226{l(/10.221.137.111:56466)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#2c01d086,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.io.nio - destroyEndPoint SCEP#1dcb12a9{l(null)<->r(0.0.0.0/0.0.0.0:80),s=0,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#6a011d1d,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.server.AbstractHttpConnection - closed AsyncHttpConnection#6a011d1d,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0
[qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.io.nio - destroyEndPoint SCEP#6d491226{l(null)<->r(0.0.0.0/0.0.0.0:80),s=0,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#2c01d086,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.server.AbstractHttpConnection - closed AsyncHttpConnection#2c01d086,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0
[qtp948395645-37] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - ishut SCEP#387f2edf{l(/10.221.137.111:56465)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#574b3210,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0}
[qtp948395645-37] DEBUG org.eclipse.jetty.http.HttpParser - filled -1/0
[qtp948395645-37] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Disabled read interest while writing response SCEP#387f2edf{l(/10.221.137.111:56465)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#574b3210,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-37] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - close SCEP#387f2edf{l(/10.221.137.111:56465)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#574b3210,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.io.nio - destroyEndPoint SCEP#387f2edf{l(null)<->r(0.0.0.0/0.0.0.0:80),s=0,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#574b3210,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0}
[qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.server.AbstractHttpConnection - closed AsyncHttpConnection#574b3210,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0
[Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
[Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Within ClientPingTimerTask: holder.currentSetOIDs, current size of which is 2
[Timer-2] INFO org.jinterop.dcom.core.PingObject - Simple Ping going for setId: 00000: 00 00 00 05 65 74 29 12 |....et). |
[Timer-2] INFO org.jinterop -
Sending REQUEST
[Timer-2] INFO org.jinterop -
Recieved RESPONSE
[Timer-2] INFO org.jinterop.dcom.core.PingObject - Simple Ping Succeeded
[Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Within ClientPingTimerTask: holder.seqNum 1
I don't know what all this means.
Also, it doesn't happen always. If I restart my osgi program, there is a 1/2 change I have this problem.

Spring security not invoking request mapping after authorization

I have a custom login page which authenticates a user using a custom UserDetailsService bean. In the spring security DEBUG logs I see that the authentication proceeds fine and the list of granted authorities contains ROLE_USER.
As per the configuration the page should redirect to welcomePage.html which it does. But the response to welcomePage.html is the login.html page. The logs suggest that the authentication proceeded successfully.
I am using annotation driven configuration in my servlet xml file.
Why is the request handler for welcomePage.html not being invoked?
How to get the request handler to be invoked? It used to work before spring security integration. Other request handlers are also not being invoked after spring security integration.
As an aside how does spring security know that the security configuration should forward all requests to my servlet. There could be more servlets in the application. Does the login-page property of form-login consult web.xml for finding the appropriate handler? Why does it not consult web.xml and not find my request mapping for welcomePage.html then? I am using Spring MVC DispatcherServlet.
Is this related?
http://mark.koli.ch/2010/07/spring-3-and-spring-security-setting-your-own-custom-j-spring-security-check-filter-processes-url.html
Here are the spring security logs:
19:03:49,645 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/**/*.css'
19:03:49,645 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/**/*.js'
19:03:49,645 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/**/*.png'
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistence
Filter'
19:03:49,646 DEBUG HttpSessionSecurityContextRepository:158 - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.secu
rity.core.context.SecurityContextImpl#afe7c13e: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#afe7c1
3e: Principal: security.V2VUserDetails#4a97111c; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authenticati
on.WebAuthenticationDetails#1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, ROLE_USER'
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthentica
tionFilter'
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAware
RequestFilter'
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFil
ter'
19:03:49,647 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springf
ramework.security.authentication.UsernamePasswordAuthenticationToken#afe7c13e: Principal: security.V2VUserDetails#4a97111c; Credentials: [PROTECTED];
Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E
5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, ROLE_USER'
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter
'
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor
'
19:03:49,648 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/login.html*'
19:03:49,648 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/welcomepage.html*'
19:03:49,648 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /welcomePage.html; Attributes: [hasRole('ROLE_USER')]
19:03:49,649 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticatio
nToken#afe7c13e: Principal: security.V2VUserDetails#4a97111c; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web
.authentication.WebAuthenticationDetails#1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, R
OLE_USER
19:03:49,649 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter#4481f947, returned: 1
19:03:49,650 DEBUG FilterSecurityInterceptor:215 - Authorization successful
19:03:49,650 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
19:03:49,651 DEBUG FilterChainProxy:323 - /welcomePage.html reached end of additional filter chain; proceeding with original chain
19:03:49,660 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/web-inf/jsp/login.jsp'; against '/**/*.css'
19:03:49,660 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/web-inf/jsp/login.jsp'; against '/**/*.js'
19:03:49,661 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/web-inf/jsp/login.jsp'; against '/**/*.png'
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersis
tenceFilter'
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthe
nticationFilter'
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFi
lter'
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilt
er'
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolder
AwareRequestFilter'
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticati
onFilter'
19:03:49,662 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springf
ramework.security.authentication.UsernamePasswordAuthenticationToken#afe7c13e: Principal: security.V2VUserDetails#4a97111c; Credentials: [PROTECTED];
Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E
5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, ROLE_USER'
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilt
er'
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationF
ilter'
19:03:49,663 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterc
eptor'
19:03:49,663 DEBUG FilterChainProxy:323 - /WEB-INF/jsp/login.jsp reached end of additional filter chain; proceeding with original chain
19:03:49,665 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
19:03:49,665 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
19:03:49,665 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
19:03:49,915 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/jquery-ui-1.8.16.custom.css'; against '/**/*.css'
19:03:49,916 DEBUG FilterChainProxy:180 - /css/jquery-ui-1.8.16.custom.css has an empty filter list
19:03:49,915 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/css/jquery.datatables.css'; against '/**/*.css'
19:03:49,916 DEBUG FilterChainProxy:180 - /plugins/DataTables/media/css/jquery.dataTables.css has an empty filter list
19:03:49,916 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/css/jquery.datatables_themeroller.css'; against
'/**/*.css'
19:03:49,917 DEBUG FilterChainProxy:180 - /plugins/DataTables/media/css/jquery.dataTables_themeroller.css has an empty filter list
19:03:49,961 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/redmond.custom.css'; against '/**/*.css'
19:03:49,961 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/jquery-1.8.1.min.js'; against '/**/*.css'
19:03:49,961 DEBUG FilterChainProxy:180 - /css/redmond.custom/redmond.custom.css has an empty filter list
19:03:49,962 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/jquery-ui/js/jquery-ui-1.8.23.custom.min.js'; against '/**/*.css'
19:03:49,962 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/jquery-ui/js/jquery-ui-1.8.23.custom.min.js'; against '/**/*.js'
19:03:49,962 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/jquery-1.8.1.min.js'; against '/**/*.js'
19:03:49,962 DEBUG FilterChainProxy:180 - /jquery-ui/js/jquery-ui-1.8.23.custom.min.js has an empty filter list
19:03:49,963 DEBUG FilterChainProxy:180 - /js/jquery-1.8.1.min.js has an empty filter list
19:03:49,970 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.css'; against '/**/*.css'
19:03:49,971 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.css has an empty filter list
19:03:49,972 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.filter.css'; against '/**
/*.css'
19:03:49,972 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/css/tabletools.css'; against '
/**/*.css'
19:03:49,972 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.filter.css has an empty filter list
19:03:49,973 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/TableTools/media/css/TableTools.css has an empty filter list
19:03:49,973 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/css/tabletools_jui.css'; again
st '/**/*.css'
19:03:49,973 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/TableTools/media/css/TableTools_JUI.css has an empty filter list
19:03:50,018 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/colvis/media/css/colvis.css'; against '/**/*.cs
s'
19:03:50,019 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/ColVis/media/css/ColVis.css has an empty filter list
19:03:50,021 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/common.css'; against '/**/*.css'
19:03:50,021 DEBUG FilterChainProxy:180 - /css/common.css has an empty filter list
19:03:50,062 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/toppanel.css'; against '/**/*.css'
19:03:50,063 DEBUG FilterChainProxy:180 - /css/topPanel.css has an empty filter list
19:03:50,063 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/login.css'; against '/**/*.css'
19:03:50,063 DEBUG FilterChainProxy:180 - /css/login.css has an empty filter list
19:03:50,065 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/js/jquery.datatables.js'; against '/**/*.css'
19:03:50,065 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/js/jquery.datatables.js'; against '/**/*.js'
19:03:50,065 DEBUG FilterChainProxy:180 - /plugins/DataTables/media/js/jquery.dataTables.js has an empty filter list
19:03:50,066 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/js/tabletools.min.js'; against
'/**/*.css'
19:03:50,067 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/js/tabletools.min.js'; against
'/**/*.js'
19:03:50,067 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/TableTools/media/js/TableTools.min.js has an empty filter list
19:03:50,069 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/fixedcolumns/media/js/fixedcolumns.min.js'; aga
inst '/**/*.css'
19:03:50,069 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/fixedcolumns/media/js/fixedcolumns.min.js'; aga
inst '/**/*.js'
19:03:50,069 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/FixedColumns/media/js/FixedColumns.min.js has an empty filter list
19:03:50,070 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/colvis/media/js/colvis.min.js'; against '/**/*.
css'
19:03:50,070 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/colvis/media/js/colvis.min.js'; against '/**/*.
js'
19:03:50,071 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/ColVis/media/js/ColVis.min.js has an empty filter list
19:03:50,071 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/slidingmessage/jquery.slidingmessage.js'; against '/**/*.css'
19:03:50,072 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/slidingmessage/jquery.slidingmessage.js'; against '/**/*.js'
19:03:50,072 DEBUG FilterChainProxy:180 - /plugins/slidingmessage/jquery.slidingmessage.js has an empty filter list
19:03:50,073 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/barcode/jquery-barcode-2.0.2.min.js'; against '/**/*.css'
19:03:50,074 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/barcode/jquery-barcode-2.0.2.min.js'; against '/**/*.js'
19:03:50,074 DEBUG FilterChainProxy:180 - /plugins/barcode/jquery-barcode-2.0.2.min.js has an empty filter list
19:03:50,092 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/printarea/jquery.printarea.js'; against '/**/*.css'
19:03:50,093 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/printarea/jquery.printarea.js'; against '/**/*.js'
19:03:50,093 DEBUG FilterChainProxy:180 - /plugins/printarea/jquery.PrintArea.js has an empty filter list
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/common.js'; against '/**/*.css'
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnreloadajax.datatables.js'; against '/**/*.css'
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/common.js'; against '/**/*.js'
19:03:50,095 DEBUG FilterChainProxy:180 - /js/common.js has an empty filter list
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnreloadajax.datatables.js'; against '/**/*.js'
19:03:50,096 DEBUG FilterChainProxy:180 - /js/fnReloadAjax.dataTables.js has an empty filter list
19:03:50,096 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnstandingredraw.datatables.js'; against '/**/*.css'
19:03:50,097 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnstandingredraw.datatables.js'; against '/**/*.js'
19:03:50,097 DEBUG FilterChainProxy:180 - /js/fnStandingRedraw.dataTables.js has an empty filter list
19:03:50,098 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.min.js'; against '/**/*.c
ss'
19:03:50,098 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.min.js'; against '/**/*.j
s'
19:03:50,099 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.min.js has an empty filter list
19:03:50,100 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.filter.min.js'; against '
/**/*.css'
19:03:50,100 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.filter.min.js'; against '
/**/*.js'
19:03:50,100 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.filter.min.js has an empty filter list
19:03:50,102 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/toggleradio/toggleradio.js'; against '/**/*.css'
19:03:50,102 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/highlight/highlight.js'; against '/**/*.css'
19:03:50,102 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/toggleradio/toggleradio.js'; against '/**/*.js'
19:03:50,103 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/highlight/highlight.js'; against '/**/*.js'
19:03:50,103 DEBUG FilterChainProxy:180 - /plugins/toggleradio/toggleradio.js has an empty filter list
19:03:50,103 DEBUG FilterChainProxy:180 - /plugins/Highlight/highlight.js has an empty filter list
19:03:50,105 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jquery-ui-timepicker/jquery-ui-timepicker-addon.js'; against '/**
/*.css'
19:03:50,105 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jquery-ui-timepicker/jquery-ui-timepicker-addon.js'; against '/**
/*.js'
19:03:50,105 DEBUG FilterChainProxy:180 - /plugins/jquery-ui-timepicker/jquery-ui-timepicker-addon.js has an empty filter list
19:03:50,229 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-icons_6da8d5_256x240.png'; against '/**/*.cs
s'
19:03:50,229 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-icons_6da8d5_256x240.png'; against '/**/*.js
'
19:03:50,229 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png'; against '/**/
*.css'
19:03:50,230 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-icons_6da8d5_256x240.png'; against '/**/*.pn
g'
19:03:50,230 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png'; against '/**/
*.js'
19:03:50,230 DEBUG FilterChainProxy:180 - /css/redmond.custom/images/ui-icons_6da8d5_256x240.png has an empty filter list
19:03:50,230 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png'; against '/**/
*.png'
19:03:50,231 DEBUG FilterChainProxy:180 - /css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png has an empty filter list
Spring Security configuration:
<http pattern="/**/*.css" security="none" />
<http pattern="/**/*.js" security="none" />
<http pattern="/**/*.png" security="none" />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login.html*" access="isAnonymous()" />
<intercept-url pattern="/welcomePage.html*" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/**" access="isFullyAuthenticated()" />
<form-login login-page="/login.html"
default-target-url="/welcomePage.html"
authentication-failure-url="/login.html"
always-use-default-target="true" />
</http>

Found the problem
I added spring security code but forgot to remove some parts of the old code which was responsible for authentication. I had an interceptor which would check for user in the session and redirect to the login page if the user was not found.
Removed the old interceptor and now the problem is fixed.

grails - Spring Security Core Plugin - ajax call - Invalid remember-me token mismatch.

I get the below errors on the first ajax call after a remember-me login. (causes a manual login.)
Strange thing is the persistent_login record is deleted
and then it tries to find the record with the same key.
(using tomcat and latests grails version and up-to-date plugins)
*Full debug logging below : (Thank you for your help!) *
2013-01-20 13:34:14,261 [http-bio-8080-exec-3] DEBUG hibernate.SQL -
delete
from
grails_persistent_login
where
series=?
2013-01-20 13:34:14,262 [http-bio-8080-exec-3] TRACE sql.BasicBinder - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ==
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession.
2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
| Error 2013-01-20 13:34:14,274 [http-bio-8080-exec-3] ERROR [/].[default] - Servlet.service() for servlet [default] in context with path [] threw exception
Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
Line | Method
->> 1110 | runWorker in java.util.concurrent.ThreadPoolExecutor
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 603 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 722 | run . . . in java.lang.Thread
2013-01-20 13:34:14,295 [http-bio-8080-exec-7] DEBUG access.ExceptionTranslationFilter - Chain processed normally
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.HttpSessionSecurityContextRepository - HttpSession being created as SecurityContext is non-default
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] WARN context.HttpSessionSecurityContextRepository - Failed to create a session, as response has been committed. Unable to store SecurityContext.
2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/grails-errorhandler'; to: '/grails-errorhandler'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Candidate is: '/grails-errorhandler'; pattern is / **; matched=true
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - No HttpSession currently exists
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie detected
2013-01-20 13:34:14,313 [http-bio-8080-exec-3] DEBUG hibernate.SQL -
select
persistent0_.series as series23_0_,
persistent0_.last_used as last2_23_0_,
persistent0_.token as token23_0_,
persistent0_.username as username23_0_
from
grails_persistent_login persistent0_
where
persistent0_.series=?
2013-01-20 13:34:14,313 [http-bio-8080-exec-3] TRACE sql.BasicBinder - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ==
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - No persistent token found for series id: 0V7Xge3Qqb0Nged8S9BeJQ==
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie
2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG hierarchicalroles.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Authorization successful
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter'
2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/grails/error/development500.dispatch'; to: '/grails/error/development500.dispatch'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Candidate is: '/grails/error/development500.dispatch'; pattern is /**; matched=true
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter'
2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain
2013-01-20 13:34:14,690 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter - Chain processed normally
2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter - Chain processed normally
2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession.
2013-01-20 13:34:14,755 [http-bio-

From the log it seems that a user with username:anonymousUser, role:ROLE_ANONYMOUS is authenticated successfully, but rememberme.PersistentTokenBasedRememberMeServices does not support anonymousUser and it cancelled cookie creation for that user.

Resources