I'm using Spring 2.5.2 and same version of spring security.
Issue is, I login through the application and clears my browser cookies and refreshes the page application is redirected to the login page but at the back it throws following exception
DEBUG ExceptionTranslationFilter - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
at org.springframework.security.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:342)
at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:52)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
Continue till at java.lang.Thread.run(Unknown Source)
After this exception application is redirected to the login page & after entering the login credentials
I have to click my login button twice to enter into the application.
After the first click console shows
DEBUG CptLogger - com.capgent.cpt.server.services.auth.LoginAuthenticationProvider Method invoked : additionalAuthenticationChecks isAuthenticated ? :false
DEBUG XmlWebApplicationContext - Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext#1d0d124]: org.springframework.security.event.authentication.AuthenticationSuccessEvent[source=org.springframework.security.providers.UsernamePasswordAuthenticationToken#862413dc: Principal: com.capgent.cpt.server.services.auth.UserDetailsContainer#bc1ebd; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails#0: RemoteIpAddress: 127.0.0.1; SessionId: 6693D3BCE880D6339D9D149F44637952; Granted Authorities: ROLE_ADMIN]
DEBUG AuthenticationProcessingFilter - Authentication success: org.springframework.security.providers.UsernamePasswordAuthenticationToken#862413dc: Principal: com.capgent.cpt.server.services.auth.UserDetailsContainer#bc1ebd; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails#0: RemoteIpAddress: 127.0.0.1; SessionId: 6693D3BCE880D6339D9D149F44637952; Granted Authorities: ROLE_ADMIN
DEBUG AuthenticationProcessingFilter - Updated SecurityContextHolder to contain the following Authentication: 'org.springframework.security.providers.UsernamePasswordAuthenticationToken#862413dc: Principal: com.capgent.cpt.server.services.auth.UserDetailsContainer#bc1ebd; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails#0: RemoteIpAddress: 127.0.0.1; SessionId: 6693D3BCE880D6339D9D149F44637952; Granted Authorities: ROLE_ADMIN'
DEBUG SessionUtils - Invalidating session with Id '6693D3BCE880D6339D9D149F44637952' and migrating attributes.
DEBUG SessionUtils - Started new session: E772A0D1441C079B2ACD3698F68AF63C
DEBUG AuthenticationProcessingFilter - Redirecting to target URL from HTTP Session (or default): http://localhost:8090/resources/com.capgent.cpt.Main/Main.jsp
DEBUG omTokenBasedRemembermeServices - Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me')
DEBUG omTokenBasedRemembermeServices - Remember-me login not requested.
DEBUG XmlWebApplicationContext - Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext#1d0d124]: org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent[source=org.springframework.security.providers.UsernamePasswordAuthenticationToken#862413dc: Principal: com.capgent.cpt.server.services.auth.UserDetailsContainer#bc1ebd; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails#0: RemoteIpAddress: 127.0.0.1; SessionId: 6693D3BCE880D6339D9D149F44637952; Granted Authorities: ROLE_ADMIN]
DEBUG essionContextIntegrationFilter - SecurityContext stored to HttpSession: 'org.springframework.security.context.SecurityContextImpl#862413dc: Authentication: org.springframework.security.providers.UsernamePasswordAuthenticationToken#862413dc: Principal: com.capgent.cpt.server.services.auth.UserDetailsContainer#bc1ebd; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails#0: RemoteIpAddress: 127.0.0.1; SessionId: 6693D3BCE880D6339D9D149F44637952; Granted Authorities: ROLE_ADMIN'
DEBUG essionContextIntegrationFilter - SecurityContextHolder now cleared, as request processing completed
DEBUG RequestContextFilter - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade#1d03700
DEBUG nsactionSynchronizationManager - Removed value [org.springframework.orm.hibernate3.SessionHolder#1c9dea3] for key [org.hibernate.impl.SessionFactoryImpl#42c282] from thread [http-8090-Processor25]
DEBUG OpenSessionInViewFilter - Closing single Hibernate Session in OpenSessionInViewFilter
DEBUG SessionFactoryUtils - Closing Hibernate Session
DEBUG ConnectionManager - releasing JDBC connection [ (open PreparedStatements: 0, globally: 0) (open ResultSets: 0, globally: 0)]
DEBUG ConnectionManager - transaction completed on session with on_close connection release mode; be sure to close the session to release JDBC resources!
DEBUG OpenSessionInViewFilter - Using SessionFactory 'cptSessionFactory' for OpenSessionInViewFilter
DEBUG DefaultListableBeanFactory - Returning cached instance of singleton bean 'cptSessionFactory'
DEBUG OpenSessionInViewFilter - Opening single Hibernate Session in OpenSessionInViewFilter
DEBUG SessionFactoryUtils - Opening Hibernate Session
DEBUG SessionImpl - opened session at timestamp: 13938439638
DEBUG nsactionSynchronizationManager - Bound value [org.springframework.orm.hibernate3.SessionHolder#862557] for key [org.hibernate.impl.SessionFactoryImpl#42c282] to thread [http-8090-Processor25]
DEBUG RequestContextFilter - Bound request context to thread: org.apache.catalina.connector.RequestFacade#1d03700
DEBUG FilterChainProxy - Converted URL to lowercase, from: '/com.capgent.cpt.main/main.jsp'; to: '/com.capgent.cpt.main/main.jsp'
DEBUG FilterChainProxy - Candidate is: '/com.capgent.cpt.main/main.jsp'; pattern is /ssoerror.html*; matched=false
DEBUG FilterChainProxy - Converted URL to lowercase, from: '/com.capgent.cpt.main/main.jsp'; to: '/com.capgent.cpt.main/main.jsp'
DEBUG FilterChainProxy - Candidate is: '/com.capgent.cpt.main/main.jsp'; pattern is /; matched=true
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp at position 1 of 10 in additional filter chain; firing Filter: 'org.springframework.security.context.HttpSessionContextIntegrationFilter[ order=200; ]'
DEBUG essionContextIntegrationFilter - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT to associate with SecurityContextHolder: 'org.springframework.security.context.SecurityContextImpl#862413dc: Authentication: org.springframework.security.providers.UsernamePasswordAuthenticationToken#862413dc: Principal: com.capgent.cpt.server.services.auth.UserDetailsContainer#bc1ebd; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails#0: RemoteIpAddress: 127.0.0.1; SessionId: 6693D3BCE880D6339D9D149F44637952; Granted Authorities: ROLE_ADMIN'
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp at position 2 of 10 in additional filter chain; firing Filter: 'com.capgent.cpt.server.services.auth.CantrexSsoProcessingFilter[ order=600; ]'
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp at position 3 of 10 in additional filter chain; firing Filter: 'com.capgent.cpt.server.services.auth.DnbiSsoProcessingFilter[ order=600; ]'
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp at position 4 of 10 in additional filter chain; firing Filter: 'com.capgent.cpt.server.services.auth.OpenIdAuthenticationProcessingFilter[ order=800; ]'
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp at position 5 of 10 in additional filter chain; firing Filter: 'org.springframework.security.ui.webapp.AuthenticationProcessingFilter[ order=700; ]'
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp at position 6 of 10 in additional filter chain; firing Filter: 'org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter[ order=1100; ]'
DEBUG SavedRequest - pathInfo: both null (property equals)
DEBUG SavedRequest - queryString: both null (property equals)
DEBUG SavedRequest - requestURI: arg1=/resources/com.capgent.cpt.Main/Main.jsp; arg2=/resources/com.capgent.cpt.Main/Main.jsp (property equals)
DEBUG SavedRequest - serverPort: arg1=8090; arg2=8090 (property equals)
DEBUG SavedRequest - requestURL: arg1=http://localhost:8090/resources/com.capgent.cpt.Main/Main.jsp; arg2=http://localhost:8090/resources/com.capgent.cpt.Main/Main.jsp (property equals)
DEBUG SavedRequest - scheme: arg1=http; arg2=http (property equals)
DEBUG SavedRequest - serverName: arg1=localhost; arg2=localhost (property equals)
DEBUG SavedRequest - contextPath: arg1=/resources; arg2=/resources (property equals)
DEBUG SavedRequest - servletPath: arg1=/com.capgent.cpt.Main/Main.jsp; arg2=/com.capgent.cpt.Main/Main.jsp (property equals)
DEBUG SavedRequestAwareWrapper - Wrapper replaced; SavedRequest was: SavedRequest[http://localhost:8090/resources/com.capgent.cpt.Main/Main.jsp]
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp at position 7 of 10 in additional filter chain; firing Filter: 'org.springframework.security.ui.rememberme.RememberMeProcessingFilter[ order=1200; ]'
DEBUG RememberMeProcessingFilter - SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.providers.UsernamePasswordAuthenticationToken#862413dc: Principal: com.capgent.cpt.server.services.auth.UserDetailsContainer#bc1ebd; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails#0: RemoteIpAddress: 127.0.0.1; SessionId: 6693D3BCE880D6339D9D149F44637952; Granted Authorities: ROLE_ADMIN'
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp at position 8 of 10 in additional filter chain; firing Filter: 'org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]'
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp at position 9 of 10 in additional filter chain; firing Filter: 'org.springframework.security.ui.SessionFixationProtectionFilter[ order=1600; ]'
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp at position 10 of 10 in additional filter chain; firing Filter: 'org.springframework.security.intercept.web.FilterSecurityInterceptor#11ca33b'
DEBUG lterInvocationDefinitionSource - Converted URL to lowercase, from: '/com.capgent.cpt.main/main.jsp'; to: '/com.capgent.cpt.main/main.jsp'
DEBUG lterInvocationDefinitionSource - Candidate is: '/com.capgent.cpt.main/main.jsp'; pattern is //*main.jsp; matched=true
DEBUG AbstractSecurityInterceptor - Secure object: FilterInvocation: URL: /com.capgent.cpt.Main/Main.jsp; ConfigAttributes: [ROLE_ADMIN]
DEBUG AbstractSecurityInterceptor - Previously Authenticated: org.springframework.security.providers.UsernamePasswordAuthenticationToken#862413dc: Principal: com.capgent.cpt.server.services.auth.UserDetailsContainer#bc1ebd; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails#0: RemoteIpAddress: 127.0.0.1; SessionId: 6693D3BCE880D6339D9D149F44637952; Granted Authorities: ROLE_ADMIN
DEBUG AbstractSecurityInterceptor - Authorization successful
DEBUG XmlWebApplicationContext - Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext#1d0d124]: org.springframework.security.event.authorization.AuthorizedEvent[source=FilterInvocation: URL: /com.capgent.cpt.Main/Main.jsp]
DEBUG AbstractSecurityInterceptor - RunAsManager did not change Authentication object
DEBUG FilterChainProxy - /com.capgent.cpt.Main/Main.jsp reached end of additional filter chain; proceeding with original chain
DEBUG JspServlet - JspEngine --> /com.capgent.cpt.Main/Main.jsp
DEBUG JspServlet - ServletPath: /com.capgent.cpt.Main/Main.jsp
DEBUG JspServlet - PathInfo: null
DEBUG JspServlet - RealPath: D:\springworkspace.metadata.plugins\org.eclipse.wst.server.core\tmp3\wtpwebapps\capgentspring\com.capgent.cpt.Main\Main.jsp
DEBUG JspServlet - RequestURI: /resources/com.capgent.cpt.Main/Main.jsp
DEBUG JspServlet - QueryString: null
"Issue is, I login through the application and clears my browser cookies and refreshes the page application is redirected to the login page"
Yes.It is the Normal behavior. Because a new session will be started from there since the old session was invalidated/closed.
"but at the back it throws following exception"
Yes.It will, because it tries to revalidate the user info/session when you refresh the page.Since you have already cleared the cookies, it will fail.
Setting the <form-login login-page="/Login.jsp" authentication-failure-url="/LoginHandler.jsp" always-use-default-target="true" default-target-url="/LoginHandler.jsp"/>
has solved my issue earlier the value was alway-use-default-target="false"
Related
I have converted an app to use spring and spring security I am using version 5.2. When I try and login my CustomAuthProvider doesn't get called. It does hit the security endpoint 'login' in the jsp and has an anonymous role. Below are the relevant configs.
#ComponentScan(basePackages = {"com.example"})
#Import({com.example.Configuration.class, WebSecurityConfig.class})
public class AppConfig {
servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy("springSecurityFilterChain"))
.addMappingForUrlPatterns(null, false, "/mvc/*");
Register the DelegatingFilterProxy
public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
The WebSecurity class
#Configuration
#EnableWebSecurity(debug = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Autowired
private CustomAuthenticationProvider customAuthenticationProvider;
#Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthenticationProvider)
.userDetailsService(new UserDetails());
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and().
authorizeRequests(a ->
a.antMatchers(
"/resources/js/**",
"/resources/scripts/**",
"/login",
"/resources/styles/**",
"/resources/images/**",
"/resources/loginPage.jsp",
"/resources/forgotUserName.jsp",
"/resources/forgotPassword.jsp",
"/mvc/jsonInitialResponse/**")
.permitAll()
.antMatchers(
"/resources/resetPassword.jsp",
"/mvc/jsonResponse/**",
"/mvc/download/**",
"/resources/**"
).authenticated())
.formLogin()
.loginPage("/resources/loginPage.jsp")
.successHandler(new CustomeAuthenticationSuccessHandler())
.failureUrl("/resources/loginPage.jsp?error=true")
.and().anonymous()
.and()
.logout()
.logoutSuccessUrl("/resources/loginPage.jsp")
.permitAll()
.and()
.csrf().disable().cors().disable();
}
}
#Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
#Override
public Authentication authenticate(final Authentication authentication) {......}
#Override
public boolean supports(Class<?> authentication) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
Any thoughts on what I may be missing? The CustomAuthenticationProvider isn't being called and either is the supports() method.
2020-10-06 12:26:29 DEBUG DefaultSavedRequest:359 - pathInfo: both null (property equals)
2020-10-06 12:26:29 DEBUG DefaultSavedRequest:359 - queryString: both null (property equals)
2020-10-06 12:26:29 DEBUG DefaultSavedRequest:383 - requestURI: arg1=/reinsurance-service-ui-war/resources/login; arg2=/reinsurance-service-ui-war/resources/images/icn-lock.png (property not equals)
2020-10-06 12:26:29 DEBUG HttpSessionRequestCache:95 - saved request doesn't match
2020-10-06 12:26:29 DEBUG FilterChainProxy:328 - /resources/images/icn-lock.png at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2020-10-06 12:26:29 DEBUG FilterChainProxy:328 - /resources/images/icn-lock.png at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2020-10-06 12:26:29 DEBUG AnonymousAuthenticationFilter:100 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken#418e8a7d: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 4503EBEA550D56CD4AF5506BC88E7576; Granted Authorities: ROLE_ANONYMOUS'
2020-10-06 12:26:29 DEBUG FilterChainProxy:328 - /resources/images/icn-lock.png at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2020-10-06 12:26:29 DEBUG FilterChainProxy:328 - /resources/images/icn-lock.png at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2020-10-06 12:26:29 DEBUG FilterChainProxy:328 - /resources/images/icn-lock.png at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2020-10-06 12:26:29 DEBUG AntPathRequestMatcher:177 - Checking match of request : '/resources/images/icn-lock.png'; against '/resources/js/**'
2020-10-06 12:26:29 DEBUG AntPathRequestMatcher:177 - Checking match of request : '/resources/images/icn-lock.png'; against '/resources/scripts/**'
2020-10-06 12:26:29 DEBUG AntPathRequestMatcher:177 - Checking match of request : '/resources/images/icn-lock.png'; against '/resources/styles/**'
2020-10-06 12:26:29 DEBUG AntPathRequestMatcher:177 - Checking match of request : '/resources/images/icn-lock.png'; against '/resources/images/**'
2020-10-06 12:26:29 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /resources/images/icn-lock.png; Attributes: [anonymous]
2020-10-06 12:26:29 DEBUG FilterChainProxy:313 - /resources/images/icn-pencil.png reached end of additional filter chain; proceeding with original chain
2020-10-06 12:26:29 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken#418e8a7d: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 4503EBEA550D56CD4AF5506BC88E7576; Granted Authorities: ROLE_ANONYMOUS
2020-10-06 12:26:29 DEBUG HstsHeaderWriter:169 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#51ca55f0
2020-10-06 12:26:29 DEBUG HttpSessionSecurityContextRepository:351 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2020-10-06 12:26:29 DEBUG ExceptionTranslationFilter:120 - Chain processed normally
2020-10-06 12:26:29 DEBUG SecurityContextPersistenceFilter:119 - SecurityContextHolder now cleared, as request processing completed
2020-10-06 12:26:29 DEBUG AffirmativeBased:66 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter#3fe8aa9d, returned: 1
2020-10-06 12:26:29 DEBUG FilterSecurityInterceptor:243 - Authorization successful
2020-10-06 12:26:29 DEBUG FilterSecurityInterceptor:256 - RunAsManager did not change Authentication object
2020-10-06 12:26:29 DEBUG FilterChainProxy:313 - /resources/images/icn-lock.png reached end of additional filter chain; proceeding with original chain
2020-10-06 12:26:29 DEBUG HstsHeaderWriter:169 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#51ca55f0
2020-10-06 12:26:29 DEBUG HttpSessionSecurityContextRepository:351 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2020-10-06 12:26:29 DEBUG ExceptionTranslationFilter:120 - Chain processed normally
2020-10-06 12:26:29 DEBUG SecurityContextPersistenceFilter:119 - SecurityContextHolder now cleared, as request processing completed```
I have a ResourceServer defined which is currently validating an AccessToken using a public key. This is working as expected.
I would like to retain the sensitivity behavior of the Actuator endpoints and use OAuth for the Sensitive endpoints.
The default behavior in Spring boot is using some form of Basic Auth to secure the Actuator endpoints. How can I switch to OAuth for the Sensitive Endpoints?
Things I have tried:
management.security.enabled=false (disables all form of security to all the Actuator endpoints)
security.basic.enabled=false (doesn't seem to do anything at all afaik)
How do I go about achieving the desired behavior?
Edit-1: Adding the configuration of the ResourceServer
#Configuration
#EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
}
# OAuth2 Resource Configuration
security.oauth2.resource.filter-order=3
security.oauth2.resource.jwt.key-value=-----BEGIN PUBLIC KEY----- \
ABCD|\
-----END PUBLIC KEY-----
Edit-2: Logs with management.security.enabled=false
2018-04-04 09:38:52,428 [restartedMain ] INFO o.s.s.w.DefaultSecurityFilterChain.<init>(ln:43) - Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/css/**'], Ant [pattern='/js/**'], Ant [pattern='/images/**'], Ant [pattern='/webjars/**'], Ant [pattern='/**/favicon.ico'], Ant [pattern='/error']]], []
2018-04-04 09:38:52,428 [restartedMain ] INFO o.s.s.w.DefaultSecurityFilterChain.<init>(ln:43) - Creating filter chain: org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration$LazyEndpointPathRequestMatcher#cba0b40, []
2018-04-04 09:38:52,517 [restartedMain ] DEBUG o.s.s.w.a.e.ExpressionBasedFilterInvocationSecurityMetadataSource.processMap(ln:74) - Adding web access control expression 'hasAnyRole('ROLE_USER','ROLE_ACTUATOR')', for org.springframework.security.web.util.matcher.AnyRequestMatcher#1
2018-04-04 09:38:52,527 [restartedMain ] DEBUG o.s.s.a.i.AbstractSecurityInterceptor.afterPropertiesSet(ln:180) - Validated configuration attributes
2018-04-04 09:38:52,528 [restartedMain ] DEBUG o.s.s.a.i.AbstractSecurityInterceptor.afterPropertiesSet(ln:180) - Validated configuration attributes
2018-04-04 09:38:52,537 [restartedMain ] INFO o.s.s.w.DefaultSecurityFilterChain.<init>(ln:43) - Creating filter chain: Ant [pattern='/h2-console/**'], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#2f0907e7, org.springframework.security.web.context.SecurityContextPersistenceFilter#7d0c8fcd, org.springframework.security.web.header.HeaderWriterFilter#1deb6ece, org.springframework.security.web.authentication.logout.LogoutFilter#54ae565a, org.springframework.security.web.authentication.www.BasicAuthenticationFilter#101e66ff, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#48870c1e, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#2c3aa8cc, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#43db62cc, org.springframework.security.web.session.SessionManagementFilter#1c417a06, org.springframework.security.web.access.ExceptionTranslationFilter#6af61e6, org.springframework.security.web.access.intercept.FilterSecurityInterceptor#e2595cc]
2018-04-04 09:38:52,559 [restartedMain ] DEBUG o.s.s.w.a.e.ExpressionBasedFilterInvocationSecurityMetadataSource.processMap(ln:74) - Adding web access control expression 'authenticated', for org.springframework.security.web.util.matcher.AnyRequestMatcher#1
2018-04-04 09:38:52,560 [restartedMain ] DEBUG o.s.s.a.i.AbstractSecurityInterceptor.afterPropertiesSet(ln:180) - Validated configuration attributes
2018-04-04 09:38:52,560 [restartedMain ] DEBUG o.s.s.a.i.AbstractSecurityInterceptor.afterPropertiesSet(ln:180) - Validated configuration attributes
2018-04-04 09:38:52,561 [restartedMain ] INFO o.s.s.w.DefaultSecurityFilterChain.<init>(ln:43) - Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher#1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#71c85f60, org.springframework.security.web.context.SecurityContextPersistenceFilter#3867025d, org.springframework.security.web.header.HeaderWriterFilter#1fe578f, org.springframework.security.web.authentication.logout.LogoutFilter#6bcc7bbf, org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter#52f4e578, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#2a57cae0, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#5966b20a, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#10e17172, org.springframework.security.web.session.SessionManagementFilter#440ed2d3, org.springframework.security.web.access.ExceptionTranslationFilter#76cc8ddc, org.springframework.security.web.access.intercept.FilterSecurityInterceptor#72a6a42e]
2018-04-04 09:38:52,565 [restartedMain ] DEBUG o.s.s.w.a.e.ExpressionBasedFilterInvocationSecurityMetadataSource.processMap(ln:74) - Adding web access control expression 'hasAnyRole('ROLE_USER','ROLE_ACTUATOR')', for org.springframework.security.web.util.matcher.AnyRequestMatcher#1
2018-04-04 09:38:52,566 [restartedMain ] DEBUG o.s.s.a.i.AbstractSecurityInterceptor.afterPropertiesSet(ln:180) - Validated configuration attributes
2018-04-04 09:38:52,566 [restartedMain ] DEBUG o.s.s.a.i.AbstractSecurityInterceptor.afterPropertiesSet(ln:180) - Validated configuration attributes
2018-04-04 09:38:52,567 [restartedMain ] INFO o.s.s.w.DefaultSecurityFilterChain.<init>(ln:43) - Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/**']]], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter#3b9584b5, org.springframework.security.web.context.SecurityContextPersistenceFilter#2181d916, org.springframework.security.web.header.HeaderWriterFilter#5ed5886a, org.springframework.security.web.authentication.logout.LogoutFilter#74909e09, org.springframework.security.web.authentication.www.BasicAuthenticationFilter#5b76b0e4, org.springframework.security.web.savedrequest.RequestCacheAwareFilter#7c129fed, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter#ef6dedd, org.springframework.security.web.authentication.AnonymousAuthenticationFilter#6c8179fb, org.springframework.security.web.session.SessionManagementFilter#4d36e557, org.springframework.security.web.access.ExceptionTranslationFilter#1868a4d7, org.springframework.security.web.access.intercept.FilterSecurityInterceptor#15c448ac]
2018-04-04 09:39:53,545 [nio-8080-exec-1] DEBUG o.s.s.w.u.m.OrRequestMatcher.matches(ln:65) - Trying to match using Ant [pattern='/metrics']
2018-04-04 09:39:53,545 [nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher.matches(ln:157) - Checking match of request : '/metrics'; against '/metrics'
2018-04-04 09:39:53,545 [nio-8080-exec-1] DEBUG o.s.s.w.u.m.OrRequestMatcher.matches(ln:68) - matched
2018-04-04 09:39:53,545 [nio-8080-exec-1] DEBUG o.s.s.w.FilterChainProxy.doFilterInternal(ln:201) - /metrics has an empty filter list
2018-04-04 09:41:57,195 [nio-8080-exec-5] DEBUG o.s.s.w.FilterChainProxy$VirtualFilterChain.doFilter(ln:325) - /customers at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
2018-04-04 09:41:57,196 [nio-8080-exec-5] DEBUG o.s.s.o.p.a.BearerTokenExtractor.extractToken(ln:54) - Token not found in headers. Trying request parameters.
2018-04-04 09:41:57,196 [nio-8080-exec-5] DEBUG o.s.s.o.p.a.BearerTokenExtractor.extractToken(ln:57) - Token not found in request parameters. Not an OAuth2 request.
2018-04-04 09:41:57,196 [nio-8080-exec-5] DEBUG o.s.s.o.p.a.OAuth2AuthenticationProcessingFilter.doFilter(ln:141) - No token in request, will continue chain.
2018-04-04 09:41:57,196 [nio-8080-exec-5] DEBUG o.s.s.w.FilterChainProxy$VirtualFilterChain.doFilter(ln:325) - /customers at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2018-04-04 09:41:57,196 [nio-8080-exec-5] DEBUG o.s.s.w.FilterChainProxy$VirtualFilterChain.doFilter(ln:325) - /customers at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2018-04-04 09:41:57,198 [nio-8080-exec-5] DEBUG o.s.s.w.FilterChainProxy$VirtualFilterChain.doFilter(ln:325) - /customers at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2018-04-04 09:41:57,198 [nio-8080-exec-5] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter.doFilter(ln:100) - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2018-04-04 09:41:57,199 [nio-8080-exec-5] DEBUG o.s.s.w.FilterChainProxy$VirtualFilterChain.doFilter(ln:325) - /customers at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2018-04-04 09:41:57,199 [nio-8080-exec-5] DEBUG o.s.s.w.s.SessionManagementFilter.doFilter(ln:124) - Requested session ID A2BB697A35FC287599CE86AA715115CA is invalid.
2018-04-04 09:41:57,199 [nio-8080-exec-5] DEBUG o.s.s.w.FilterChainProxy$VirtualFilterChain.doFilter(ln:325) - /customers at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2018-04-04 09:41:57,199 [nio-8080-exec-5] DEBUG o.s.s.w.FilterChainProxy$VirtualFilterChain.doFilter(ln:325) - /customers at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2018-04-04 09:41:57,200 [nio-8080-exec-5] DEBUG o.s.s.a.i.AbstractSecurityInterceptor.beforeInvocation(ln:219) - Secure object: FilterInvocation: URL: /customers; Attributes: [#oauth2.throwOnError(authenticated)]
2018-04-04 09:41:57,200 [nio-8080-exec-5] DEBUG o.s.s.a.i.AbstractSecurityInterceptor.authenticateIfRequired(ln:348) - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2018-04-04 09:41:57,205 [nio-8080-exec-5] DEBUG o.s.s.a.v.AffirmativeBased.decide(ln:66) - Voter: org.springframework.security.web.access.expression.WebExpressionVoter#794e8437, returned: -1
2018-04-04 09:41:57,207 [nio-8080-exec-5] DEBUG o.s.s.w.a.ExceptionTranslationFilter.handleSpringSecurityException(ln:173) - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
The brute force way is to just explicitly secure your actuator endpoints in your WebSecurityConfigurerAdapter. Something like this should do it:
#Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.and()
.httpBasic().disable()
.anonymous().disable()
.authorizeRequests().anyRequest().authenticated();
}
Have a look at this tutorial. Following on from that, you should be able to secure any endpoint with an appropriate matcher in the configuration.
Spring's DispatcherServlet servlet sometimes calls GET request instead of POST request. It has to call POST method all the time as per JSP form method="post".
(DispatcherServlet.java:823) - DispatcherServlet with name 'springmvc' processing GET request for [/change.do]
All the configurations are correct. I checked and searched online. There is no correct answer for this.
I am using:
<spring.version>3.2.3.RELEASE</spring.version>
<spring.security.version>3.1.4.RELEASE</spring.security.version>
I am using lots of Spring filters and Tomcat 6.0.
<security:custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
Why Spring's DispatcherServlet servlet calls GET method instead of POST method occasionally? 90% of time it calls POST which is correct but 10% time it calls GET method for any of the forms which has method="post".
Tomcat debug log:
2017-01-27 11:30:08,811 [TP-Processor19] DEBUG (AntPathRequestMatcher.java:116) - Checking match of request : '/change.do'; against '/*.do'
2017-01-27 11:30:08,812 [TP-Processor19] DEBUG (AbstractSecurityInterceptor.java:194) - Secure object: FilterInvocation: URL: /change.do; Attributes: [IS_AUTHENTICATED_REMEMBERED]
2017-01-27 11:30:08,814 [TP-Processor19] DEBUG (AbstractSecurityInterceptor.java:310) - Previously Authenticated: org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken#a24fd89f: Principal: ...#fdf65be0: Username: ABS; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#59b2: RemoteIpAddress: 10.4.89.65; SessionId: null; Granted Authorities: Admin
2017-01-27 11:30:08,815 [TP-Processor19] DEBUG (AffirmativeBased.java:65) - Voter: org.springframework.security.access.vote.RoleVoter#4c019ea6, returned: 0
2017-01-27 11:30:08,817 [TP-Processor19] DEBUG (AffirmativeBased.java:65) - Voter: org.springframework.security.access.vote.AuthenticatedVoter#7e56cb45, returned: 1
2017-01-27 11:30:08,818 [TP-Processor19] DEBUG (AbstractSecurityInterceptor.java:215) - Authorization successful
2017-01-27 11:30:08,820 [TP-Processor19] DEBUG (AbstractSecurityInterceptor.java:227) - RunAsManager did not change Authentication object
2017-01-27 11:30:08,821 [TP-Processor19] DEBUG (FilterChainProxy.java:323) - /change.do reached end of additional filter chain; proceeding with original chain
2017-01-27 11:30:08,823 [TP-Processor19] DEBUG (DispatcherServlet.java:823) - DispatcherServlet with name 'springmvc' **processing GET request** for [/change.do]
I develop webapp using Spring 4, Hibernate 4 and JSF 2.2. I'm trying to use OpenSessionInViewFilter to avoid LazyInitializationException but I fail. I have class Consultant with such field:
#OneToMany(fetch = FetchType.LAZY, mappedBy = "consultant")
private List<Product> products;
Now in other class where I have my Consultant object and I'm trying to get products using above field:
List<Product> products = consultant.getProducts();
Then LazyInitializationException is thrown. It's my log (I can't see any suspect things there):
Using SessionFactory 'sessionFactory' for OpenSessionInViewFilter
Returning cached instance of singleton bean 'sessionFactory'
Opening Hibernate Session in OpenSessionInViewFilter
/consultant/products.xhtml at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl#f8b7e57f: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#f8b7e57f: Principal: User{userId=1, username=doradca#doradca.pl, password=$2a$10$ALqnZKxx9anO/4XnBjtt1Ocm4GC1KDfrAlIz/iV66RWANklk31WqW, authorities=[Authority{role=CONSULTANT}], accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=true, enabled=true}; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 9ED9D61F10507CAF3B77109D465B9AD6; Granted Authorities: Authority{role=CONSULTANT}'
/consultant/products.xhtml at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
/consultant/products.xhtml at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
/consultant/products.xhtml at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
/consultant/products.xhtml at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
/consultant/products.xhtml at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
pathInfo: both null (property equals)
queryString: both null (property equals)
requestURI: arg1=/EuroBroker/consultant/products.xhtml; arg2=/EuroBroker/consultant/products.xhtml (property equals)
serverPort: arg1=8080; arg2=8080 (property equals)
requestURL: arg1=http://localhost:8080/EuroBroker/consultant/products.xhtml; arg2=http://localhost:8080/EuroBroker/consultant/products.xhtml (property equals)
scheme: arg1=http; arg2=http (property equals)
serverName: arg1=localhost; arg2=localhost (property equals)
contextPath: arg1=/EuroBroker; arg2=/EuroBroker (property equals)
servletPath: arg1=/consultant/products.xhtml; arg2=/consultant/products.xhtml (property equals)
Removing DefaultSavedRequest from session if present
/consultant/products.xhtml at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
/consultant/products.xhtml at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken#f8b7e57f: Principal: User{userId=1, username=doradca#doradca.pl, password=$2a$10$ALqnZKxx9anO/4XnBjtt1Ocm4GC1KDfrAlIz/iV66RWANklk31WqW, authorities=[Authority{role=CONSULTANT}], accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=true, enabled=true}; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 9ED9D61F10507CAF3B77109D465B9AD6; Granted Authorities: Authority{role=CONSULTANT}'
/consultant/products.xhtml at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
/consultant/products.xhtml at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
/consultant/products.xhtml at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
Checking match of request : '/consultant/products.xhtml'; against '/consultant/**'
Secure object: FilterInvocation: URL: /consultant/products.xhtml; Attributes: [hasRole('CONSULTANT')]
Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#f8b7e57f: Principal: User{userId=1, username=doradca#doradca.pl, password=$2a$10$ALqnZKxx9anO/4XnBjtt1Ocm4GC1KDfrAlIz/iV66RWANklk31WqW, authorities=[Authority{role=CONSULTANT}], accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=true, enabled=true}; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 9ED9D61F10507CAF3B77109D465B9AD6; Granted Authorities: Authority{role=CONSULTANT}
Voter: org.springframework.security.web.access.expression.WebExpressionVoter#16ed6204, returned: 1
Authorization successful
RunAsManager did not change Authentication object
/consultant/products.xhtml reached end of additional filter chain; proceeding with original chain
Entering JSF Phase: RESTORE_VIEW 1
Entering JSF Phase: RENDER_RESPONSE 6
Returning cached instance of singleton bean 'org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler#0'
Returning cached instance of singleton bean 'org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler#0'
Returning cached instance of singleton bean 'org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler#0'
Returning cached instance of singleton bean 'accountManager'
Returning cached instance of singleton bean 'insuranceService'
Returning cached instance of singleton bean 'insuranceService'
Chain processed normally
SecurityContextHolder now cleared, as request processing completed
Closing Hibernate Session in OpenSessionInViewFilter
com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector#373d727a -- Running DeadlockDetector[Exiting. No pending tasks.]
Returning cached instance of singleton bean 'transactionManager'
Creating new transaction with name [com.efsf.eurobroker.user.logic.TokenCleanerCron.deleteOldTokens]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; ''
Opened new Session [SessionImpl(PersistenceContext[entityKeys=[],collectionKeys=[]];ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[] collectionRemovals=[] collectionUpdates=[] unresolvedInsertDependencies=UnresolvedEntityInsertActions[]])] for Hibernate transaction
Preparing JDBC Connection of Hibernate Session [SessionImpl(PersistenceContext[entityKeys=[],collectionKeys=[]];ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[] collectionRemovals=[] collectionUpdates=[] unresolvedInsertDependencies=UnresolvedEntityInsertActions[]])]
trace com.mchange.v2.resourcepool.BasicResourcePool#6383a319 [managed: 5, unused: 4, excluded: 0] (e.g. com.mchange.v2.c3p0.impl.NewPooledConnection#4c7576d0)
Exposing Hibernate transaction as JDBC transaction [com.mchange.v2.c3p0.impl.NewProxyConnection#330b16dd]
Returning cached instance of singleton bean 'transactionManager'
Found thread-bound Session [SessionImpl(PersistenceContext[entityKeys=[],collectionKeys=[]];ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[] collectionRemovals=[] collectionUpdates=[] unresolvedInsertDependencies=UnresolvedEntityInsertActions[]])] for Hibernate transaction
Participating in existing transaction
com.mchange.v2.c3p0.stmt.GlobalMaxOnlyStatementCache ----> CACHE HIT
checkoutStatement: com.mchange.v2.c3p0.stmt.GlobalMaxOnlyStatementCache stats -- total size: 4; checked out: 1; num connections: 1; num keys: 4
checkinStatement(): com.mchange.v2.c3p0.stmt.GlobalMaxOnlyStatementCache stats -- total size: 4; checked out: 0; num connections: 1; num keys: 4
Initiating transaction commit
Committing Hibernate transaction on Session [SessionImpl(PersistenceContext[entityKeys=[],collectionKeys=[]];ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[] collectionRemovals=[] collectionUpdates=[] unresolvedInsertDependencies=UnresolvedEntityInsertActions[]])]
Closing Hibernate Session [SessionImpl(PersistenceContext[entityKeys=[],collectionKeys=[]];ActionQueue[insertions=[] updates=[] deletions=[] collectionCreations=[] collectionRemovals=[] collectionUpdates=[] unresolvedInsertDependencies=UnresolvedEntityInsertActions[]])] after transaction
checkinAll(): com.mchange.v2.c3p0.stmt.GlobalMaxOnlyStatementCache stats -- total size: 4; checked out: 0; num connections: 1; num keys: 4
com.mchange.v2.async.ThreadPoolAsynchronousRunner#7f0b008a: Adding task to queue -- com.mchange.v2.resourcepool.BasicResourcePool$1RefurbishCheckinResourceTask#5149a61d
trace com.mchange.v2.resourcepool.BasicResourcePool#6383a319 [managed: 5, unused: 4, excluded: 0] (e.g. com.mchange.v2.c3p0.impl.NewPooledConnection#4c7576d0)
checkinAll(): com.mchange.v2.c3p0.stmt.GlobalMaxOnlyStatementCache stats -- total size: 4; checked out: 0; num connections: 1; num keys: 4
com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector#373d727a -- Running DeadlockDetector[Exiting. No pending tasks.]
com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector#373d727a -- Running DeadlockDetector[Exiting. No pending tasks.]
In web.xml I addded (before any other filters):
<filter>
<filter-name>hibernateFilter</filter-name>
<filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>hibernateFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
How do I get exception and how to avoid this one? I tried also OpenSessionInViewInterceptor but didn't work or I was doing something wrong.
I spent many many hours trying to solve this problem, reading many topics and tutorials but nothing helped me.
Thank you in advance for any help.
How the Configuration should look like when using #RolesAllowed Annotation?
I don't need any auth at my webpage as there's no login or anything else. Only the admin panel should have an http basic auth.
This is my current code:
public class WebAppInitializer extends AbstractSecurityWebApplicationInitializer {
#Override
public void beforeSpringSecurityFilterChain(ServletContext servletContext) {
AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
rootContext.getEnvironment().setDefaultProfiles("production");
rootContext.scan("com.xxx.config");
container.addListener(new ContextLoaderListener(rootContext));
ServletRegistration.Dynamic servlet = container.addServlet("DispatcherServlet", DispatcherServlet.class);
servlet.setInitParameter("contextConfigLocation", "");
servlet.setLoadOnStartup(1);
servlet.addMapping("/");
FilterRegistration charEncodingfilterReg = container.addFilter("CharacterEncodingFilter", CharacterEncodingFilter.class);
charEncodingfilterReg.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
charEncodingfilterReg.setInitParameter("encoding", "UTF-8");
charEncodingfilterReg.setInitParameter("forceEncoding", "true");
}
}
#Controller
#RequestMapping("admin")
#RolesAllowed("admin")
public class AdminController {
// ...
}
#Configuration
#EnableWebSecurity
#EnableGlobalMethodSecurity(jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
#Autowired
private Environment env;
private static final Logger log = LoggerFactory.getLogger(SecurityConfig.class);
#Bean
#Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().realmName(env.getProperty("adminRealm"));
}
#Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
// Output: DEBUG SecurityConfig - Register credentials for roles user, admin: admin:admin
log.debug("Register credentials for roles user, admin: " + env.getProperty("adminUsername") + ":" + env.getProperty("adminPassword"));
auth.inMemoryAuthentication().withUser(env.getProperty("adminUsername")).password(env.getProperty("adminPassword")).roles("user", "admin");
}
}
But after the login with the correct credentials I'm just getting a HTTP 403.
Log while requesting the admin panel:
DEBUG AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken#80a4fdc5: Principal: org.springframework.security.core.userdetails.User#586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_admin,ROLE_user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#12afc: RemoteIpAddress: 127.0.0.1; SessionId: 5973DDB69FFF44B3B9AD6077DFD7B1ED; Granted Authorities: ROLE_admin, ROLE_user'
DEBUG FilterChainProxy - /resources/webjars/fancybox/jquery.fancybox.css at position 10 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG FilterChainProxy - /resources/webjars/fancybox/jquery.fancybox.css at position 11 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG FilterChainProxy - /resources/webjars/fancybox/jquery.fancybox.css reached end of additional filter chain; proceeding with original chain
DEBUG DispatcherServlet - DispatcherServlet with name 'DispatcherServlet' processing GET request for [/resources/webjars/fancybox/jquery.fancybox.css]
DEBUG DispatcherServlet - Taking snapshot of request attributes before include
DEBUG RequestMappingHandlerMapping - Looking up handler method for path /resources/webjars/fancybox/jquery.fancybox.css
DEBUG RequestMappingHandlerMapping - Did not find handler method for [/resources/webjars/fancybox/jquery.fancybox.css]
DEBUG SimpleUrlHandlerMapping - Matching patterns for request [/resources/webjars/fancybox/jquery.fancybox.css] are [/resources/**]
DEBUG SimpleUrlHandlerMapping - URI Template variables for request [/resources/webjars/fancybox/jquery.fancybox.css] are {}
DEBUG SimpleUrlHandlerMapping - Mapping [/resources/webjars/fancybox/jquery.fancybox.css] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler#2f096210] and 1 interceptor
DEBUG DispatcherServlet - Last-Modified value for [/resources/webjars/fancybox/jquery.fancybox.css] is: -1
DEBUG ResourceHttpRequestHandler - Trying relative path [webjars/fancybox/jquery.fancybox.css] against base location: ServletContext resource [/resources/**]
DEBUG ResourceHttpRequestHandler - Found matching resource: ServletContext resource [/resources/webjars/fancybox/jquery.fancybox.css]
DEBUG ResourceHttpRequestHandler - Determined media type 'text/css' for ServletContext resource [/resources/webjars/fancybox/jquery.fancybox.css]
DEBUG DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'DispatcherServlet': assuming HandlerAdapter completed request handling
DEBUG DispatcherServlet - Restoring snapshot of request attributes after include
DEBUG DispatcherServlet - Removing attribute [org.springframework.web.servlet.HandlerMapping.introspectTypeLevelMapping] after include
DEBUG DispatcherServlet - Removing attribute [org.springframework.web.servlet.DispatcherServlet.FLASH_MAP_MANAGER] after include
DEBUG DispatcherServlet - Removing attribute [org.springframework.web.servlet.DispatcherServlet.THEME_SOURCE] after include
DEBUG DispatcherServlet - Removing attribute [org.springframework.web.servlet.DispatcherServlet.THEME_RESOLVER] after include
DEBUG DispatcherServlet - Removing attribute [org.springframework.web.servlet.DispatcherServlet.CONTEXT] after include
DEBUG DispatcherServlet - Removing attribute [org.springframework.web.servlet.HandlerMapping.pathWithinHandlerMapping] after include
DEBUG DispatcherServlet - Removing attribute [org.springframework.web.servlet.DispatcherServlet.OUTPUT_FLASH_MAP] after include
DEBUG DispatcherServlet - Removing attribute [org.springframework.web.servlet.HandlerMapping.bestMatchingPattern] after include
DEBUG DispatcherServlet - Removing attribute [org.springframework.web.servlet.DispatcherServlet.LOCALE_RESOLVER] after include
DEBUG DispatcherServlet - Successfully completed request
DEBUG ExceptionTranslationFilter - Chain processed normally
DEBUG ProcessorDecorator - Applying processor: ro.isdc.wro.extensions.processor.css.LessCssProcessor#2377a016
DEBUG ProcessorDecorator - Applying processor: ro.isdc.wro.extensions.processor.css.LessCssProcessor#2377a016
DEBUG ProcessorDecorator - Applying processor: ro.isdc.wro.extensions.processor.css.LessCssProcessor#2377a016
DEBUG ProcessorDecorator - Applying processor: ro.isdc.wro.extensions.processor.css.LessCssProcessor#2377a016
DEBUG ProcessorDecorator - Applying processor: ro.isdc.wro.extensions.processor.css.LessCssProcessor#2377a016
DEBUG ProcessorDecorator - Applying processor: ro.isdc.wro.extensions.processor.css.LessCssProcessor#2377a016
DEBUG ProcessorDecorator - Skipping processor: ro.isdc.wro.extensions.processor.css.LessCssProcessor#2377a016
DEBUG BenchmarkProcessorDecorator - StopWatch '': running time (millis) = 0
-----------------------------------------
ms % Task name
-----------------------------------------
00000 � Using ro.isdc.wro.extensions.processor.css.LessCssProcessor#2377a016
DEBUG ProcessorDecorator - Applying processor: ro.isdc.wro.model.resource.processor.impl.css.CssUrlRewritingProcessor#76ec1185
...much wro4j stuff...
DEBUG BenchmarkProcessorDecorator - StopWatch '': running time (millis) = 2770
-----------------------------------------
ms % Task name
-----------------------------------------
02770 100% Using ro.isdc.wro.model.resource.processor.impl.css.JawrCssMinifierProcessor#2c8e5aa6
DEBUG DefaultSynchronizedCacheStrategyDecorator - found content: .clearfix{*zoom:1}.clearfix...
DEBUG DefaultSynchronizedCacheStrategyDecorator - Content to fingerprint: [.clearfix{*zoom:1}.clearfix...]
DEBUG AbstractDigesterHashStrategy - SHA1HashStrategy hash: 51eda04c354d73243fa387841c9d888bbeb4a201
DEBUG DefaultSynchronizedCacheStrategyDecorator - computed entry: hash: 51eda04c354d73243fa387841c9d888bbeb4a201
DEBUG ResourceBundleProcessor - ETag hash detected: "51eda04c354d73243fa387841c9d888bbeb4a201". Sending 304 status code
DEBUG WroFilter - Disable Cache is true. Destroying model...
DEBUG DefaultWroModelFactoryDecorator - Destroy model
DEBUG DefaultResourceAuthorizationManager - clear.
DEBUG DefaultResourceAuthorizationManager - clear.
DEBUG ExceptionTranslationFilter - Chain processed normally
DEBUG SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
DEBUG FilterChainProxy - /resources/img/logo.png at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
DEBUG FilterChainProxy - /resources/img/logo.png at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl#80a4fdc5: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#80a4fdc5: Principal: org.springframework.security.core.userdetails.User#586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_admin,ROLE_user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#12afc: RemoteIpAddress: 127.0.0.1; SessionId: 5973DDB69FFF44B3B9AD6077DFD7B1ED; Granted Authorities: ROLE_admin, ROLE_user'
DEBUG FilterChainProxy - /resources/img/logo.png at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
DEBUG HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#51879f03
DEBUG FilterChainProxy - /resources/img/logo.png at position 4 of 11 in additional filter chain; firing Filter: 'CsrfFilter'
DEBUG FilterChainProxy - /resources/img/logo.png at position 5 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG AntPathRequestMatcher - Checking match of request : '/resources/img/logo.png'; against '/logout'
DEBUG FilterChainProxy - /resources/img/logo.png at position 6 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG FilterChainProxy - /resources/img/logo.png at position 7 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
DEBUG FilterChainProxy - /resources/img/logo.png at position 8 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG FilterChainProxy - /resources/img/logo.png at position 9 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
DEBUG AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken#80a4fdc5: Principal: org.springframework.security.core.userdetails.User#586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_admin,ROLE_user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#12afc: RemoteIpAddress: 127.0.0.1; SessionId: 5973DDB69FFF44B3B9AD6077DFD7B1ED; Granted Authorities: ROLE_admin, ROLE_user'
DEBUG FilterChainProxy - /resources/img/logo.png at position 10 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG FilterChainProxy - /resources/img/logo.png at position 11 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG FilterChainProxy - /resources/img/logo.png reached end of additional filter chain; proceeding with original chain
DEBUG DispatcherServlet - DispatcherServlet with name 'DispatcherServlet' processing GET request for [/resources/img/logo.png]
DEBUG RequestMappingHandlerMapping - Looking up handler method for path /resources/img/logo.png
DEBUG RequestMappingHandlerMapping - Did not find handler method for [/resources/img/logo.png]
DEBUG SimpleUrlHandlerMapping - Matching patterns for request [/resources/img/logo.png] are [/resources/**]
DEBUG SimpleUrlHandlerMapping - URI Template variables for request [/resources/img/logo.png] are {}
DEBUG SimpleUrlHandlerMapping - Mapping [/resources/img/logo.png] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler#2f096210] and 1 interceptor
DEBUG DispatcherServlet - Last-Modified value for [/resources/img/logo.png] is: -1
DEBUG ResourceHttpRequestHandler - Trying relative path [img/logo.png] against base location: ServletContext resource [/resources/**]
DEBUG ResourceHttpRequestHandler - Found matching resource: ServletContext resource [/resources/img/logo.png]
DEBUG ResourceHttpRequestHandler - Determined media type 'image/png' for ServletContext resource [/resources/img/logo.png]
DEBUG DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'DispatcherServlet': assuming HandlerAdapter completed request handling
DEBUG DispatcherServlet - Successfully completed request
DEBUG ExceptionTranslationFilter - Chain processed normally
DEBUG SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
DEBUG FilterChainProxy - /resources/img/eagle.png at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
DEBUG FilterChainProxy - /resources/img/eagle.png at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl#80a4fdc5: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#80a4fdc5: Principal: org.springframework.security.core.userdetails.User#586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_admin,ROLE_user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#12afc: RemoteIpAddress: 127.0.0.1; SessionId: 5973DDB69FFF44B3B9AD6077DFD7B1ED; Granted Authorities: ROLE_admin, ROLE_user'
DEBUG FilterChainProxy - /resources/img/eagle.png at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
DEBUG HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#51879f03
DEBUG FilterChainProxy - /resources/img/eagle.png at position 4 of 11 in additional filter chain; firing Filter: 'CsrfFilter'
DEBUG FilterChainProxy - /resources/img/eagle.png at position 5 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG AntPathRequestMatcher - Checking match of request : '/resources/img/eagle.png'; against '/logout'
DEBUG FilterChainProxy - /resources/img/eagle.png at position 6 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG FilterChainProxy - /resources/img/eagle.png at position 7 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
DEBUG FilterChainProxy - /resources/img/eagle.png at position 8 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG FilterChainProxy - /resources/img/eagle.png at position 9 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
DEBUG AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken#80a4fdc5: Principal: org.springframework.security.core.userdetails.User#586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_admin,ROLE_user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#12afc: RemoteIpAddress: 127.0.0.1; SessionId: 5973DDB69FFF44B3B9AD6077DFD7B1ED; Granted Authorities: ROLE_admin, ROLE_user'
DEBUG FilterChainProxy - /resources/img/eagle.png at position 10 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG FilterChainProxy - /resources/img/eagle.png at position 11 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG FilterChainProxy - /resources/img/eagle.png reached end of additional filter chain; proceeding with original chain
DEBUG DispatcherServlet - DispatcherServlet with name 'DispatcherServlet' processing GET request for [/resources/img/eagle.png]
DEBUG RequestMappingHandlerMapping - Looking up handler method for path /resources/img/eagle.png
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl#80a4fdc5: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#80a4fdc5: Principal: org.springframework.security.core.userdetails.User#586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_admin,ROLE_user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#12afc: RemoteIpAddress: 127.0.0.1; SessionId: 5973DDB69FFF44B3B9AD6077DFD7B1ED; Granted Authorities: ROLE_admin, ROLE_user'
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
DEBUG HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher#51879f03
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 4 of 11 in additional filter chain; firing Filter: 'CsrfFilter'
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 5 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG AntPathRequestMatcher - Checking match of request : '/resources/webjars/font/fontawesome-webfont.woff'; against '/logout'
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 6 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 7 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 8 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG RequestMappingHandlerMapping - Did not find handler method for [/resources/img/eagle.png]
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 9 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
DEBUG SimpleUrlHandlerMapping - Matching patterns for request [/resources/img/eagle.png] are [/resources/**]
DEBUG AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken#80a4fdc5: Principal: org.springframework.security.core.userdetails.User#586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_admin,ROLE_user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#12afc: RemoteIpAddress: 127.0.0.1; SessionId: 5973DDB69FFF44B3B9AD6077DFD7B1ED; Granted Authorities: ROLE_admin, ROLE_user'
DEBUG SimpleUrlHandlerMapping - URI Template variables for request [/resources/img/eagle.png] are {}
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 10 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG SimpleUrlHandlerMapping - Mapping [/resources/img/eagle.png] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler#2f096210] and 1 interceptor
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 at position 11 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG DispatcherServlet - Last-Modified value for [/resources/img/eagle.png] is: -1
DEBUG FilterChainProxy - /resources/webjars/font/fontawesome-webfont.woff?v=3.2.1 reached end of additional filter chain; proceeding with original chain
DEBUG ResourceHttpRequestHandler - Trying relative path [img/eagle.png] against base location: ServletContext resource [/resources/**]
DEBUG DispatcherServlet - DispatcherServlet with name 'DispatcherServlet' processing GET request for [/resources/webjars/font/fontawesome-webfont.woff]
DEBUG ResourceHttpRequestHandler - Found matching resource: ServletContext resource [/resources/img/eagle.png]
DEBUG ResourceHttpRequestHandler - Determined media type 'image/png' for ServletContext resource [/resources/img/eagle.png]
DEBUG DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'DispatcherServlet': assuming HandlerAdapter completed request handling
DEBUG DispatcherServlet - Successfully completed request
DEBUG ExceptionTranslationFilter - Chain processed normally
DEBUG SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
DEBUG RequestMappingHandlerMapping - Looking up handler method for path /resources/webjars/font/fontawesome-webfont.woff
DEBUG RequestMappingHandlerMapping - Did not find handler method for [/resources/webjars/font/fontawesome-webfont.woff]
DEBUG SimpleUrlHandlerMapping - Matching patterns for request [/resources/webjars/font/fontawesome-webfont.woff] are [/resources/**]
DEBUG SimpleUrlHandlerMapping - URI Template variables for request [/resources/webjars/font/fontawesome-webfont.woff] are {}
DEBUG SimpleUrlHandlerMapping - Mapping [/resources/webjars/font/fontawesome-webfont.woff] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler#2f096210] and 1 interceptor
DEBUG DispatcherServlet - Last-Modified value for [/resources/webjars/font/fontawesome-webfont.woff] is: -1
DEBUG ResourceHttpRequestHandler - Trying relative path [webjars/font/fontawesome-webfont.woff] against base location: ServletContext resource [/resources/**]
DEBUG ResourceHttpRequestHandler - Found matching resource: ServletContext resource [/resources/webjars/font/fontawesome-webfont.woff]
DEBUG ResourceHttpRequestHandler - Determined media type 'application/x-font-woff' for ServletContext resource [/resources/webjars/font/fontawesome-webfont.woff]
DEBUG DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'DispatcherServlet': assuming HandlerAdapter completed request handling
DEBUG DispatcherServlet - Successfully completed request
DEBUG ExceptionTranslationFilter - Chain processed normally
DEBUG SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
Permissions:
$ cd ~/workspace/xxxxx/target/classes && ls -l . && ls -l META-INF && ls -l META-INF/services && ls -l properties && ls -l properties/common && ls -l properties/development
insgesamt 76
drwxrwxr-x 4 danny danny 4096 Nov 12 17:57 com
-rw-rw-r-- 1 danny danny 19074 Nov 12 17:57 import.sql
-rw-rw-r-- 1 danny danny 519 Nov 14 22:16 logback.xml
drwxrwxr-x 3 danny danny 4096 Nov 12 17:57 META-INF
drwxrwxr-x 5 danny danny 4096 Nov 12 17:57 properties
-rw-rw-r-- 1 danny danny 2215 Nov 12 17:57 tiles.xml
-rw-rw-r-- 1 danny danny 2444 Nov 12 17:57 wro.xml
insgesamt 4
drwxrwxr-x 2 danny danny 4096 Nov 12 17:57 services
insgesamt 24
-rw-rw-r-- 1 danny danny 34 Nov 12 17:57 javax.servlet.ServletContainerInitializer
-rw-rw-r-- 1 danny danny 57 Nov 12 17:57 ro.isdc.wro.model.spi.ModelFactoryProvider
insgesamt 12
drwxrwxr-x 2 danny danny 4096 Nov 12 17:57 common
drwxrwxr-x 2 danny danny 4096 Nov 12 17:57 development
drwxrwxr-x 2 danny danny 4096 Nov 12 17:57 production
insgesamt 48
-rw-rw-r-- 1 danny danny 737 Nov 12 17:57 application.properties
-rw-rw-r-- 1 danny danny 57 Nov 12 17:57 hibernate.properties
-rw-rw-r-- 1 danny danny 88 Nov 12 17:57 jdbc.properties
-rw-rw-r-- 1 danny danny 125 Nov 12 17:57 wro.properties
insgesamt 48
-rw-rw-r-- 1 danny danny 142 Nov 12 17:57 application.properties
-rw-rw-r-- 1 danny danny 53 Nov 12 17:57 hibernate.properties
-rw-rw-r-- 1 danny danny 35 Nov 12 17:57 jdbc.properties
-rw-rw-r-- 1 danny danny 17 Nov 12 17:57 wro.properties
As you are using the default authentication manager your rolenames must be prefixed with "ROLE_" to be matched.