Spring security not invoking request mapping after authorization - spring
I have a custom login page which authenticates a user using a custom UserDetailsService bean. In the spring security DEBUG logs I see that the authentication proceeds fine and the list of granted authorities contains ROLE_USER.
As per the configuration the page should redirect to welcomePage.html which it does. But the response to welcomePage.html is the login.html page. The logs suggest that the authentication proceeded successfully.
I am using annotation driven configuration in my servlet xml file.
Why is the request handler for welcomePage.html not being invoked?
How to get the request handler to be invoked? It used to work before spring security integration. Other request handlers are also not being invoked after spring security integration.
As an aside how does spring security know that the security configuration should forward all requests to my servlet. There could be more servlets in the application. Does the login-page property of form-login consult web.xml for finding the appropriate handler? Why does it not consult web.xml and not find my request mapping for welcomePage.html then? I am using Spring MVC DispatcherServlet.
Is this related?
http://mark.koli.ch/2010/07/spring-3-and-spring-security-setting-your-own-custom-j-spring-security-check-filter-processes-url.html
Here are the spring security logs:
19:03:49,645 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/**/*.css'
19:03:49,645 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/**/*.js'
19:03:49,645 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/**/*.png'
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistence
Filter'
19:03:49,646 DEBUG HttpSessionSecurityContextRepository:158 - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.secu
rity.core.context.SecurityContextImpl#afe7c13e: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#afe7c1
3e: Principal: security.V2VUserDetails#4a97111c; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authenticati
on.WebAuthenticationDetails#1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, ROLE_USER'
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthentica
tionFilter'
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:03:49,646 DEBUG FilterChainProxy:337 - /welcomePage.html at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAware
RequestFilter'
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFil
ter'
19:03:49,647 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springf
ramework.security.authentication.UsernamePasswordAuthenticationToken#afe7c13e: Principal: security.V2VUserDetails#4a97111c; Credentials: [PROTECTED];
Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E
5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, ROLE_USER'
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter
'
19:03:49,647 DEBUG FilterChainProxy:337 - /welcomePage.html at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor
'
19:03:49,648 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/login.html*'
19:03:49,648 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/welcomepage.html'; against '/welcomepage.html*'
19:03:49,648 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /welcomePage.html; Attributes: [hasRole('ROLE_USER')]
19:03:49,649 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticatio
nToken#afe7c13e: Principal: security.V2VUserDetails#4a97111c; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web
.authentication.WebAuthenticationDetails#1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, R
OLE_USER
19:03:49,649 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter#4481f947, returned: 1
19:03:49,650 DEBUG FilterSecurityInterceptor:215 - Authorization successful
19:03:49,650 DEBUG FilterSecurityInterceptor:227 - RunAsManager did not change Authentication object
19:03:49,651 DEBUG FilterChainProxy:323 - /welcomePage.html reached end of additional filter chain; proceeding with original chain
19:03:49,660 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/web-inf/jsp/login.jsp'; against '/**/*.css'
19:03:49,660 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/web-inf/jsp/login.jsp'; against '/**/*.js'
19:03:49,661 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/web-inf/jsp/login.jsp'; against '/**/*.png'
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersis
tenceFilter'
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthe
nticationFilter'
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFi
lter'
19:03:49,661 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilt
er'
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolder
AwareRequestFilter'
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticati
onFilter'
19:03:49,662 DEBUG AnonymousAuthenticationFilter:107 - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springf
ramework.security.authentication.UsernamePasswordAuthenticationToken#afe7c13e: Principal: security.V2VUserDetails#4a97111c; Credentials: [PROTECTED];
Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#1c07a: RemoteIpAddress: 127.0.0.1; SessionId: E
5639123A984EE19E0CEFCA19C37DA42; Granted Authorities: admin, ROLE_USER'
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilt
er'
19:03:49,662 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationF
ilter'
19:03:49,663 DEBUG FilterChainProxy:337 - /WEB-INF/jsp/login.jsp at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterc
eptor'
19:03:49,663 DEBUG FilterChainProxy:323 - /WEB-INF/jsp/login.jsp reached end of additional filter chain; proceeding with original chain
19:03:49,665 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
19:03:49,665 DEBUG ExceptionTranslationFilter:115 - Chain processed normally
19:03:49,665 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
19:03:49,915 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/jquery-ui-1.8.16.custom.css'; against '/**/*.css'
19:03:49,916 DEBUG FilterChainProxy:180 - /css/jquery-ui-1.8.16.custom.css has an empty filter list
19:03:49,915 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/css/jquery.datatables.css'; against '/**/*.css'
19:03:49,916 DEBUG FilterChainProxy:180 - /plugins/DataTables/media/css/jquery.dataTables.css has an empty filter list
19:03:49,916 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/css/jquery.datatables_themeroller.css'; against
'/**/*.css'
19:03:49,917 DEBUG FilterChainProxy:180 - /plugins/DataTables/media/css/jquery.dataTables_themeroller.css has an empty filter list
19:03:49,961 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/redmond.custom.css'; against '/**/*.css'
19:03:49,961 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/jquery-1.8.1.min.js'; against '/**/*.css'
19:03:49,961 DEBUG FilterChainProxy:180 - /css/redmond.custom/redmond.custom.css has an empty filter list
19:03:49,962 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/jquery-ui/js/jquery-ui-1.8.23.custom.min.js'; against '/**/*.css'
19:03:49,962 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/jquery-ui/js/jquery-ui-1.8.23.custom.min.js'; against '/**/*.js'
19:03:49,962 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/jquery-1.8.1.min.js'; against '/**/*.js'
19:03:49,962 DEBUG FilterChainProxy:180 - /jquery-ui/js/jquery-ui-1.8.23.custom.min.js has an empty filter list
19:03:49,963 DEBUG FilterChainProxy:180 - /js/jquery-1.8.1.min.js has an empty filter list
19:03:49,970 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.css'; against '/**/*.css'
19:03:49,971 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.css has an empty filter list
19:03:49,972 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.filter.css'; against '/**
/*.css'
19:03:49,972 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/css/tabletools.css'; against '
/**/*.css'
19:03:49,972 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.filter.css has an empty filter list
19:03:49,973 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/TableTools/media/css/TableTools.css has an empty filter list
19:03:49,973 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/css/tabletools_jui.css'; again
st '/**/*.css'
19:03:49,973 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/TableTools/media/css/TableTools_JUI.css has an empty filter list
19:03:50,018 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/colvis/media/css/colvis.css'; against '/**/*.cs
s'
19:03:50,019 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/ColVis/media/css/ColVis.css has an empty filter list
19:03:50,021 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/common.css'; against '/**/*.css'
19:03:50,021 DEBUG FilterChainProxy:180 - /css/common.css has an empty filter list
19:03:50,062 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/toppanel.css'; against '/**/*.css'
19:03:50,063 DEBUG FilterChainProxy:180 - /css/topPanel.css has an empty filter list
19:03:50,063 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/login.css'; against '/**/*.css'
19:03:50,063 DEBUG FilterChainProxy:180 - /css/login.css has an empty filter list
19:03:50,065 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/js/jquery.datatables.js'; against '/**/*.css'
19:03:50,065 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/media/js/jquery.datatables.js'; against '/**/*.js'
19:03:50,065 DEBUG FilterChainProxy:180 - /plugins/DataTables/media/js/jquery.dataTables.js has an empty filter list
19:03:50,066 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/js/tabletools.min.js'; against
'/**/*.css'
19:03:50,067 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/tabletools/media/js/tabletools.min.js'; against
'/**/*.js'
19:03:50,067 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/TableTools/media/js/TableTools.min.js has an empty filter list
19:03:50,069 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/fixedcolumns/media/js/fixedcolumns.min.js'; aga
inst '/**/*.css'
19:03:50,069 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/fixedcolumns/media/js/fixedcolumns.min.js'; aga
inst '/**/*.js'
19:03:50,069 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/FixedColumns/media/js/FixedColumns.min.js has an empty filter list
19:03:50,070 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/colvis/media/js/colvis.min.js'; against '/**/*.
css'
19:03:50,070 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/datatables/extras/colvis/media/js/colvis.min.js'; against '/**/*.
js'
19:03:50,071 DEBUG FilterChainProxy:180 - /plugins/DataTables/extras/ColVis/media/js/ColVis.min.js has an empty filter list
19:03:50,071 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/slidingmessage/jquery.slidingmessage.js'; against '/**/*.css'
19:03:50,072 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/slidingmessage/jquery.slidingmessage.js'; against '/**/*.js'
19:03:50,072 DEBUG FilterChainProxy:180 - /plugins/slidingmessage/jquery.slidingmessage.js has an empty filter list
19:03:50,073 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/barcode/jquery-barcode-2.0.2.min.js'; against '/**/*.css'
19:03:50,074 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/barcode/jquery-barcode-2.0.2.min.js'; against '/**/*.js'
19:03:50,074 DEBUG FilterChainProxy:180 - /plugins/barcode/jquery-barcode-2.0.2.min.js has an empty filter list
19:03:50,092 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/printarea/jquery.printarea.js'; against '/**/*.css'
19:03:50,093 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/printarea/jquery.printarea.js'; against '/**/*.js'
19:03:50,093 DEBUG FilterChainProxy:180 - /plugins/printarea/jquery.PrintArea.js has an empty filter list
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/common.js'; against '/**/*.css'
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnreloadajax.datatables.js'; against '/**/*.css'
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/common.js'; against '/**/*.js'
19:03:50,095 DEBUG FilterChainProxy:180 - /js/common.js has an empty filter list
19:03:50,095 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnreloadajax.datatables.js'; against '/**/*.js'
19:03:50,096 DEBUG FilterChainProxy:180 - /js/fnReloadAjax.dataTables.js has an empty filter list
19:03:50,096 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnstandingredraw.datatables.js'; against '/**/*.css'
19:03:50,097 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/js/fnstandingredraw.datatables.js'; against '/**/*.js'
19:03:50,097 DEBUG FilterChainProxy:180 - /js/fnStandingRedraw.dataTables.js has an empty filter list
19:03:50,098 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.min.js'; against '/**/*.c
ss'
19:03:50,098 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.min.js'; against '/**/*.j
s'
19:03:50,099 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.min.js has an empty filter list
19:03:50,100 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.filter.min.js'; against '
/**/*.css'
19:03:50,100 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jqueryui-multiselect/jquery.multiselect.filter.min.js'; against '
/**/*.js'
19:03:50,100 DEBUG FilterChainProxy:180 - /plugins/jqueryui-multiselect/jquery.multiselect.filter.min.js has an empty filter list
19:03:50,102 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/toggleradio/toggleradio.js'; against '/**/*.css'
19:03:50,102 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/highlight/highlight.js'; against '/**/*.css'
19:03:50,102 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/toggleradio/toggleradio.js'; against '/**/*.js'
19:03:50,103 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/highlight/highlight.js'; against '/**/*.js'
19:03:50,103 DEBUG FilterChainProxy:180 - /plugins/toggleradio/toggleradio.js has an empty filter list
19:03:50,103 DEBUG FilterChainProxy:180 - /plugins/Highlight/highlight.js has an empty filter list
19:03:50,105 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jquery-ui-timepicker/jquery-ui-timepicker-addon.js'; against '/**
/*.css'
19:03:50,105 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/plugins/jquery-ui-timepicker/jquery-ui-timepicker-addon.js'; against '/**
/*.js'
19:03:50,105 DEBUG FilterChainProxy:180 - /plugins/jquery-ui-timepicker/jquery-ui-timepicker-addon.js has an empty filter list
19:03:50,229 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-icons_6da8d5_256x240.png'; against '/**/*.cs
s'
19:03:50,229 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-icons_6da8d5_256x240.png'; against '/**/*.js
'
19:03:50,229 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png'; against '/**/
*.css'
19:03:50,230 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-icons_6da8d5_256x240.png'; against '/**/*.pn
g'
19:03:50,230 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png'; against '/**/
*.js'
19:03:50,230 DEBUG FilterChainProxy:180 - /css/redmond.custom/images/ui-icons_6da8d5_256x240.png has an empty filter list
19:03:50,230 DEBUG AntPathRequestMatcher:103 - Checking match of request : '/css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png'; against '/**/
*.png'
19:03:50,231 DEBUG FilterChainProxy:180 - /css/redmond.custom/images/ui-bg_glass_85_dfeffc_1x400.png has an empty filter list
Spring Security configuration:
<http pattern="/**/*.css" security="none" />
<http pattern="/**/*.js" security="none" />
<http pattern="/**/*.png" security="none" />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login.html*" access="isAnonymous()" />
<intercept-url pattern="/welcomePage.html*" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/**" access="isFullyAuthenticated()" />
<form-login login-page="/login.html"
default-target-url="/welcomePage.html"
authentication-failure-url="/login.html"
always-use-default-target="true" />
</http>
Found the problem
I added spring security code but forgot to remove some parts of the old code which was responsible for authentication. I had an interceptor which would check for user in the session and redirect to the login page if the user was not found.
Removed the old interceptor and now the problem is fixed.
Related
Keycloak 400 bad request when [state] is old
I have a Spring Boot application protected by Keycloak (15.0.2). Let's say that I have a browser with two tabs opened for the same user and that user is authenticated. Now I logout in tab 1 and I get the Keycloak login form with the following Url: http://localhost:8180/auth/realms/AUTOTEST_PG/protocol/openid-connect/auth?response_type=code&client_id=mcd-client&state=e01b8a88-6945-4c56-9ee1-46fb156d33be&login=true&scope=openid Now I logout in tab 2 and I get the Keycloak login form with the following Url: http://localhost:8180/auth/realms/AUTOTEST_PG/protocol/openid-connect/auth?response_type=code&client_id=mcd-client&state=b9607387-7a05-4226-8313-4c5c80a1b145&login=true&scope=openid Next, I tried to login in tab 1 and I get a 400 Bad Request response. Looking at the Spring Boot log I get the following: 14554520 2021-12-14 00:02:06,100 [ajp-nio-0.0.0.0-8009-exec-8] DEBUG sample.controller.filters.MyKeycloakAuthenticationProcessingFilter ?:? - - - - - attemptAuthentication 14554520 2021-12-14 00:02:06,100 [ajp-nio-0.0.0.0-8009-exec-8] DEBUG sample.security.RealmProvider ?:? - - - - - getRealmName - requestUri: https://10.161.54.36/sso/login?redirect_url=/sctools/&state=e01b8a88-6945-4c56-9ee1-46fb156d33be&session_state=4fe8d159-5ada-4522-a422-07c5a0ce9d15&code=c5dda8ef-0fd9-4323-9922-fa5c73b28f89.4fe8d159-5ada-4522-a422-07c5a0ce9d15.442a440e-6df0-40c7-b8cb-3a52123430a0 14554520 2021-12-14 00:02:06,100 [ajp-nio-0.0.0.0-8009-exec-8] WARN org.keycloak.adapters.OAuthRequestAuthenticator ?:? - - - - - state parameter invalid 14554520 2021-12-14 00:02:06,100 [ajp-nio-0.0.0.0-8009-exec-8] WARN org.keycloak.adapters.OAuthRequestAuthenticator ?:? - - - - - cookie: b9607387-7a05-4226-8313-4c5c80a1b145 14554520 2021-12-14 00:02:06,100 [ajp-nio-0.0.0.0-8009-exec-8] WARN org.keycloak.adapters.OAuthRequestAuthenticator ?:? - - - - - queryParam: e01b8a88-6945-4c56-9ee1-46fb156d33be 14554521 2021-12-14 00:02:06,101 [ajp-nio-0.0.0.0-8009-exec-8] DEBUG sample.controller.filters.MyKeycloakAuthenticationProcessingFilter ?:? - - - - - unsuccessfulAuthentication - committed: true 14554521 2021-12-14 00:02:06,101 [ajp-nio-0.0.0.0-8009-exec-8] DEBUG sample.security.MyKeycloakAuthenticationFailureHandler ?:? - - - - - onAuthenticationFailure org.keycloak.adapters.springsecurity.KeycloakAuthenticationException: Invalid authorization header, see WWW-Authenticate header for details 14554521 2021-12-14 00:02:06,101 [ajp-nio-0.0.0.0-8009-exec-8] DEBUG sample.security.MyKeycloakAuthenticationFailureHandler ?:? - - - - - onAuthenticationFailure - response isCommitted - Status: 400 It seems that the cookie sent and the state value doesn't match and that is the reason why I get a bad request. How can I login from any of the tabs without getting the Bad Request ? Note: If I go to the tab2 and login, then I get a message telling me that the user is already login. UPDATE When doing the same operation on the Keycloak console, if the user logout from one tab the second tab is automatically logout and the Url doesn't get an state variable it gets a challenge variable, something like: http://10.161.54.36:8180/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=http%3A%2F%2F10.161.54.36%3A8180%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F%23%2Frealms&state=c3015df8-4c50-4454-be8d-0555f25e3bd0&response_mode=fragment&response_type=code&scope=openid&nonce=acb2a07d-c4a3-4cd3-8a7a-e23580a97d14&code_challenge=2W6-09eeD_WEwtWct3a5MojpIQJMe-9brcOH-7fbT6A&code_challenge_method=S256 How is it done ?
Spring Security no HttpSession currently exists
I'm trying to set a Spring WebApplication in order to connect with an ADFS Server in order to accomplish a Web SSO. The SAML request works fine but when I receive the response from the ADFS I have a redirect loop caused by an authentication problem. Seems like that after I succesfully stored the UserDetails in Session the next request can't find an HttpSession available so an Anonymous Token is created. I'm using the wonderful SAML Extension library (http://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/) and I've implemented The SAMLUserDetailsService in order to build the UserDetails. In a second WebApp similar to this everything works fine. Here my logs: (SAMLDefaultLogger.java:127) - AuthNResponse;SUCCESS; ... (AbstractAuthenticationProcessingFilter.java:319) - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.providers.ExpiringUsernameAuthenticationToken#aecd14bd: (SavedRequestAwareAuthenticationSuccessHandler.java:79) - Redirecting to DefaultSavedRequest Url: ... (DefaultRedirectStrategy.java:36) - Redirecting to .... (HttpSessionSecurityContextRepository.java:327) - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl#aecd14bd: Authentication: org.springframework.security.providers.ExpiringUsernameAuthenticationToken#aecd14bd: ... (SecurityContextPersistenceFilter.java:97) - SecurityContextHolder now cleared, as request processing completed (FilterChainProxy.java:337) - / at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' (HttpSessionSecurityContextRepository.java:140) - No HttpSession currently exists (HttpSessionSecurityContextRepository.java:91) - No SecurityContext was available from the HttpSession: null. A new one will be created. (FilterChainProxy.java:337) - / at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' (FilterChainProxy.java:337) - / at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter' (FilterChainProxy.java:337) - / at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' (FilterChainProxy.java:337) - / at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' (FilterChainProxy.java:337) - / at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' (FilterChainProxy.java:337) - / at position 7 of 12 in additional filter chain; firing Filter: 'FilterChainProxy' (AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/login/**' (AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/logout/**' (AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/sso/**' (AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/ssohok/**' (AntPathRequestMatcher.java:145) - Checking match of request : '/'; against '/saml/singlelogout/**' (FilterChainProxy.java:180) - / has no matching filters (FilterChainProxy.java:337) - / at position 8 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' (FilterChainProxy.java:337) - / at position 9 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' (FilterChainProxy.java:337) - / at position 10 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' (AnonymousAuthenticationFilter.java:102) - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken#6faa3d44: (ExceptionTranslationFilter.java:165) - Access is denied (user is anonymous); redirecting to authentication entry point ... I'm using Spring Security 3.2.5.RELEASE Thanks in advance and sorry for my english
I solved, the problem was related to the context path. After a cookie was set to context path ending slash "/" the next request without this slash could not pass the cookie session. I think this is related to this Tomcat setting (sessionCookiePathUsesTrailingSlash) and its security issue.
Spring Web Flux (reactive) functional route not working as expected with Kotlin
Hello good people interested in writing spring apps in Kotlin. I am playing with Spring Boot 2.0.0 snapshot and spring-webflux. This piece of code: #Component class TestRouter() : RouterFunction<ServerResponse> { override fun route(request: ServerRequest) = route(request) { "/".route { GET("/hello") { ServerResponse.ok().body(BodyInserters.fromObject("World")) } "/{id}".route { GET("/hello") { ServerResponse.ok().body(BodyInserters.fromObject("World ${request.pathVariable("id")}")) } } } } } does not work as expected (at least as I would expect:)) ➜ ~ curl -i http://localhost:8080/hello HTTP/1.1 200 OK transfer-encoding: chunked Content-Type: text/plain;charset=UTF-8 World but: ➜ ~ curl -i http://localhost:8080/1/hello HTTP/1.1 404 Not Found content-length: 0 Working case trace: 2017-03-03 00:58:03.865 TRACE 7666 --- [ctor-http-nio-4] o.s.w.r.f.server.RequestPredicates : Pattern "//**" matches against value "/hello" 2017-03-03 00:58:03.865 DEBUG 7666 --- [ctor-http-nio-4] o.s.w.r.function.server.RouterFunctions : Nested predicate "//**" matches against "GET /hello" 2017-03-03 00:58:03.865 TRACE 7666 --- [ctor-http-nio-4] o.s.w.r.f.server.RequestPredicates : Method "GET" matches against value "GET" 2017-03-03 00:58:03.866 TRACE 7666 --- [ctor-http-nio-4] o.s.w.r.f.server.RequestPredicates : Pattern "/hello" matches against value "/hello" 2017-03-03 00:58:03.866 DEBUG 7666 --- [ctor-http-nio-4] o.s.w.r.function.server.RouterFunctions : Predicate "(GET && /hello)" matches against "GET /hello" Not working case trace: 2017-03-03 00:59:26.958 TRACE 7666 --- [ctor-http-nio-1] o.s.w.r.f.server.RequestPredicates : Pattern "//**" matches against value "/1/hello" 2017-03-03 00:59:26.958 DEBUG 7666 --- [ctor-http-nio-1] o.s.w.r.function.server.RouterFunctions : Nested predicate "//**" matches against "GET /1/hello" 2017-03-03 00:59:26.958 TRACE 7666 --- [ctor-http-nio-1] o.s.w.r.f.server.RequestPredicates : Method "GET" matches against value "GET" 2017-03-03 00:59:26.958 TRACE 7666 --- [ctor-http-nio-1] o.s.w.r.f.server.RequestPredicates : Pattern "/hello" does not match against value "/1/hello" 2017-03-03 00:59:26.959 TRACE 7666 --- [ctor-http-nio-1] o.s.w.r.f.server.RequestPredicates : Pattern "/{id}/**" matches against value "/1/hello" 2017-03-03 00:59:26.959 DEBUG 7666 --- [ctor-http-nio-1] o.s.w.r.function.server.RouterFunctions : Nested predicate "/{id}/**" matches against "GET /1/hello" 2017-03-03 00:59:26.959 TRACE 7666 --- [ctor-http-nio-1] o.s.w.r.f.server.RequestPredicates : Method "GET" matches against value "GET" 2017-03-03 00:59:26.959 TRACE 7666 --- [ctor-http-nio-1] o.s.w.r.f.server.RequestPredicates : Pattern "/hello" does not match against value "/1/hello" This seems like a bug (as the "/{id}".route {...} supposedly is using RouterFunctions.nest), but I could be wrong. Your thoughts and help are welcome. I obviously know that I can make /1/hello work by just writing GET("/{id}/hello") { ... }, but I am interested in the nested .route { ...} variant as it supports my use case of adding nested routes from another location (like a map, etc).
This issue has been fixed in SPR-15310.
Strange logs when vaadin page opened in osgi
I have following logs when opening a vaadin page. The strange logs stop when I close my webpage. [qtp948395645-39] DEBUG org.eclipse.jetty.http.HttpParser - filled 447/447 [qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.Server - REQUEST / on AsyncHttpConnection#5444c658,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-5,l=48,c=0},r=11 [qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/ # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/ # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie [qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320 [qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909 [qtp948395645-39 - /] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/ -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c [qtp948395645-39 - /] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null [qtp948395645-39 - /] DEBUG org.eclipse.jetty.server.Server - RESPONSE / 200 handled=true [qtp948395645-39] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#11dfd090{l(/10.221.137.111:56461)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#5444c658,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=0},r=11} [qtp948395645-39] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0 [qtp948395645-36] DEBUG org.eclipse.jetty.http.HttpParser - filled 474/474 [qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.Server - REQUEST /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js on AsyncHttpConnection#5444c658,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-5,l=48,c=0},r=12 [qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie [qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320 [qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909 [qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c [qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null [qtp948395645-36 - /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js?1443457921853] DEBUG org.eclipse.jetty.server.Server - RESPONSE /VAADIN/widgetsets/com.vaadin.DefaultWidgetSet/com.vaadin.DefaultWidgetSet.nocache.js 200 handled=true [qtp948395645-36] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#11dfd090{l(/10.221.137.111:56461)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#5444c658,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=0},r=12} [qtp948395645-40] DEBUG org.eclipse.jetty.http.HttpParser - filled 731/731 [qtp948395645-36] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0 [qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.Server - REQUEST / on AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=2,l=48,c=246},r=3 [qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/ # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/ # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie [qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320 [qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909 [qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/ -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c [qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null [qtp948395645-40 - /?v-1443457921854] INFO com.bekaert.handling.ui.core - Rebuilding session from cookie for user 'admin' [qtp948395645-40 - /?v-1443457921854] WARN com.bekaert.handling.ui.core.main.ErrorView - Entered in error view: [qtp948395645-40 - /?v-1443457921854] DEBUG org.eclipse.jetty.server.Server - RESPONSE / 200 handled=true [qtp948395645-40] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=246},r=3} [qtp948395645-40] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0 [qtp948395645-42] DEBUG org.eclipse.jetty.http.HttpParser - filled 695/695 [qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.Server - REQUEST /UIDL/ on AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=2,l=48,c=200},r=4 [qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/UIDL/ # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/UIDL/ # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie [qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320 [qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909 [qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/UIDL/ -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c [qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null [qtp948395645-42 - /UIDL/?v-wsver=7.5.5&v-uiId=1] DEBUG org.eclipse.jetty.server.Server - RESPONSE /UIDL/ 200 handled=true [qtp948395645-42] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=200},r=4} [qtp948395645-42] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0 [qtp948395645-37] DEBUG org.eclipse.jetty.http.HttpParser - filled 607/607 [qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.Server - REQUEST /UIDL/ on AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=2,l=48,c=126},r=5 [qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/UIDL/ # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/UIDL/ # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie [qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320 [qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909 [qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/UIDL/ -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c [qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null [qtp948395645-37 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.Server - RESPONSE /UIDL/ 200 handled=true [qtp948395645-37] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=126},r=5} [qtp948395645-37] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0 [DefaultQuartzScheduler_Worker-10] DEBUG com.bekaert.handling.order.location.sap.connector.impl - Start search for new SAP orders [qtp948395645-39] DEBUG org.eclipse.jetty.http.HttpParser - filled 607/607 [qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.Server - REQUEST /UIDL/ on AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=2,l=48,c=126},r=6 [qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - scope null||/UIDL/ # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.handler.ContextHandler - context=||/UIDL/ # o.e.j.s.ServletContextHandler{/,null} [qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - Got Session ID 1mddljaq8cpy11l0btqfs6p34s from cookie [qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - sessionManager=org.eclipse.jetty.server.session.HashSessionManager#19868320 [qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.session - session=org.eclipse.jetty.server.session.HashedSession:1mddljaq8cpy11l0btqfs6p34s#1806836909 [qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - servlet ||/UIDL/ -> org.apache.felix.http.base.internal.DispatcherServlet-158d255c [qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.servlet.ServletHandler - chain=null [qtp948395645-39 - /UIDL/?v-uiId=1] DEBUG org.eclipse.jetty.server.Server - RESPONSE /UIDL/ 200 handled=true [qtp948395645-39] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Enabled read interest SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=4,h=0,b=0,c=-1},p=HttpParser{s=0,l=48,c=126},r=6} [qtp948395645-39] DEBUG org.eclipse.jetty.http.HttpParser - filled 0/0 [qtp948395645-36] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - ishut SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=-3},r=6} [qtp948395645-36] DEBUG org.eclipse.jetty.http.HttpParser - filled -1/0 [qtp948395645-36] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Disabled read interest while writing response SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=6} [qtp948395645-36] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - close SCEP#61bf045{l(/10.221.137.111:56462)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=6} [qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.io.nio - destroyEndPoint SCEP#61bf045{l(null)<->r(0.0.0.0/0.0.0.0:80),s=0,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=6} [qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.server.AbstractHttpConnection - closed AsyncHttpConnection#34d39e39,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=-3},r=6 [qtp948395645-37] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - ishut SCEP#5534412c{l(/10.221.137.111:56463)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#cf40a17,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0} [qtp948395645-37] DEBUG org.eclipse.jetty.http.HttpParser - filled -1/0 [qtp948395645-37] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Disabled read interest while writing response SCEP#5534412c{l(/10.221.137.111:56463)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#cf40a17,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-37] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - close SCEP#5534412c{l(/10.221.137.111:56463)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#cf40a17,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-42] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - ishut SCEP#1dcb12a9{l(/10.221.137.111:56464)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#6a011d1d,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0} [qtp948395645-42] DEBUG org.eclipse.jetty.http.HttpParser - filled -1/0 [qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.io.nio - destroyEndPoint SCEP#5534412c{l(null)<->r(0.0.0.0/0.0.0.0:80),s=0,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#cf40a17,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-42] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Disabled read interest while writing response SCEP#1dcb12a9{l(/10.221.137.111:56464)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#6a011d1d,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.server.AbstractHttpConnection - closed AsyncHttpConnection#cf40a17,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0 [qtp948395645-42] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - close SCEP#1dcb12a9{l(/10.221.137.111:56464)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#6a011d1d,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-42] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - ishut SCEP#6d491226{l(/10.221.137.111:56466)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#2c01d086,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0} [qtp948395645-42] DEBUG org.eclipse.jetty.http.HttpParser - filled -1/0 [qtp948395645-42] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Disabled read interest while writing response SCEP#6d491226{l(/10.221.137.111:56466)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#2c01d086,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-42] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - close SCEP#6d491226{l(/10.221.137.111:56466)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#2c01d086,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.io.nio - destroyEndPoint SCEP#1dcb12a9{l(null)<->r(0.0.0.0/0.0.0.0:80),s=0,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#6a011d1d,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.server.AbstractHttpConnection - closed AsyncHttpConnection#6a011d1d,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0 [qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.io.nio - destroyEndPoint SCEP#6d491226{l(null)<->r(0.0.0.0/0.0.0.0:80),s=0,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#2c01d086,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.server.AbstractHttpConnection - closed AsyncHttpConnection#2c01d086,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0 [qtp948395645-37] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - ishut SCEP#387f2edf{l(/10.221.137.111:56465)<->r(/10.224.129.14:80),s=1,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#574b3210,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0} [qtp948395645-37] DEBUG org.eclipse.jetty.http.HttpParser - filled -1/0 [qtp948395645-37] DEBUG org.eclipse.jetty.server.AsyncHttpConnection - Disabled read interest while writing response SCEP#387f2edf{l(/10.221.137.111:56465)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1r}-{AsyncHttpConnection#574b3210,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-37] DEBUG org.eclipse.jetty.io.nio.ChannelEndPoint - close SCEP#387f2edf{l(/10.221.137.111:56465)<->r(/10.224.129.14:80),s=1,open=true,ishut=true,oshut=false,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#574b3210,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.io.nio - destroyEndPoint SCEP#387f2edf{l(null)<->r(0.0.0.0/0.0.0.0:80),s=0,open=false,ishut=true,oshut=true,rb=false,wb=false,w=true,i=1!}-{AsyncHttpConnection#574b3210,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0} [qtp948395645-35 Selector0] DEBUG org.eclipse.jetty.server.AbstractHttpConnection - closed AsyncHttpConnection#574b3210,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=0,l=0,c=0},r=0 [Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask ! [Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Within ClientPingTimerTask: holder.currentSetOIDs, current size of which is 2 [Timer-2] INFO org.jinterop.dcom.core.PingObject - Simple Ping going for setId: 00000: 00 00 00 05 65 74 29 12 |....et). | [Timer-2] INFO org.jinterop - Sending REQUEST [Timer-2] INFO org.jinterop - Recieved RESPONSE [Timer-2] INFO org.jinterop.dcom.core.PingObject - Simple Ping Succeeded [Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Within ClientPingTimerTask: holder.seqNum 1 I don't know what all this means. Also, it doesn't happen always. If I restart my osgi program, there is a 1/2 change I have this problem.
grails - Spring Security Core Plugin - ajax call - Invalid remember-me token mismatch.
I get the below errors on the first ajax call after a remember-me login. (causes a manual login.) Strange thing is the persistent_login record is deleted and then it tries to find the record with the same key. (using tomcat and latests grails version and up-to-date plugins) *Full debug logging below : (Thank you for your help!) * 2013-01-20 13:34:14,261 [http-bio-8080-exec-3] DEBUG hibernate.SQL - delete from grails_persistent_login where series=? 2013-01-20 13:34:14,262 [http-bio-8080-exec-3] TRACE sql.BasicBinder - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ== 2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie 2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 2013-01-20 13:34:14,270 [http-bio-8080-exec-3] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed | Error 2013-01-20 13:34:14,274 [http-bio-8080-exec-3] ERROR [/].[default] - Servlet.service() for servlet [default] in context with path [] threw exception Message: Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack. Line | Method ->> 1110 | runWorker in java.util.concurrent.ThreadPoolExecutor - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | 603 | run in java.util.concurrent.ThreadPoolExecutor$Worker ^ 722 | run . . . in java.lang.Thread 2013-01-20 13:34:14,295 [http-bio-8080-exec-7] DEBUG access.ExceptionTranslationFilter - Chain processed normally 2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.HttpSessionSecurityContextRepository - HttpSession being created as SecurityContext is non-default 2013-01-20 13:34:14,305 [http-bio-8080-exec-7] WARN context.HttpSessionSecurityContextRepository - Failed to create a session, as response has been committed. Unable to store SecurityContext. 2013-01-20 13:34:14,305 [http-bio-8080-exec-7] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/grails-errorhandler'; to: '/grails-errorhandler' 2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Candidate is: '/grails-errorhandler'; pattern is / **; matched=true 2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - No HttpSession currently exists 2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created. 2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter' 2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter' 2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 2013-01-20 13:34:14,312 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie detected 2013-01-20 13:34:14,313 [http-bio-8080-exec-3] DEBUG hibernate.SQL - select persistent0_.series as series23_0_, persistent0_.last_used as last2_23_0_, persistent0_.token as token23_0_, persistent0_.username as username23_0_ from grails_persistent_login persistent0_ where persistent0_.series=? 2013-01-20 13:34:14,313 [http-bio-8080-exec-3] TRACE sql.BasicBinder - binding parameter [1] as [VARCHAR] - 0V7Xge3Qqb0Nged8S9BeJQ== 2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - No persistent token found for series id: 0V7Xge3Qqb0Nged8S9BeJQ== 2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie 2013-01-20 13:34:14,315 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 2013-01-20 13:34:14,316 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY] 2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG hierarchicalroles.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps. 2013-01-20 13:34:14,317 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - Authorization successful 2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object 2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter' 2013-01-20 13:34:14,318 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails-errorhandler?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain 2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/grails/error/development500.dispatch'; to: '/grails/error/development500.dispatch' 2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - Candidate is: '/grails/error/development500.dispatch'; pattern is /**; matched=true 2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter' 2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 3 of 9 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter' 2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 4 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 5 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 2013-01-20 13:34:14,321 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG authentication.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.AnonymousAuthenticationToken#9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 7 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 8 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc at position 9 of 9 in additional filter chain; firing Filter: 'SwitchUserFilter' 2013-01-20 13:34:14,322 [http-bio-8080-exec-3] DEBUG web.FilterChainProxy - /grails/error/development500.dispatch?brokerageOrderId=95&_search=false&nd=1358710454208&max=100000&page=1&sort=id&order=asc reached end of additional filter chain; proceeding with original chain 2013-01-20 13:34:14,690 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter - Chain processed normally 2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG access.ExceptionTranslationFilter - Chain processed normally 2013-01-20 13:34:14,755 [http-bio-8080-exec-3] DEBUG context.HttpSessionSecurityContextRepository - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 2013-01-20 13:34:14,755 [http-bio-
From the log it seems that a user with username:anonymousUser, role:ROLE_ANONYMOUS is authenticated successfully, but rememberme.PersistentTokenBasedRememberMeServices does not support anonymousUser and it cancelled cookie creation for that user.