Open camerojo opened 5 months ago
Spring versions id("org.springframework.boot") version "3.2.5" id("io.spring.dependency-management") version "1.1.0"
Spring 3 URL Matching.
Error:
org.springframework.web.util.pattern.PatternParseException: No more pattern data allowed after {*...} or ** pattern element
It is related to AntMatcher being replaced by PathPattern. I need to test out removing * and replacing with . It may be resolved by this, which I need to test out: docs
// .requestMatchers(HttpMethod.GET, "/api/admin/saved-search/*/load")
// .hasAnyRole("SYSTEMADMIN", "ADMIN", "PARTNERADMIN", "SEMILIMITED", "LIMITED", "READONLY")
// // POST: EXPORT SAVE SELECTION SAVED SEARCHES
// .requestMatchers(HttpMethod.POST,
// "/api/admin/saved-search-candidate/*/export/csv")
// .hasAnyRole("SYSTEMADMIN", "ADMIN", "PARTNERADMIN", "SEMILIMITED", "LIMITED", "READONLY")
//
// /*
// * SEARCH ENDPOINTS
// */
// // POST: ALL SEARCHES
// .requestMatchers(HttpMethod.POST, "/api/admin/**/search")
// .hasAnyRole("SYSTEMADMIN", "ADMIN", "PARTNERADMIN", "SEMILIMITED", "LIMITED", "READONLY")
//
// // POST: ALL PAGED SEARCHES
// .requestMatchers(HttpMethod.POST, "/api/admin/**/search-paged")
// .hasAnyRole("SYSTEMADMIN", "ADMIN", "PARTNERADMIN", "SEMILIMITED", "LIMITED", "READONLY")
// .requestMatchers(HttpMethod.PUT, "/api/admin/saved-list-candidate/*/merge")
// .hasAnyRole("SYSTEMADMIN", "ADMIN", "PARTNERADMIN", "SEMILIMITED", "LIMITED", "READONLY")
// PUT: REMOVE CANDIDATE FROM LIST
// .requestMatchers(HttpMethod.PUT, "/api/admin/saved-list-candidate/*/remove")
// .hasAnyRole("SYSTEMADMIN", "ADMIN", "PARTNERADMIN", "SEMILIMITED", "LIMITED", "READONLY")
// /*
// * CANDIDATE INTAKE ENDPOINTS
// */
// // GET (EXC. READ ONLY)
// .requestMatchers(HttpMethod.GET, "/api/admin/candidate/*/intake")
// .hasAnyRole("SYSTEMADMIN", "ADMIN", "PARTNERADMIN", "SEMILIMITED", "LIMITED",
// "READONLY")
//
// // PUT (EXC. READ ONLY)
// .requestMatchers(HttpMethod.PUT, "/api/admin/candidate/*/intake")
// .hasAnyRole("SYSTEMADMIN", "ADMIN", "PARTNERADMIN", "SEMILIMITED", "LIMITED")
//
// /*
// * JOB INTAKE ENDPOINTS
// */
// // GET (EXC. READ ONLY)
// .requestMatchers(HttpMethod.GET, "/api/admin/job/*/intake")
// .hasAnyRole("SYSTEMADMIN", "ADMIN", "PARTNERADMIN", "SEMILIMITED", "LIMITED",
// "READONLY")
//
// // PUT (EXC. READ ONLY)
// .requestMatchers(HttpMethod.PUT, "/api/admin/job/*/intake")
// .hasAnyRole("SYSTEMADMIN", "ADMIN", "PARTNERADMIN", "SEMILIMITED", "LIMITED")
CSRF docs
.csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())) // .csrf(CsrfConfigurer::disable)
Might have got past the csrf 403 and now getting a 401 @sadatmalik
Using generated security password: 4b9a663f-a220-42e9-b110-1f73968357cf
This generated password is for development use only. Your security configuration must be updated before running your application in production.
2024-04-30T20:06:07.710+10:00 INFO 18292 --- [ main] o.s.b.t.m.w.SpringBootMockServletContext : Initializing Spring TestDispatcherServlet ''
2024-04-30T20:06:07.710+10:00 INFO 18292 --- [ main] o.s.t.web.servlet.TestDispatcherServlet : Initializing Servlet ''
2024-04-30T20:06:07.711+10:00 INFO 18292 --- [ main] o.s.t.web.servlet.TestDispatcherServlet : Completed initialization in 1 ms
2024-04-30T20:06:07.764+10:00 INFO 18292 --- [ main] o.t.server.api.admin.AuthAdminApiTest : Started AuthAdminApiTest in 1.87 seconds (process running for 2.861)
2024-04-30T20:06:07.826+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@31e84f10, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@c4455b4, org.springframework.security.web.context.SecurityContextHolderFilter@7d4e424e, org.springframework.security.web.header.HeaderWriterFilter@16024b49, org.springframework.web.filter.CorsFilter@747f0f34, org.springframework.security.web.csrf.CsrfFilter@32068aef, org.springframework.security.web.authentication.logout.LogoutFilter@aade5a2, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@684430c1, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@1a53ac0c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@556ae220, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@74f92d14, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@60251ddb, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2059c3ff, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2689b752, org.springframework.security.web.access.ExceptionTranslationFilter@52463255, org.springframework.security.web.access.intercept.AuthorizationFilter@70a24463]] (1/1)
2024-04-30T20:06:07.827+10:00 DEBUG 18292 --- [ main] o.s.security.web.FilterChainProxy : Securing POST /api/admin/auth/login
2024-04-30T20:06:07.827+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/16)
2024-04-30T20:06:07.827+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/16)
2024-04-30T20:06:07.828+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/16)
2024-04-30T20:06:07.828+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/16)
2024-04-30T20:06:07.829+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/16)
2024-04-30T20:06:07.829+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (6/16)
2024-04-30T20:06:07.829+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (7/16)
2024-04-30T20:06:07.829+10:00 TRACE 18292 --- [ main] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST]
2024-04-30T20:06:07.829+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (8/16)
2024-04-30T20:06:07.829+10:00 TRACE 18292 --- [ main] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
2024-04-30T20:06:07.829+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (9/16)
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (10/16)
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] .w.a.u.DefaultLogoutPageGeneratingFilter : Did not render default logout page since request did not match [Ant [pattern='/logout', GET]]
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking BasicAuthenticationFilter (11/16)
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] o.s.s.w.a.www.BasicAuthenticationFilter : Did not process authentication request since failed to find username and password in Basic Authorization header
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/16)
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] o.s.s.w.s.HttpSessionRequestCache : matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/16)
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/16)
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (15/16)
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (16/16)
2024-04-30T20:06:07.830+10:00 TRACE 18292 --- [ main] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@7156f8cf]
2024-04-30T20:06:07.831+10:00 TRACE 18292 --- [ main] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@7156f8cf] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@5e7ea81b
2024-04-30T20:06:07.831+10:00 TRACE 18292 --- [ main] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2024-04-30T20:06:07.831+10:00 TRACE 18292 --- [ main] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-04-30T20:06:07.831+10:00 TRACE 18292 --- [ main] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-04-30T20:06:07.831+10:00 TRACE 18292 --- [ main] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2024-04-30T20:06:07.831+10:00 TRACE 18292 --- [ main] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.access.AccessDeniedException: Access Denied
at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) ~[spring-security-web-6.2.4.jar:6.2.4]
Done in other stories, so closing this out.
See also #352