beaniejoy
commented
2 years ago 궁금한 내용
override fun onAuthenticationFailure(
request: HttpServletRequest,
response: HttpServletResponse,
exception: AuthenticationException
) {
val signInRequest = objectMapper.readValue(request.reader, SignInRequest::class.java)
//...
}아래와 같은 에러 발생
java.io.IOException: Stream closed
at org.apache.catalina.connector.InputBuffer.throwIfClosed(InputBuffer.java:526) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:432) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at org.apache.catalina.connector.CoyoteReader.read(CoyoteReader.java:108) ~[tomcat-embed-core-9.0.63.jar:9.0.63]
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._loadMore(ReaderBasedJsonParser.java:276) ~[jackson-core-2.13.3.jar:2.13.3]
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._skipWSOrEnd(ReaderBasedJsonParser.java:2442) ~[jackson-core-2.13.3.jar:2.13.3]
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:698) ~[jackson-core-2.13.3.jar:2.13.3]
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:4761) ~[jackson-databind-2.13.3.jar:2.13.3]
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4667) ~[jackson-databind-2.13.3.jar:2.13.3]
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3642) ~[jackson-databind-2.13.3.jar:2.13.3]
at io.beaniejoy.dongnecafe.common.security.handler.ApiAuthenticationFailureHandler.onAuthenticationFailure(ApiAuthenticationFailureHandler.kt:27) ~[main/:na]중간에 reader close 된 것인지 궁금(아직 해결 못한 부분)
CSRF
http.csrf().disable()- Spring Security는 csrf 기능을 default로 가지고 있음
- 이런 상태로 api 방식 인증 설정을 적용해서 인증 api 호출하면
403 Forbidden에러응답 반환CsrfFilter코드 보면actualToken(request header에 담아져서 온 csrf token 값)이null이어서AccessDeniedHandler호출하게 됨
- 위와 같은 이유로 api 방식 인증 프로세스 적용을 위해서는 csrf 기능을 disable 처리해야 한다.
dongne-account-apidongne-service-api