search

benwilcock / spring-cloud-gateway-demo

Code and articles to help folks get started with Spring Cloud Gateway.
https://benwilcock.github.io/spring-cloud-gateway-demo/
Apache License 2.0
185 stars 123 forks source link

o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point #11

Closed ghost closed 3 years ago

ghost commented 3 years ago 
2021-01-16 11:11:36.699 DEBUG 25678 --- [nio-9006-exec-5] o.a.coyote.http11.Http11InputBuffer      : Received [GET /resource HTTP/1.1
Cache-Control: max-age=0
sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh-TW;q=0.9,zh;q=0.8,en-US;q=0.7,en;q=0.6
Cookie: Idea-7a683722=8c1e8430-d7d3-42ae-8f9d-452077f5ffca; SESSION=b414d9ae-ea0a-4fd9-8118-1008f60ebd8c; JSESSIONID=08BACF9128E1CC905EBABEFB1A12259B
Forwarded: proto=http;host=localhost;for="0:0:0:0:0:0:0:1:51113"
X-Forwarded-For: 0:0:0:0:0:0:0:1
X-Forwarded-Proto: http
X-Forwarded-Prefix: /mall
X-Forwarded-Port: 80
X-Forwarded-Host: localhost
host: 192.168.0.102:9006
content-length: 0

]
2021-01-16 11:11:36.700 DEBUG 25678 --- [nio-9006-exec-5] o.a.t.util.http.Rfc6265CookieProcessor   : Cookies: Parsing b[]: Idea-7a683722=8c1e8430-d7d3-42ae-8f9d-452077f5ffca; SESSION=b414d9ae-ea0a-4fd9-8118-1008f60ebd8c; JSESSIONID=08BACF9128E1CC905EBABEFB1A12259B
2021-01-16 11:11:36.700 DEBUG 25678 --- [nio-9006-exec-5] o.a.catalina.connector.CoyoteAdapter     :  Requested cookie session id is 08BACF9128E1CC905EBABEFB1A12259B
2021-01-16 11:11:36.700 DEBUG 25678 --- [nio-9006-exec-5] o.a.c.authenticator.AuthenticatorBase    : Security checking request GET /resource
2021-01-16 11:11:36.700 DEBUG 25678 --- [nio-9006-exec-5] org.apache.catalina.realm.RealmBase      :   No applicable constraints defined
2021-01-16 11:11:36.701 DEBUG 25678 --- [nio-9006-exec-5] o.a.c.authenticator.AuthenticatorBase    : Not subject to any constraint
2021-01-16 11:11:36.701 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2021-01-16 11:11:36.701 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2021-01-16 11:11:36.701 DEBUG 25678 --- [nio-9006-exec-5] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2021-01-16 11:11:36.701 DEBUG 25678 --- [nio-9006-exec-5] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@6d9a80f4. A new one will be created.
2021-01-16 11:11:36.701 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2021-01-16 11:11:36.701 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2021-01-16 11:11:36.701 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using org.springframework.security.web.csrf.CsrfFilter$DefaultRequiresCsrfMatcher@3f35e40a
2021-01-16 11:11:36.701 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.util.matcher.AndRequestMatcher   : Did not match
2021-01-16 11:11:36.701 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /resource' doesn't match 'POST /logout'
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 6 of 12 in additional filter chain; firing Filter: 'BearerTokenAuthenticationFilter'
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] org.apache.tomcat.util.http.Parameters   : Set encoding to UTF-8
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.s.DefaultSavedRequest            : pathInfo: both null (property equals)
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.s.DefaultSavedRequest            : queryString: both null (property equals)
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.s.DefaultSavedRequest            : requestURI: arg1=/resource; arg2=/resource (property equals)
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.s.DefaultSavedRequest            : serverPort: arg1=9006; arg2=9006 (property equals)
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.s.DefaultSavedRequest            : requestURL: arg1=http://192.168.0.102:9006/resource; arg2=http://192.168.0.102:9006/resource (property equals)
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.s.DefaultSavedRequest            : scheme: arg1=http; arg2=http (property equals)
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.s.DefaultSavedRequest            : serverName: arg1=192.168.0.102; arg2=192.168.0.102 (property equals)
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.s.DefaultSavedRequest            : contextPath: arg1=; arg2= (property equals)
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.s.DefaultSavedRequest            : servletPath: arg1=/resource; arg2=/resource (property equals)
2021-01-16 11:11:36.702 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.s.HttpSessionRequestCache        : Removing DefaultSavedRequest from session if present
2021-01-16 11:11:36.707 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2021-01-16 11:11:36.707 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2021-01-16 11:11:36.707 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@e298ee7d: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffc434: RemoteIpAddress: 192.168.0.102; SessionId: 08BACF9128E1CC905EBABEFB1A12259B; Granted Authorities: ROLE_ANONYMOUS'
2021-01-16 11:11:36.707 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2021-01-16 11:11:36.707 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2021-01-16 11:11:36.707 DEBUG 25678 --- [nio-9006-exec-5] o.s.security.web.FilterChainProxy        : /resource at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2021-01-16 11:11:36.707 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /resource; Attributes: [authenticated]
2021-01-16 11:11:36.708 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@e298ee7d: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffc434: RemoteIpAddress: 192.168.0.102; SessionId: 08BACF9128E1CC905EBABEFB1A12259B; Granted Authorities: ROLE_ANONYMOUS
2021-01-16 11:11:36.708 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@11ae194f, returned: -1
2021-01-16 11:11:36.709 DEBUG 25678 --- [nio-9006-exec-5] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) ~[spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:114) [spring-security-oauth2-resource-server-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_212]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_212]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.36.jar:9.0.36]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_212]