Open guntutur opened 5 years ago
Just set recaptcha.security.loginFailuresThreshold
to 0
.
Hi thanks for the quick response!
i tried your suggestion, but after login it gives me error like this
// 20190926162241 // http://localhost:8090/error
{ "timestamp": "2019-09-26T09:22:40.703+0000", "status": 999, "error": "None", "message": "No message available" }
this is the debug log :
2019-09-26 16:22:40,568 DEBUG [http-nio-127.0.0.1-8090-exec-6] o.h.l.Loader: Result set row: 0 2019-09-26 16:22:40,568 DEBUG [http-nio-127.0.0.1-8090-exec-6] o.h.l.Loader: Result row: 2019-09-26 16:22:40,574 DEBUG [http-nio-127.0.0.1-8090-exec-6] c.z.h.p.ProxyConnection: UimToolsConnectionPool - Executed rollback on connection oracle.jdbc.driver.T4CConnection@224a72fc due to dirty commit state on close(). 2019-09-26 16:22:40,673 DEBUG [http-nio-127.0.0.1-8090-exec-6] o.s.s.w.a.s.CompositeSessionAuthenticationStrategy: Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@6f1fe538 2019-09-26 16:22:40,675 DEBUG [http-nio-127.0.0.1-8090-exec-6] c.g.m.r.s.RecaptchaAuthenticationFilter: Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5687b460: Principal: com.ssi.nossf.uim.tools.v1.config.security.CustomUserDetails@55458d8f; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 6F2683EB40E7CC11FA75DF9C43838844; Granted Authorities: Admin 2019-09-26 16:22:40,677 DEBUG [http-nio-127.0.0.1-8090-exec-6] c.g.m.r.s.l.InMemoryLoginFailuresManager: Clearing login failures for username: admin 2019-09-26 16:22:40,677 DEBUG [http-nio-127.0.0.1-8090-exec-6] c.g.m.r.s.l.LoginFailuresClearingHandler: Redirecting to DefaultSavedRequest Url: http://localhost:8090/error 2019-09-26 16:22:40,678 DEBUG [http-nio-127.0.0.1-8090-exec-6] o.s.s.w.DefaultRedirectStrategy: Redirecting to 'http://localhost:8090/error' 2019-09-26 16:22:40,679 DEBUG [http-nio-127.0.0.1-8090-exec-6] o.s.s.w.h.w.HstsHeaderWriter: Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@65086c00 2019-09-26 16:22:40,679 DEBUG [http-nio-127.0.0.1-8090-exec-6] o.s.s.w.c.HttpSessionSecurityContextRepository: SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@5687b460: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5687b460: Principal: com.ssi.nossf.uim.tools.v1.config.security.CustomUserDetails@55458d8f; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 6F2683EB40E7CC11FA75DF9C43838844; Granted Authorities: Admin' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@63bcc147 2019-09-26 16:22:40,679 DEBUG [http-nio-127.0.0.1-8090-exec-6] o.s.s.w.c.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed 2019-09-26 16:22:40,686 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/error'; against '/resources/*' 2019-09-26 16:22:40,686 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 2019-09-26 16:22:40,686 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 2019-09-26 16:22:40,686 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.c.HttpSessionSecurityContextRepository: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@5687b460: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5687b460: Principal: com.ssi.nossf.uim.tools.v1.config.security.CustomUserDetails@55458d8f; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 6F2683EB40E7CC11FA75DF9C43838844; Granted Authorities: Admin' 2019-09-26 16:22:40,686 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 4 of 12 in additional filter chain; firing Filter: 'CorsFilter' 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/error'; against '/logout' 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 6 of 12 in additional filter chain; firing Filter: 'RecaptchaAuthenticationFilter' 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.u.m.AntPathRequestMatcher: Request 'GET /error' doesn't match 'POST /login' 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.s.DefaultSavedRequest: pathInfo: both null (property equals) 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.s.DefaultSavedRequest: queryString: both null (property equals) 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.s.DefaultSavedRequest: requestURI: arg1=/error; arg2=/error (property equals) 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.s.DefaultSavedRequest: serverPort: arg1=8090; arg2=8090 (property equals) 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.s.DefaultSavedRequest: requestURL: arg1=http://localhost:8090/error; arg2=http://localhost:8090/error (property equals) 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.s.DefaultSavedRequest: scheme: arg1=http; arg2=http (property equals) 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.s.DefaultSavedRequest: serverName: arg1=localhost; arg2=localhost (property equals) 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.s.DefaultSavedRequest: contextPath: arg1=; arg2= (property equals) 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.s.DefaultSavedRequest: servletPath: arg1=/error; arg2=/error (property equals) 2019-09-26 16:22:40,687 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.s.HttpSessionRequestCache: Removing DefaultSavedRequest from session if present 2019-09-26 16:22:40,688 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 2019-09-26 16:22:40,688 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 2019-09-26 16:22:40,688 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5687b460: Principal: com.ssi.nossf.uim.tools.v1.config.security.CustomUserDetails@55458d8f; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 6F2683EB40E7CC11FA75DF9C43838844; Granted Authorities: Admin' 2019-09-26 16:22:40,688 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 2019-09-26 16:22:40,688 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 2019-09-26 16:22:40,688 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 2019-09-26 16:22:40,688 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.u.m.AntPathRequestMatcher: Checking match of request : '/error'; against '/logout' 2019-09-26 16:22:40,689 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor: Secure object: FilterInvocation: URL: /error; Attributes: [fullyAuthenticated] 2019-09-26 16:22:40,689 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5687b460: Principal: com.ssi.nossf.uim.tools.v1.config.security.CustomUserDetails@55458d8f; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 6F2683EB40E7CC11FA75DF9C43838844; Granted Authorities: Admin 2019-09-26 16:22:40,689 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.a.v.AffirmativeBased: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@573bc4b3, returned: 1 2019-09-26 16:22:40,689 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor: Authorization successful 2019-09-26 16:22:40,689 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor: RunAsManager did not change Authentication object 2019-09-26 16:22:40,689 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.FilterChainProxy: /error reached end of additional filter chain; proceeding with original chain 2019-09-26 16:22:40,689 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.w.s.DispatcherServlet: GET "/error", parameters={} 2019-09-26 16:22:40,691 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.w.s.m.m.a.RequestMappingHandlerMapping: Mapped to public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest) 2019-09-26 16:22:40,718 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.w.s.m.m.a.HttpEntityMethodProcessor: Using 'application/json', given [/] and supported [application/json, application/+json, application/json, application/*+json] 2019-09-26 16:22:40,718 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.w.s.m.m.a.HttpEntityMethodProcessor: Writing [{timestamp=Thu Sep 26 16:22:40 WIB 2019, status=999, error=None, message=No message available}] 2019-09-26 16:22:40,738 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.h.w.HstsHeaderWriter: Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@65086c00 2019-09-26 16:22:40,739 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.w.s.DispatcherServlet: Completed 500 INTERNAL_SERVER_ERROR 2019-09-26 16:22:40,739 DEBUG [http-nio-127.0.0.1-8090-exec-7] o.s.s.w.a.ExceptionTranslationFilter: Chain processed normally
btw i'm trying to implement this to spring mvc with default web security login
i see your log here stated that
2019-09-26 16:22:40,677 DEBUG [http-nio-127.0.0.1-8090-exec-6] c.g.m.r.s.l.LoginFailuresClearingHandler: Redirecting to DefaultSavedRequest Url: http://localhost:8090/error
i dont understand why upon successful login with captcha and my database authentication, LoginFailuresClearingHandler redirect me to /error
i can assure that my database authentication is successful from this line :
019-09-26 16:22:40,675 DEBUG [http-nio-127.0.0.1-8090-exec-6] c.g.m.r.s.RecaptchaAuthenticationFilter: Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5687b460: Principal: com.ssi.nossf.uim.tools.v1.config.security.CustomUserDetails@55458d8f; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 6F2683EB40E7CC11FA75DF9C43838844; Granted Authorities: Admin
Can you check this using: https://github.com/mkopylec/recaptcha-spring-boot-starter-samples ?
Hi @mkopylec i was able to integrate it using the starter, following your instruction here successfully :
Just set recaptcha.security.loginFailuresThreshold to 0.
but having some strange behaviour with this steps :
/login?recaptchaError&showRecaptcha
do you know why this behaviour happens? i could provide log and code sample, just name what you need.
Thanks!
I need to investigate it on my own. If I'll need some code from you I'll let you know.
Great! btw the steps i mentioned applies one after the other without refresh the browser or restarting the application
You have to do two things to get it work. Set login failures treshold to 0 in application.yml:
recaptcha:
security:
login-failures-threshold: 0
Remove the condition for displaying reCaptcha widget from your login form page. Wrong:
<div th:if="${#httpServletRequest.getParameter('showRecaptcha')}" class="g-recaptcha" data-sitekey="yoursitekey"></div>
Right:
<div class="g-recaptcha" data-sitekey="yoursitekey"></div>
Hi @mkopylec
You have to do two things to get it work. Set login failures treshold to 0 in application.yml:
recaptcha: security: login-failures-threshold: 0
Remove the condition for displaying reCaptcha widget from your login form page. Wrong:
<div th:if="${#httpServletRequest.getParameter('showRecaptcha')}" class="g-recaptcha" data-sitekey="yoursitekey"></div>
Right:
<div class="g-recaptcha" data-sitekey="yoursitekey"></div>
unfortunately, this is exactly the configuration and set up that i had in my code before facing the strange behaviour that i posted earlier. do you mind sharing your tested code which connect to database? i would be happy to try it
I've tested it using https://github.com/mkopylec/recaptcha-spring-boot-starter-samples The sample uses in-memory users and also counts login failures in-memory. It works that way. If you are using database instead in-memory storage it should act the same. If it's not then there is some kind of problem in your code which is communictaing with database. Or maybe your spring security configuration is wrong.
If you want me to help you with that you have to share me some code that suposed to work.
Hi, thanks for your contribution!
this might be not an issue rather a question.
i am aware of this #8
you said that
but what i want to achieve is something like recaptcha validation upon every login request without the need to previously check of unsuccessful login tries with the same username.
is it possible?