Closed fanciz1227 closed 1 week ago
Oh... sorry, I solved the problem with the comment found in the previous issue..! If anyone happens to see this post, specifying it in authorizeHttpRequests with dispatcherTypeMatchers should solve the problem.
dispatcherTypeMatchers(DispatcherType.FORWARD, DispatcherType.ERROR).permitAll()
Hello I encountered the following error while configuring security through Spring Security version 6.2.4. I tried to set restricted access using anyRequest().authenticated() and requestMatchers, but encountered an unresolved issue.
Recently, user PavelBortnovskyi also left a comment about the same error that occurred previously. https://github.com/spring-projects/spring-security/issues/14011
It seems there might be a bug in the requestMatcher for the MVC Controller using JSP.
Below is the code I tested.
@RequestMapping(path = "/testweb") @Controller public class TestController { //This is Mvc Controller
}
@WebMvcTest(TestController.class) public class SecurityTest {
}
2024-05-04 19:09:26.060 [ INFO] [http-nio-8080-exec-1] [o.s.w.s.FrameworkServlet - initServletBean:532] --- Initializing Servlet 'dispatcherServlet' 2024-05-04 19:09:26.061 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.DispatcherServlet - initMultipartResolver:533] --- Detected StandardServletMultipartResolver 2024-05-04 19:09:26.061 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.DispatcherServlet - initLocaleResolver:557] --- Detected AcceptHeaderLocaleResolver 2024-05-04 19:09:26.061 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.DispatcherServlet - initThemeResolver:583] --- Detected FixedThemeResolver 2024-05-04 19:09:26.063 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.DispatcherServlet - initRequestToViewNameTranslator:733] --- Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@203f1447 2024-05-04 19:09:26.063 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.DispatcherServlet - initFlashMapManager:797] --- Detected org.springframework.web.servlet.support.SessionFlashMapManager@2673ba1f 2024-05-04 19:09:26.064 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.FrameworkServlet - initServletBean:549] --- enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data 2024-05-04 19:09:26.065 [ INFO] [http-nio-8080-exec-1] [o.s.w.s.FrameworkServlet - initServletBean:554] --- Completed initialization in 4 ms 2024-05-04 19:09:26.089 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.FilterChainProxy - getFilters:245] --- Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@57202722, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7bc342f6, org.springframework.security.web.context.SecurityContextHolderFilter@67b920c9, org.springframework.security.web.header.HeaderWriterFilter@77e467d9, org.springframework.web.filter.CorsFilter@20c3be4c, org.springframework.security.web.authentication.logout.LogoutFilter@1290fc6a, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@3f6fa2dd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@278e721e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@77d86aba, org.springframework.security.web.access.ExceptionTranslationFilter@c4e440b, org.springframework.security.web.access.intercept.AuthorizationFilter@38988d78]] (1/1) 2024-05-04 19:09:26.090 [DEBUG] [http-nio-8080-exec-1] [o.s.s.w.FilterChainProxy - doFilterInternal:223] --- Securing GET /testweb/get 2024-05-04 19:09:26.092 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking DisableEncodeUrlFilter (1/11) 2024-05-04 19:09:26.095 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking WebAsyncManagerIntegrationFilter (2/11) 2024-05-04 19:09:26.096 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking SecurityContextHolderFilter (3/11) 2024-05-04 19:09:26.098 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking HeaderWriterFilter (4/11) 2024-05-04 19:09:26.100 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking CorsFilter (5/11) 2024-05-04 19:09:26.102 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking LogoutFilter (6/11) 2024-05-04 19:09:26.103 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.l.LogoutFilter - requiresLogout:121] --- Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]] 2024-05-04 19:09:26.104 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking RequestCacheAwareFilter (7/11) 2024-05-04 19:09:26.104 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.s.HttpSessionRequestCache - getMatchingRequest:111] --- matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided 2024-05-04 19:09:26.104 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking SecurityContextHolderAwareRequestFilter (8/11) 2024-05-04 19:09:26.105 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking AnonymousAuthenticationFilter (9/11) 2024-05-04 19:09:26.107 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking ExceptionTranslationFilter (10/11) 2024-05-04 19:09:26.107 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking AuthorizationFilter (11/11) 2024-05-04 19:09:26.108 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.i.RequestMatcherDelegatingAuthorizationManager - check:74] --- Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@5af7a203] 2024-05-04 19:09:26.109 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.i.RequestMatcherDelegatingAuthorizationManager - check:83] --- Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@5af7a203] using org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda$1706/0x0000000134b3a530@6ed71619 2024-05-04 19:09:26.114 [DEBUG] [http-nio-8080-exec-1] [o.s.s.w.FilterChainProxy - lambda$doFilterInternal$3:227] --- Secured GET /testweb/get 2024-05-04 19:09:26.116 [DEBUG] [http-nio-8080-exec-1] [o.s.c.l.LogFormatUtils - traceDebug:120] --- GET "/testweb/get", parameters={} 2024-05-04 19:09:26.118 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.h.AbstractHandlerMapping - getHandler:531] --- Mapped to com.psg.payment.controller.TestController#getTest() 2024-05-04 19:09:26.156 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.v.AbstractView - render:307] --- View name '/testHtml', model {} 2024-05-04 19:09:26.160 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.v.InternalResourceView - renderMergedOutputModel:169] --- Forwarding to [/WEB-INF/jsp/testHtml.jsp] 2024-05-04 19:09:26.167 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.FilterChainProxy - getFilters:245] --- Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@57202722, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7bc342f6, org.springframework.security.web.context.SecurityContextHolderFilter@67b920c9, org.springframework.security.web.header.HeaderWriterFilter@77e467d9, org.springframework.web.filter.CorsFilter@20c3be4c, org.springframework.security.web.authentication.logout.LogoutFilter@1290fc6a, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@3f6fa2dd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@278e721e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@77d86aba, org.springframework.security.web.access.ExceptionTranslationFilter@c4e440b, org.springframework.security.web.access.intercept.AuthorizationFilter@38988d78]] (1/1) 2024-05-04 19:09:26.167 [DEBUG] [http-nio-8080-exec-1] [o.s.s.w.FilterChainProxy - doFilterInternal:223] --- Securing GET /WEB-INF/jsp/testHtml.jsp 2024-05-04 19:09:26.167 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking DisableEncodeUrlFilter (1/11) 2024-05-04 19:09:26.168 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking WebAsyncManagerIntegrationFilter (2/11) 2024-05-04 19:09:26.168 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking SecurityContextHolderFilter (3/11) 2024-05-04 19:09:26.168 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking HeaderWriterFilter (4/11) 2024-05-04 19:09:26.169 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking CorsFilter (5/11) 2024-05-04 19:09:26.169 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking LogoutFilter (6/11) 2024-05-04 19:09:26.170 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.l.LogoutFilter - requiresLogout:121] --- Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]] 2024-05-04 19:09:26.170 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking RequestCacheAwareFilter (7/11) 2024-05-04 19:09:26.170 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.s.HttpSessionRequestCache - getMatchingRequest:111] --- matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided 2024-05-04 19:09:26.170 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking SecurityContextHolderAwareRequestFilter (8/11) 2024-05-04 19:09:26.171 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking AnonymousAuthenticationFilter (9/11) 2024-05-04 19:09:26.171 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking ExceptionTranslationFilter (10/11) 2024-05-04 19:09:26.171 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking AuthorizationFilter (11/11) 2024-05-04 19:09:26.172 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.i.RequestMatcherDelegatingAuthorizationManager - check:74] --- Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@5af7a203]]] 2024-05-04 19:09:26.172 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.i.RequestMatcherDelegatingAuthorizationManager - check:83] --- Checking authorization on SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@5af7a203]]] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@26b285 2024-05-04 19:09:26.172 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.c.HttpSessionSecurityContextRepository - readSecurityContextFromSession:206] --- No HttpSession currently exists 2024-05-04 19:09:26.172 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.c.SupplierDeferredSecurityContext - init:72] --- Created SecurityContextImpl [Null authentication] 2024-05-04 19:09:26.172 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.c.SupplierDeferredSecurityContext - init:72] --- Created SecurityContextImpl [Null authentication] 2024-05-04 19:09:26.173 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.AnonymousAuthenticationFilter - defaultWithAnonymous:116] --- Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] 2024-05-04 19:09:26.174 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.AnonymousAuthenticationFilter - defaultWithAnonymous:127] --- Did not set SecurityContextHolder since already authenticated AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] 2024-05-04 19:09:26.180 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.ExceptionTranslationFilter - handleAccessDeniedException:194] --- Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.access.AccessDeniedException: Access Denied at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:110) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:110) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75) at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:110) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:110) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186) at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:175) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:150) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:110) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:175) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:150) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:653) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:419) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:340) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:277) at org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequestDispatcher.forward(HeaderWriterFilter.java:170) at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171) at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:314) at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1431) at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1167) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1106) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:903) at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885) at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:150) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:175) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:150) at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108) at org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231) at org.springframework.security.web.ObservationFilterChainDecorator$FilterObservation$SimpleFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:479) at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:340) at org.springframework.security.web.ObservationFilterChainDecorator.lambda$wrapSecured$0(ObservationFilterChainDecorator.java:82) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:128) at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:100) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240) at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323) at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224) at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:175) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:150) at org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:175) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:150) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:175) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:150) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) at java.base/java.lang.Thread.run(Thread.java:842)
2024-05-04 19:09:26.198 [DEBUG] [http-nio-8080-exec-1] [o.s.s.w.s.HttpSessionRequestCache - saveRequest:80] --- Saved request http://localhost:8080/WEB-INF/jsp/testHtml.jsp?continue to session 2024-05-04 19:09:26.199 [DEBUG] [http-nio-8080-exec-1] [o.s.s.w.a.Http403ForbiddenEntryPoint - commence:57] --- Pre-authenticated entry point called. Rejecting access 2024-05-04 19:09:26.199 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.h.w.HstsHeaderWriter - writeHeaders:151] --- Not injecting HSTS header since it did not match request to [Is Secure] 2024-05-04 19:09:26.202 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.FrameworkServlet - logResult:1138] --- Completed 403 FORBIDDEN 2024-05-04 19:09:26.206 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.FilterChainProxy - getFilters:245] --- Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@57202722, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7bc342f6, org.springframework.security.web.context.SecurityContextHolderFilter@67b920c9, org.springframework.security.web.header.HeaderWriterFilter@77e467d9, org.springframework.web.filter.CorsFilter@20c3be4c, org.springframework.security.web.authentication.logout.LogoutFilter@1290fc6a, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@3f6fa2dd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@278e721e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@77d86aba, org.springframework.security.web.access.ExceptionTranslationFilter@c4e440b, org.springframework.security.web.access.intercept.AuthorizationFilter@38988d78]] (1/1) 2024-05-04 19:09:26.206 [DEBUG] [http-nio-8080-exec-1] [o.s.s.w.FilterChainProxy - doFilterInternal:223] --- Securing GET /error 2024-05-04 19:09:26.207 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking DisableEncodeUrlFilter (1/11) 2024-05-04 19:09:26.207 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking WebAsyncManagerIntegrationFilter (2/11) 2024-05-04 19:09:26.207 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking SecurityContextHolderFilter (3/11) 2024-05-04 19:09:26.207 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking HeaderWriterFilter (4/11) 2024-05-04 19:09:26.207 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking CorsFilter (5/11) 2024-05-04 19:09:26.208 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking LogoutFilter (6/11) 2024-05-04 19:09:26.208 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.l.LogoutFilter - requiresLogout:121] --- Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]] 2024-05-04 19:09:26.208 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking RequestCacheAwareFilter (7/11) 2024-05-04 19:09:26.208 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.s.HttpSessionRequestCache - getMatchingRequest:111] --- matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided 2024-05-04 19:09:26.208 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking SecurityContextHolderAwareRequestFilter (8/11) 2024-05-04 19:09:26.208 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking AnonymousAuthenticationFilter (9/11) 2024-05-04 19:09:26.208 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking ExceptionTranslationFilter (10/11) 2024-05-04 19:09:26.208 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.ObservationFilterChainDecorator$VirtualFilterChain - doFilter:135] --- Invoking AuthorizationFilter (11/11) 2024-05-04 19:09:26.209 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.i.RequestMatcherDelegatingAuthorizationManager - check:74] --- Authorizing SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@2db77c64]] 2024-05-04 19:09:26.209 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.i.RequestMatcherDelegatingAuthorizationManager - check:83] --- Checking authorization on SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.core.ApplicationHttpRequest@2db77c64]] using org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$$Lambda$1706/0x0000000134b3a530@6ed71619 2024-05-04 19:09:26.210 [DEBUG] [http-nio-8080-exec-1] [o.s.s.w.FilterChainProxy - lambda$doFilterInternal$3:227] --- Secured GET /error 2024-05-04 19:09:26.210 [DEBUG] [http-nio-8080-exec-1] [o.s.c.l.LogFormatUtils - traceDebug:120] --- "ERROR" dispatch for GET "/error", parameters={} 2024-05-04 19:09:26.212 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.h.AbstractHandlerMapping - getHandler:531] --- Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest) 2024-05-04 19:09:26.223 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.m.m.a.AbstractMessageConverterMethodProcessor - writeWithMessageConverters:275] --- Using 'application/json', given [/] and supported [application/json, application/*+json] 2024-05-04 19:09:26.225 [DEBUG] [http-nio-8080-exec-1] [o.s.c.l.LogFormatUtils - traceDebug:120] --- Writing [{timestamp=Sat May 04 19:09:26 KST 2024, status=403, error=Forbidden, path=/testweb/get}] 2024-05-04 19:09:26.239 [DEBUG] [http-nio-8080-exec-1] [o.s.w.s.FrameworkServlet - logResult:1135] --- Exiting from "ERROR" dispatch, status 403 2024-05-04 19:09:26.239 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.c.HttpSessionSecurityContextRepository - readSecurityContextFromSession:213] --- Did not find SecurityContext in HttpSession D599ED1C6CED59B783E1B84289045F6E using the SPRING_SECURITY_CONTEXT session attribute 2024-05-04 19:09:26.239 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.c.SupplierDeferredSecurityContext - init:72] --- Created SecurityContextImpl [Null authentication] 2024-05-04 19:09:26.239 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.c.SupplierDeferredSecurityContext - init:72] --- Created SecurityContextImpl [Null authentication] 2024-05-04 19:09:26.240 [TRACE] [http-nio-8080-exec-1] [o.s.s.w.a.AnonymousAuthenticationFilter - defaultWithAnonymous:116] --- Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D599ED1C6CED59B783E1B84289045F6E], Granted Authorities=[ROLE_ANONYMOUS]]