Closed JunggiKim closed 1 week ago
Thanks for getting in touch @JunggiKim, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.
Having said that, your logs indicate "Invalid CSRF token found for http://localhost:8080/sign-up" and you have not permitted the ERROR
dispatch for anonymous users via .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll()
, hence the 401
. I'm going to close this issue.
Describe the bug Return 401 code and response body bin value even though permission was granted
To Reproduce Attempt to send http request to allowed resource Expected behavior Allow http requests and don't even see the default login page.
Sample
@Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
----That's the setting right now---- ------- Below is a spring security log taken in debug mode ------
2024-05-04 21:35:25.557 DEBUG 16184 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : Securing POST /sign-up 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] o.s.security.web.csrf.CsrfFilter : Invalid CSRF token found for http://localhost:8080/sign-up 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] o.s.s.w.access.AccessDeniedHandlerImpl : Responding with 403 status code 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : Securing POST /error 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor : Failed to authorize filter invocation [POST /error] with attributes [authenticated] 2024-05-04 21:35:25.558 DEBUG 16184 --- [nio-8080-exec-3] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@2ad23ed, matchingMediaTypes=[application/xhtml+xml, image/, text/html, text/plain], useEquals=false, ignoredMediaTypes=[/]]] 2024-05-04 21:35:25.559 DEBUG 16184 --- [nio-8080-exec-3] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using Or [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], And [Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@1e1b110d, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@1e1b110d, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[/]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@1e1b110d, matchingMediaTypes=[/*], useEquals=true, ignoredMediaTypes=[]]] 2024-05-04 21:35:25.559 DEBUG 16184 --- [nio-8080-exec-3] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@29a50a11 2024-05-04 21:35:25.559 DEBUG 16184 --- [nio-8080-exec-3] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest] 2024-05-04 21:35:25.559 DEBUG 16184 --- [nio-8080-exec-3] s.w.a.DelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@6ef5ba70 2024-05-04 21:35:25.559 DEBUG 16184 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext 2024-05-04 21:35:25.559 DEBUG 16184 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext 2024-05-04 21:35:25.559 DEBUG 16184 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request