search

spring-projects / spring-security

Spring Security
http://spring.io/projects/spring-security
Apache License 2.0
8.71k stars 5.86k forks source link

Full authentication is required to access this resource #15690

Open luohuanyu opened 2 weeks ago

luohuanyu commented 2 weeks ago

After I migrate from Spring boot 2.1.0.RELEASE to Spring Boot 3.3.2

SecurityContextHolder default securityContextHolderStrategy is diffrent from AnonymousAuthentication securityContextHolderStrategy

Authentication rewrite by AnonymousAuthentication filter

 @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        Supplier<SecurityContext> deferredContext = this.securityContextHolderStrategy.getDeferredContext();
        this.securityContextHolderStrategy
            .setDeferredContext(defaultWithAnonymous((HttpServletRequest) req, deferredContext));
        chain.doFilter(req, res);
    }

worked


    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        Supplier<SecurityContext> deferredContext = SecurityContextHolder.getDeferredContext();
        this.securityContextHolderStrategy
                .setDeferredContext(defaultWithAnonymous((HttpServletRequest) req, deferredContext));
        chain.doFilter(req, res);
    }
jzheaux commented 2 weeks ago

Hi, @luohuanyu, thanks for reaching out.

I'd like to look into this further for you, however I will need more information. Can you provide a minimal sample that demonstrates what is going wrong?

luohuanyu commented 2 weeks ago

page not found

ola-dotun commented 2 weeks ago

@luohuanyu https://stackoverflow.com/help/minimal-reproducible-example

jzheaux commented 1 week ago

Sorry for the type, @luohuanyu, I've updated the link. Also, @ola-dotun, thank you for jumping in with a corrected link.