search

spring-projects / spring-security

Spring Security
http://spring.io/projects/spring-security
Apache License 2.0
8.72k stars 5.86k forks source link

Cannot get any authorities #5154

Closed SpaceNet closed 4 years ago

SpaceNet commented 6 years ago

Summary

Cannot get any authorities by login

Actual Behavior

Loggin in is maybe done but Not granted any authorities.

Expected Behavior

Loggin is done and granted ROLE_ADMIN

Configuration

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;

import com.example.user.service.LoginUserDetailsService;

@Configuration
@EnableWebSecurity
@ComponentScan("com.example")
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private LoginUserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
      throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/css/**", "/image/**", "/js/**");
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http.authorizeRequests()
         .antMatchers("/login", "/item").permitAll()
         .antMatchers("/supplier").hasRole("ADMIN")
         .anyRequest().authenticated();
        http.formLogin().permitAll();
        http.logout()
            .logoutSuccessUrl("/logout")
            .deleteCookies("JSESSIONID")
            .invalidateHttpSession(true).permitAll();

        //無効なセッションIDが指定された場合の遷移先を指定
        http.sessionManagement().invalidSessionUrl("/");

    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authProvider
          = new DaoAuthenticationProvider();
        authProvider.setUserDetailsService(userDetailsService);
        authProvider.setPasswordEncoder(encoder());
        return authProvider;
    }

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder(11);
    }
}

I made data with blow class

import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
import com.example.user.domain.model.User;
import com.example.user.domain.repository.UserRepository;

@Component
public class SetupData {
    @Autowired
    private UserRepository userRepository;

    @Autowired
    private PasswordEncoder encoder;

    @PostConstruct
    public void init() {
        initUsers();
    }

    private void initUsers() {

        long userCount = userRepository.countByUsername("john");
        if (0L == userCount) {
            //PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
            PasswordEncoder passwordEncoder = new BCryptPasswordEncoder(11);
            final User user1 = new User();
            user1.setUsername("john");
            user1.setPassword(passwordEncoder.encode("1"));
            user1.setAuthority("ADMIN");
            try { userRepository.save(user1);}
            catch(Exception e) {}

            final User user2 = new User();
            user2.setUsername("nasa");
            user2.setPassword(passwordEncoder.encode("1"));
            user2.setAuthority("ROLE_ADMIN");
            userRepository.save(user2);
        }
    }
}

repository is simple

public interface UserRepository extends JpaRepository<User, Long> {
    User findByUsername(String username);
    Long countByUsername(String username);

}

User class

package com.example.user.domain.model;

import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;

import lombok.Data;

@Data
@Entity
public class User{

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    @Column(nullable = false, unique = true)
    private String username;

    private String password;

    private String authority;

}

User SQL for MySQL

Create table user(
  id int NOT NULL PRIMARY KEY AUTO_INCREMENT,
  username VARCHAR(20) NOT NULL UNIQUE KEY,
  password VARCHAR(255) NOT NULL,
  authority VARCHAR(20) NOT NULL,
  updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
);

the service class

package com.example.user.service;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import com.example.user.domain.model.MyUserPrincipal;
import com.example.user.domain.model.User;
import com.example.user.domain.repository.UserRepository;

@Service
public class LoginUserDetailsService implements UserDetailsService {

    @Autowired
    private UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String username) {
        User user = userRepository.findByUsername(username);
        if (user == null) {
            throw new UsernameNotFoundException(username);
        }
        return new MyUserPrincipal(user);
    }
}

login.html

Login

User:
Password:

build.gradle

buildscript {
    ext {
        springBootVersion = '2.0.0.RELEASE'
    }
    repositories {
        mavenCentral()
        maven { url "https://repo.spring.io/snapshot" }
        maven { url "https://repo.spring.io/milestone" }
        maven { url 'http://jcenter.bintray.com' }
    }
    dependencies {
        classpath("io.spring.gradle:dependency-management-plugin:1.0.4.RELEASE")
        classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
        classpath("mysql:mysql-connector-java:5.1.45")
        classpath ("org.junit.platform:junit-platform-gradle-plugin:1.1.0")
    }
}

plugins {
    id "org.flywaydb.flyway" version "5.0.6"
}

flyway {
    url = "jdbc:mysql://localhost:3306/dev_db"
    user = "sa"
    password = ""
}

apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'io.spring.dependency-management'
apply plugin: 'org.springframework.boot'
apply plugin: 'org.junit.platform.gradle.plugin'

group = 'com.examp'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = 1.8

repositories {
    maven { url "https://repo.spring.io/snapshot" }
    maven { url "https://repo.spring.io/plugins-release" }
    maven { url "https://repo.spring.io/milestone" }
    maven { url "https://repository.jboss.org/nexus/content/repositories/releases" }
    mavenCentral()
}

dependencies {
    runtime('org.springframework.boot:spring-boot-devtools')

    compile('org.springframework.boot:spring-boot-starter-aop')
    compile('org.springframework.boot:spring-boot-starter-hateoas')
    compile('org.springframework.boot:spring-boot-starter-thymeleaf')
    compile('org.springframework.boot:spring-boot-starter-web')

    compile('org.springframework.boot:spring-boot-starter-webflux')
    testCompile('io.projectreactor:reactor-test')

    compile('org.springframework.data:spring-data-commons')

    compile("org.springframework.boot:spring-boot-starter-security")
    testCompile("org.springframework.security:spring-security-test")

    compile('org.flywaydb:flyway-core:5.0.7')
    compile('org.flywaydb.flyway-test-extensions:flyway-spring5-test:5.0.0')

    compile('org.springframework.boot:spring-boot-starter-jdbc')
    compile('mysql:mysql-connector-java:5.1.45')
    runtime('mysql:mysql-connector-java:5.1.45')
    testCompile('mysql:mysql-connector-java:5.1.45')
    testRuntime('mysql:mysql-connector-java:5.1.45')

    compile('org.springframework.boot:spring-boot-starter-data-jpa')
    compile('org.mybatis.spring.boot:mybatis-spring-boot-starter:1.3.1')
    compile('org.hibernate:hibernate-validator:6.0.8.Final')

    compile('org.slf4j:slf4j-api:1.7.+')
    compile('org.slf4j:log4j-over-slf4j:1.7.+')
    compile('org.slf4j:jcl-over-slf4j:1.7.+')

    compile('net.sf.dozer:dozer:5.5.1')

    compile('ch.qos.logback:logback-classic:1.2.3')

    compileOnly("org.projectlombok:lombok:1.16.20")
    testCompileOnly('org.projectlombok:lombok:1.16.20')

    compile('com.opencsv:opencsv:4.1')

}

the security log

22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/css/**'
22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/image/**'
22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/js/**'
22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.security.web.FilterChainProxy - /login at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.security.web.FilterChainProxy - /login at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@6521e82. A new one will be created.
22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.security.web.FilterChainProxy - /login at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.security.web.FilterChainProxy - /login at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.security.web.FilterChainProxy - /login at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
22:53:46.325 [http-nio-9090-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/logout'
22:53:46.326 [http-nio-9090-exec-4] DEBUG o.s.security.web.FilterChainProxy - /login at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
22:53:46.326 [http-nio-9090-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/login'
22:53:46.326 [http-nio-9090-exec-4] DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Request is to process authentication
22:53:46.326 [http-nio-9090-exec-4] DEBUG o.s.s.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
22:53:46.691 [http-nio-9090-exec-4] DEBUG o.s.s.w.a.s.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@6711ac41
22:53:46.692 [http-nio-9090-exec-4] DEBUG o.s.s.w.a.s.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.web.csrf.CsrfAuthenticationStrategy@68b59072
22:53:46.692 [http-nio-9090-exec-4] DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1817574d: Principal: com.example.user.domain.model.MyUserPrincipal@1814d785; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 287241A8FAC6F5DE7A741B101FDBD07F; Not granted any authorities
22:53:46.693 [http-nio-9090-exec-4] DEBUG o.s.s.w.a.SavedRequestAwareAuthenticationSuccessHandler - Redirecting to DefaultSavedRequest Url: http://localhost:9090/
22:53:46.693 [http-nio-9090-exec-4] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'http://localhost:9090/'
22:53:46.693 [http-nio-9090-exec-4] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@764b744b
22:53:46.693 [http-nio-9090-exec-4] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@1817574d: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1817574d: Principal: com.example.user.domain.model.MyUserPrincipal@1814d785; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 287241A8FAC6F5DE7A741B101FDBD07F; Not granted any authorities' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@6521e82
22:53:46.693 [http-nio-9090-exec-4] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/'; against '/css/**'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/'; against '/image/**'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/'; against '/js/**'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@1817574d: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1817574d: Principal: com.example.user.domain.model.MyUserPrincipal@1814d785; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 287241A8FAC6F5DE7A741B101FDBD07F; Not granted any authorities'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /' doesn't match 'POST /logout
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /' doesn't match 'POST /login
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 7 of 13 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.s.DefaultSavedRequest - pathInfo: both null (property equals)
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.s.DefaultSavedRequest - queryString: both null (property equals)
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.s.DefaultSavedRequest - requestURI: arg1=/; arg2=/ (property equals)
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.s.DefaultSavedRequest - serverPort: arg1=9090; arg2=9090 (property equals)
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.s.DefaultSavedRequest - requestURL: arg1=http://localhost:9090/; arg2=http://localhost:9090/ (property equals)
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.s.DefaultSavedRequest - scheme: arg1=http; arg2=http (property equals)
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.s.DefaultSavedRequest - serverName: arg1=localhost; arg2=localhost (property equals)
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.s.DefaultSavedRequest - contextPath: arg1=; arg2= (property equals)
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.s.DefaultSavedRequest - servletPath: arg1=/; arg2=/ (property equals)
22:53:46.697 [http-nio-9090-exec-5] DEBUG o.s.s.w.s.HttpSessionRequestCache - Removing DefaultSavedRequest from session if present
22:53:46.698 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
22:53:46.698 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
22:53:46.698 [http-nio-9090-exec-5] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1817574d: Principal: com.example.user.domain.model.MyUserPrincipal@1814d785; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 287241A8FAC6F5DE7A741B101FDBD07F; Not granted any authorities'
22:53:46.698 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
22:53:46.698 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
22:53:46.698 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
22:53:46.699 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /' doesn't match 'POST /logout
22:53:46.699 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/'; against '/login'
22:53:46.699 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/'; against '/item'
22:53:46.699 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/'; against '/supplier'
22:53:46.699 [http-nio-9090-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /; Attributes: [authenticated]
22:53:46.699 [http-nio-9090-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1817574d: Principal: com.example.user.domain.model.MyUserPrincipal@1814d785; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 287241A8FAC6F5DE7A741B101FDBD07F; Not granted any authorities
22:53:46.699 [http-nio-9090-exec-5] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@638ffa22, returned: 1
22:53:46.699 [http-nio-9090-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
22:53:46.699 [http-nio-9090-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
22:53:46.699 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - / reached end of additional filter chain; proceeding with original chain
22:53:46.706 [http-nio-9090-exec-5] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@764b744b
22:53:46.708 [http-nio-9090-exec-5] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
22:53:46.708 [http-nio-9090-exec-5] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
22:53:46.710 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/error'; against '/css/**'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/error'; against '/image/**'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/error'; against '/js/**'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@1817574d: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1817574d: Principal: com.example.user.domain.model.MyUserPrincipal@1814d785; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 287241A8FAC6F5DE7A741B101FDBD07F; Not granted any authorities'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /error' doesn't match 'POST /logout
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /error' doesn't match 'POST /login
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 7 of 13 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@1817574d: Principal: com.example.user.domain.model.MyUserPrincipal@1814d785; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 287241A8FAC6F5DE7A741B101FDBD07F; Not granted any authorities'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
22:53:46.711 [http-nio-9090-exec-5] DEBUG o.s.security.web.FilterChainProxy - /error reached end of additional filter chain; proceeding with original chain
22:53:46.923 [http-nio-9090-exec-5] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
22:53:46.924 [http-nio-9090-exec-5] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

Version

SpringBoot 2.0.0.RELEASE SpringSecurity 5.0.3.RELEASE

Sample

avinashsagar commented 6 years ago

There are no comments in this issue. Is this issue resolved? @SpaceNet - Were you able to get past this issue as I am also facing the same.

eleftherias commented 4 years ago

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.