Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security - Access is denied (user is not anonymous) spring-security-core-4.0.3.RELEASE

Tags:

java

security

spring-mvc

spring

spring-security

can anyone see an failure in this Spring Security Config File?

After Login the i get a debug message:

Access is denied (user is not anonymous); delegating to AccessDeniedHandler org.springframework.security.access.AccessDeniedException: Access is denied

but I can access the application.

     @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.
      authorizeRequests().antMatchers("/register/verification/*/*").anonymous()
      .and().authorizeRequests().antMatchers("/register/test").anonymous()
      .and().authorizeRequests().antMatchers("/register").anonymous()
      .and().authorizeRequests().antMatchers("/forgot_password").anonymous().and().authorizeRequests().antMatchers("/triggeredBy/password**").permitAll()
      .and().authorizeRequests().antMatchers("/err/403").permitAll()
      .and().authorizeRequests().antMatchers("/login").anonymous()
      .and().authorizeRequests().anyRequest().authenticated()
      .and().formLogin().loginPage("/login").defaultSuccessUrl("/landingPage", true).failureUrl("/login?error=true").usernameParameter(
      "username").passwordParameter("password").and().logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout").and()
      .rememberMe().rememberMeCookieName("REMEMBER_ME").rememberMeParameter("remember_me").tokenValiditySeconds(123456).key(
      "49874795145977617241")
      .and().exceptionHandling().accessDeniedPage("/err/403");
  }

Stacktrace:

2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/js/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/forgot_password'
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/err/403'; against '/js/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/images/**']
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/triggeredby/password**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/err/403'; against '/img/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/images/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/err/403'
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/err/403'; against '/fonts/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/**/favicon.ico']
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/login'
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/err/403'; against '/favicon.ico'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/**/favicon.ico'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /login; Attributes: [anonymous]
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/error']
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@18b68a6c: Principal: de.upb.msapp.web.model.profiles.Profile@2; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: E46776770A1C922CDF1A00121BB6A4E3; Granted Authorities: ROLE_PATIENT, ROLE_PROFILE
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/error'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5b5cddbb, returned: -1
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/static/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/resources/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /err/403' doesn't match 'POST /logout
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/uploads/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/css/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /err/403' doesn't match 'POST /login
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/js/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 7 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/img/**'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 8 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/fonts/**'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 9 of 13 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/favicon.ico'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [io-8080-exec-10] s.s.w.a.r.RememberMeAuthenticationFilter : SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@18b68a6c: Principal: de.upb.msapp.web.model.profiles.Profile@2; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: E46776770A1C922CDF1A00121BB6A4E3; Granted Authorities: ROLE_PATIENT, ROLE_PROFILE'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /login at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /login at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.a.AnonymousAuthenticationFilter  : SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@18b68a6c: Principal: de.upb.msapp.web.model.profiles.Profile@2; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: E46776770A1C922CDF1A00121BB6A4E3; Granted Authorities: ROLE_PATIENT, ROLE_PROFILE'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is not anonymous); delegating to AccessDeniedHandler

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:157) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:96) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103) [spring-boot-actuator-1.3.1.RELEASE.jar:1.3.1.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_60]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_60]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]

2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
like image 676
Tim Schwalbe Avatar asked Jan 11 '16 10:01

Tim Schwalbe

1 Answers

From the Spring Security documentation

anonymous() Specify that URLs are allowed by anonymous users.

Lets take a look at some of your code:

.and().authorizeRequests().antMatchers("/login").anonymous()

You are telling the system to allow only anonymous users (ROLE_ANONYMOUS) to be able to call the /login mapping.

When you login with your user, the user has another role and is not anonymous anymore. For this code example you should use permitAll().

Most likely you also want to use permitAll() on other request matchers and in your case I would also use only one mapping for /login--> formLogin().

like image 100
kamwo Avatar answered Oct 25 '22 05:10

kamwo
Sign in to Comment

Related questions

ImageIO.read illegal argument exception - raster bands/colour space components?
Checking if a string contains a particular substring in Velocity
JPA merge in a RESTful web application with DTOs and Optimistic Locking?
Use system properties OR variables in log4j
template method pattern - naming conventions
Why is String.equals() faster than itself?
Why does max number of threads decrease when I increase max heap size?
InetAddress.getLocalHost().getHostAddress() is returning 127.0.1.1 [duplicate]
Difference between getFreespace() and getUsableSpace of File
package org.apache.commons.io does not exist error
How to inject CrudRepository in Spring JPA?
jersey 2: How to create custom HTTP param binding
RESTEasy Client + NoSuchMethodError
How to mock ResourceBundle.getString()?
How do I properly include an external jar file for a cordova plugin?
How is concatenation of final strings done in Java?
Compilation warning: Unchecked call to XXX as member of the raw type
spring pass value from property file to annotation
How can I run Play framework in HTTPS only in the dev mode?
Min/Max Date/DateTime in JodaTime

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!