spring-security-01
一、demo
1. pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
</dependencies>
2. code
UaaApplication
@SpringBootApplication
public class UaaApplication {
public static void main(String[] args) {
SpringApplication.run(UaaApplication.class);
}
}
UserResource
@RestController
@RequestMapping("/api")
public class UserResource {
@GetMapping("/greeting")
public String greeting(){
return "greeting";
}
}
3. 日志
加 security 包前后的日志差异
- UserDetailsServiceAutoConfiguration
- DefaultSecurityFilterChain
2023-03-12 11:12:18.622 INFO 30528 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: 074a6fcf-1fc8-4ce1-afe6-1c094bc65c83
2023-03-12 11:12:18.693 INFO 30528 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@4a163575, org.springframework.security.web.context.SecurityContextPersistenceFilter@22a6e998, org.springframework.security.web.header.HeaderWriterFilter@5bc28f40, org.springframework.security.web.csrf.CsrfFilter@cdb2d95, org.springframework.security.web.authentication.logout.LogoutFilter@5679e96b, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@40e37b06, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@15400fff, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@7e642b88, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@2f2bff16, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@e57e5d6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@26cb5207, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@6b350309, org.springframework.security.web.session.SessionManagementFilter@7e74a380, org.springframework.security.web.access.ExceptionTranslationFilter@117525fe, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1cd3b138]
4. 访问
请求被重定向了(谁处理的)
login登录页请求(谁处理的)
favicon.ico(这是什么请求)
5. 登陆
使用 user 作为用户米,控制台打印的密码输入登陆
服务器是怎么知道要重定向到哪里的呢
默认的404错误处理
默认是使用 Cookie 识别的吗
二、demo2
1. 新增配置
- WebSecurityConfigurerAdapter
- configure 多个重载的区别
- http 的方法、req 的方法
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// 授权请求配置
http.authorizeRequests(req ->
// 要配置的路径
req.mvcMatchers("/api/greeting")
// 需要有角色
.hasRole("ADMIN"));
}
}
2. 访问
上面是缓存原因?后续访问 login 直接 404,访问其他则 403
3. 更改配置
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// 默认登录页
http.formLogin(Customizer.withDefaults())
// 授权请求配置
.authorizeRequests(req ->
// 要配置的路径
req.mvcMatchers("/api/greeting")
// 指定这个路径需要认证,此时覆盖了默认配置,那么其它未配置的路径就不会需要认证
.authenticated());
}
}
前面的登录页404是因为我们改了默认的配置(如何实现未更改的使用默认配置)
访问:http://localhost:8080/api/greeting , 跳转到默认登录页
好像即便 debug 启动,重新编译了项目,Reload 了,也还是需要重启。
三、Spring Filter
Spring Web Mvc 核心的一个类是 DispatcherServlet,前端控制器,负责处理并分发请求到我们的 Controller,它实际是一个 Servlet,而 Security Filter 在 Servlet 前执行,可以在请求到达 Controller 前过滤每个请求。
1. 过滤器示例
2. debug 看下日志
logging:
level:
org.springframework.security: debug
?? 日志折叠出了问题
2023-03-13 22:40:31.553 DEBUG 17368 --- [ main] eGlobalAuthenticationAutowiredConfigurer : Eagerly initializing {securityConfig=org.example.config.SecurityConfig$$EnhancerBySpringCGLIB$$6983fb68@47fbc56}
2023-03-13 22:40:31.556 INFO 17368 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: aec5d42f-25d6-4f01-9778-586cc578be6e
2023-03-13 22:40:31.694 DEBUG 17368 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'authenticated', for Mvc [pattern='/api/greeting']
2023-03-13 22:40:31.697 DEBUG 17368 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes
2023-03-13 22:40:31.698 DEBUG 17368 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes
2023-03-13 22:40:31.699 INFO 17368 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@4a163575, org.springframework.security.web.context.SecurityContextPersistenceFilter@4b6e1c0, org.springframework.security.web.header.HeaderWriterFilter@6dfa915a, org.springframework.security.web.csrf.CsrfFilter@6edcad64, org.springframework.security.web.authentication.logout.LogoutFilter@3ee0b4f7, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@79b84841, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@620c8641, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@7e642b88, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@654c7d2d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6cd64ee8, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@6b350309, org.springframework.security.web.session.SessionManagementFilter@cb7fa71, org.springframework.security.web.access.ExceptionTranslationFilter@55e42449, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@599e4d41]
3. 去掉配置
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
}
- Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).
- Adding web access control expression 'authenticated', for any request
2023-03-13 22:42:11.078 DEBUG 4108 --- [ main] eGlobalAuthenticationAutowiredConfigurer : Eagerly initializing {securityConfig=org.example.config.SecurityConfig$$EnhancerBySpringCGLIB$$6983fb68@46731692}
2023-03-13 22:42:11.081 INFO 4108 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: d8bab6a9-db12-4492-9b35-240cffff5b23
2023-03-13 22:42:11.119 DEBUG 4108 --- [ main] s.s.c.a.w.c.WebSecurityConfigurerAdapter : Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).
2023-03-13 22:42:11.141 DEBUG 4108 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'authenticated', for any request
2023-03-13 22:42:11.145 DEBUG 4108 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes
2023-03-13 22:42:11.145 DEBUG 4108 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes
2023-03-13 22:42:11.147 INFO 4108 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5c080ef3, org.springframework.security.web.context.SecurityContextPersistenceFilter@45404d5, org.springframework.security.web.header.HeaderWriterFilter@19f7222e, org.springframework.security.web.csrf.CsrfFilter@6a0094c9, org.springframework.security.web.authentication.logout.LogoutFilter@704641e3, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@79fd6f95, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@2e6f610d, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@188cbcde, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7a04fea7, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5cbe2654, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@66f0548d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4ee6291f, org.springframework.security.web.session.SessionManagementFilter@3c69362a, org.springframework.security.web.access.ExceptionTranslationFilter@6ecdbab8, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1e43e323]
访问:http://localhost:8080/api/greeting
- 认证返回 -1
2023-03-13 22:44:13.188 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@8be8b6e3: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2023-03-13 22:44:13.192 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@6e0d4ba5, returned: -1
2023-03-13 22:44:13.195 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
- 路径关联 session
2023-03-13 22:44:13.208 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache : DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/api/greeting]
- 重定向
2023-03-13 22:44:13.210 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/login'
2023-03-13 22:44:13.170 INFO 4108 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2023-03-13 22:44:13.170 INFO 4108 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2023-03-13 22:44:13.174 INFO 4108 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 4 ms
2023-03-13 22:44:13.182 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2023-03-13 22:44:13.183 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2023-03-13 22:44:13.183 DEBUG 4108 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2023-03-13 22:44:13.183 DEBUG 4108 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2023-03-13 22:44:13.184 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2023-03-13 22:44:13.185 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
2023-03-13 22:44:13.185 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
2023-03-13 22:44:13.185 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/greeting' doesn't match 'POST /logout'
2023-03-13 22:44:13.185 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 6 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2023-03-13 22:44:13.185 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/greeting' doesn't match 'POST /login'
2023-03-13 22:44:13.185 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 7 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2023-03-13 22:44:13.186 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
2023-03-13 22:44:13.186 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/greeting'; against '/logout'
2023-03-13 22:44:13.186 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 9 of 15 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2023-03-13 22:44:13.186 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 10 of 15 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2023-03-13 22:44:13.186 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache : saved request doesn't match
2023-03-13 22:44:13.186 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 11 of 15 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2023-03-13 22:44:13.187 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 12 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2023-03-13 22:44:13.187 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@8be8b6e3: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2023-03-13 22:44:13.187 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 13 of 15 in additional filter chain; firing Filter: 'SessionManagementFilter'
2023-03-13 22:44:13.188 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.session.SessionManagementFilter : Requested session ID 43FB800ECB69068FE3C3B035C7BC39AC is invalid.
2023-03-13 22:44:13.188 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 14 of 15 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2023-03-13 22:44:13.188 DEBUG 4108 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /api/greeting at position 15 of 15 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2023-03-13 22:44:13.188 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /api/greeting; Attributes: [authenticated]
2023-03-13 22:44:13.188 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@8be8b6e3: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2023-03-13 22:44:13.192 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@6e0d4ba5, returned: -1
2023-03-13 22:44:13.195 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) ~[spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:155) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:52) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:216) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.3.2.RELEASE.jar:5.3.2.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) [tomcat-embed-core-9.0.35.jar:9.0.35]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.35.jar:9.0.35]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_202]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_202]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.35.jar:9.0.35]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_202]
2023-03-13 22:44:13.198 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using Ant [pattern='/**', GET]
2023-03-13 22:44:13.198 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/api/greeting' matched by universal pattern '/**'
2023-03-13 22:44:13.198 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.*']]
2023-03-13 22:44:13.198 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/greeting'; against '/**/favicon.*'
2023-03-13 22:44:13.198 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2023-03-13 22:44:13.199 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@768ba86b, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[text/html, application/xhtml+xml, image/avif, image/webp, image/apng, application/xml;q=0.9, application/signed-exchange;v=b3;q=0.7, */*;q=0.8]
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing text/html
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith text/html = false
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/xhtml+xml
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/xhtml+xml = false
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing image/avif
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith image/avif = false
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing image/webp
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith image/webp = false
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing image/apng
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith image/apng = false
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/xml;q=0.9
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/xml;q=0.9 = false
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/signed-exchange;v=b3;q=0.7
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/signed-exchange;v=b3;q=0.7 = false
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing */*;q=0.8
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Ignoring
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Did not match any media types
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2023-03-13 22:44:13.201 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@768ba86b, matchingMediaTypes=[multipart/form-data], useEquals=false, ignoredMediaTypes=[*/*]]]
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[text/html, application/xhtml+xml, image/avif, image/webp, image/apng, application/xml;q=0.9, application/signed-exchange;v=b3;q=0.7, */*;q=0.8]
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing text/html
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : multipart/form-data .isCompatibleWith text/html = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/xhtml+xml
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : multipart/form-data .isCompatibleWith application/xhtml+xml = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing image/avif
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : multipart/form-data .isCompatibleWith image/avif = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing image/webp
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : multipart/form-data .isCompatibleWith image/webp = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing image/apng
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : multipart/form-data .isCompatibleWith image/apng = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/xml;q=0.9
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : multipart/form-data .isCompatibleWith application/xml;q=0.9 = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/signed-exchange;v=b3;q=0.7
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : multipart/form-data .isCompatibleWith application/signed-exchange;v=b3;q=0.7 = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing */*;q=0.8
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Ignoring
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Did not match any media types
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@768ba86b, matchingMediaTypes=[text/event-stream], useEquals=false, ignoredMediaTypes=[*/*]]]
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[text/html, application/xhtml+xml, image/avif, image/webp, image/apng, application/xml;q=0.9, application/signed-exchange;v=b3;q=0.7, */*;q=0.8]
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing text/html
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : text/event-stream .isCompatibleWith text/html = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/xhtml+xml
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : text/event-stream .isCompatibleWith application/xhtml+xml = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing image/avif
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : text/event-stream .isCompatibleWith image/avif = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing image/webp
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : text/event-stream .isCompatibleWith image/webp = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing image/apng
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : text/event-stream .isCompatibleWith image/apng = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/xml;q=0.9
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : text/event-stream .isCompatibleWith application/xml;q=0.9 = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/signed-exchange;v=b3;q=0.7
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : text/event-stream .isCompatibleWith application/signed-exchange;v=b3;q=0.7 = false
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing */*;q=0.8
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Ignoring
2023-03-13 22:44:13.202 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Did not match any media types
2023-03-13 22:44:13.203 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2023-03-13 22:44:13.203 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : All requestMatchers returned true
2023-03-13 22:44:13.208 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache : DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/api/greeting]
2023-03-13 22:44:13.208 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@768ba86b, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@768ba86b, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[text/html, application/xhtml+xml, image/avif, image/webp, image/apng, application/xml;q=0.9, application/signed-exchange;v=b3;q=0.7, */*;q=0.8]
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing text/html
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/xhtml+xml .isCompatibleWith text/html = false
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : image/* .isCompatibleWith text/html = false
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : text/html .isCompatibleWith text/html = true
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : All requestMatchers returned true
2023-03-13 22:44:13.209 DEBUG 4108 --- [nio-8080-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@3a22bad6
2023-03-13 22:44:13.210 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/login'
2023-03-13 22:44:13.210 DEBUG 4108 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@1baf3344
2023-03-13 22:44:13.210 DEBUG 4108 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2023-03-13 22:44:13.211 DEBUG 4108 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2023-03-13 22:44:13.214 DEBUG 4108 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2023-03-13 22:44:13.215 DEBUG 4108 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2023-03-13 22:44:13.215 DEBUG 4108 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2023-03-13 22:44:13.215 DEBUG 4108 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@8b1af89. A new one will be created.
2023-03-13 22:44:13.215 DEBUG 4108 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2023-03-13 22:44:13.215 DEBUG 4108 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
2023-03-13 22:44:13.215 DEBUG 4108 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
2023-03-13 22:44:13.215 DEBUG 4108 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /logout'
2023-03-13 22:44:13.215 DEBUG 4108 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 6 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2023-03-13 22:44:13.215 DEBUG 4108 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /login'
2023-03-13 22:44:13.215 DEBUG 4108 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 7 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2023-03-13 22:44:13.217 DEBUG 4108 --- [nio-8080-exec-2] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@1baf3344
2023-03-13 22:44:13.217 DEBUG 4108 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2023-03-13 22:44:13.217 DEBUG 4108 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
4. 输入用户名密码
- 认证成功
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/login'
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] w.a.UsernamePasswordAuthenticationFilter : Request is to process authentication
- 重定向
2023-03-13 22:49:33.620 DEBUG 16048 --- [nio-8080-exec-4] RequestAwareAuthenticationSuccessHandler : Redirecting to DefaultSavedRequest Url: http://localhost:8080/api/greeting
2023-03-13 22:49:33.620 DEBUG 16048 --- [nio-8080-exec-4] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/api/greeting'
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : /login at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : /login at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@530582f4. A new one will be created.
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : /login at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : /login at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : /login at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/logout'
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : /login at position 6 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/login'
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] w.a.UsernamePasswordAuthenticationFilter : Request is to process authentication
2023-03-13 22:49:33.494 DEBUG 16048 --- [nio-8080-exec-4] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2023-03-13 22:49:33.619 DEBUG 16048 --- [nio-8080-exec-4] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@2b34e38c
2023-03-13 22:49:33.619 DEBUG 16048 --- [nio-8080-exec-4] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.csrf.CsrfAuthenticationStrategy@7ae85f7e
2023-03-13 22:49:33.620 DEBUG 16048 --- [nio-8080-exec-4] w.a.UsernamePasswordAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ffc9140f: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 3EF445DC442CAD212DB8A0D4E58B9A54; Not granted any authorities
2023-03-13 22:49:33.620 DEBUG 16048 --- [nio-8080-exec-4] RequestAwareAuthenticationSuccessHandler : Redirecting to DefaultSavedRequest Url: http://localhost:8080/api/greeting
2023-03-13 22:49:33.620 DEBUG 16048 --- [nio-8080-exec-4] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/api/greeting'
2023-03-13 22:49:33.620 DEBUG 16048 --- [nio-8080-exec-4] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@7f926a73
2023-03-13 22:49:33.620 DEBUG 16048 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@ffc9140f: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ffc9140f: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 3EF445DC442CAD212DB8A0D4E58B9A54; Not granted any authorities' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@530582f4
2023-03-13 22:49:33.620 DEBUG 16048 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2023-03-13 22:49:33.622 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@ffc9140f: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ffc9140f: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 3EF445DC442CAD212DB8A0D4E58B9A54; Not granted any authorities'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/greeting' doesn't match 'POST /logout'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 6 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/greeting' doesn't match 'POST /login'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 7 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/greeting'; against '/logout'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 9 of 15 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 10 of 15 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.s.DefaultSavedRequest : pathInfo: both null (property equals)
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.s.DefaultSavedRequest : queryString: both null (property equals)
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.s.DefaultSavedRequest : requestURI: arg1=/api/greeting; arg2=/api/greeting (property equals)
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.s.DefaultSavedRequest : serverPort: arg1=8080; arg2=8080 (property equals)
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.s.DefaultSavedRequest : requestURL: arg1=http://localhost:8080/api/greeting; arg2=http://localhost:8080/api/greeting (property equals)
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.s.DefaultSavedRequest : scheme: arg1=http; arg2=http (property equals)
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.s.DefaultSavedRequest : serverName: arg1=localhost; arg2=localhost (property equals)
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.s.DefaultSavedRequest : contextPath: arg1=; arg2= (property equals)
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.s.DefaultSavedRequest : servletPath: arg1=/api/greeting; arg2=/api/greeting (property equals)
2023-03-13 22:49:33.623 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.s.HttpSessionRequestCache : Removing DefaultSavedRequest from session if present
2023-03-13 22:49:33.624 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 11 of 15 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2023-03-13 22:49:33.624 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 12 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2023-03-13 22:49:33.624 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter : SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ffc9140f: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 3EF445DC442CAD212DB8A0D4E58B9A54; Not granted any authorities'
2023-03-13 22:49:33.624 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 13 of 15 in additional filter chain; firing Filter: 'SessionManagementFilter'
2023-03-13 22:49:33.624 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 14 of 15 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2023-03-13 22:49:33.624 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting at position 15 of 15 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2023-03-13 22:49:33.624 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /api/greeting; Attributes: [authenticated]
2023-03-13 22:49:33.624 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ffc9140f: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 3EF445DC442CAD212DB8A0D4E58B9A54; Not granted any authorities
2023-03-13 22:49:33.625 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@203a77de, returned: 1
2023-03-13 22:49:33.625 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2023-03-13 22:49:33.625 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2023-03-13 22:49:33.625 DEBUG 16048 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /api/greeting reached end of additional filter chain; proceeding with original chain
2023-03-13 22:49:33.706 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@7f926a73
2023-03-13 22:49:33.707 DEBUG 16048 --- [nio-8080-exec-5] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2023-03-13 22:49:33.707 DEBUG 16048 --- [nio-8080-exec-5] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
5. 常见内建过滤器
