Spring Security - Access is denied (user is not an

2019-01-25 09:09发布

站内文章 / Java
18 0 0

问题:

can anyone see an failure in this Spring Security Config File?

After Login the i get a debug message:

Access is denied (user is not anonymous); delegating to AccessDeniedHandler org.springframework.security.access.AccessDeniedException: Access is denied

but I can access the application.

     @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.
      authorizeRequests().antMatchers("/register/verification/*/*").anonymous()
      .and().authorizeRequests().antMatchers("/register/test").anonymous()
      .and().authorizeRequests().antMatchers("/register").anonymous()
      .and().authorizeRequests().antMatchers("/forgot_password").anonymous().and().authorizeRequests().antMatchers("/triggeredBy/password**").permitAll()
      .and().authorizeRequests().antMatchers("/err/403").permitAll()
      .and().authorizeRequests().antMatchers("/login").anonymous()
      .and().authorizeRequests().anyRequest().authenticated()
      .and().formLogin().loginPage("/login").defaultSuccessUrl("/landingPage", true).failureUrl("/login?error=true").usernameParameter(
      "username").passwordParameter("password").and().logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout").and()
      .rememberMe().rememberMeCookieName("REMEMBER_ME").rememberMeParameter("remember_me").tokenValiditySeconds(123456).key(
      "49874795145977617241")
      .and().exceptionHandling().accessDeniedPage("/err/403");
  }

Stacktrace:

2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/js/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/forgot_password'
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/err/403'; against '/js/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/images/**']
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/triggeredby/password**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/err/403'; against '/img/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/images/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/err/403'
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/err/403'; against '/fonts/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/**/favicon.ico']
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/login'
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/err/403'; against '/favicon.ico'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/**/favicon.ico'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /login; Attributes: [anonymous]
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/error']
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@18b68a6c: Principal: de.upb.msapp.web.model.profiles.Profile@2; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: E46776770A1C922CDF1A00121BB6A4E3; Granted Authorities: ROLE_PATIENT, ROLE_PROFILE
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/error'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5b5cddbb, returned: -1
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/static/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/resources/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /err/403' doesn't match 'POST /logout
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/uploads/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/css/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /err/403' doesn't match 'POST /login
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/js/**'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 7 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.826 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/img/**'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 8 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/fonts/**'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 9 of 13 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login'; against '/favicon.ico'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [io-8080-exec-10] s.s.w.a.r.RememberMeAuthenticationFilter : SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@18b68a6c: Principal: de.upb.msapp.web.model.profiles.Profile@2; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: E46776770A1C922CDF1A00121BB6A4E3; Granted Authorities: ROLE_PATIENT, ROLE_PROFILE'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /login at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : /err/403 at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /login at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [io-8080-exec-10] o.s.s.w.a.AnonymousAuthenticationFilter  : SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@18b68a6c: Principal: de.upb.msapp.web.model.profiles.Profile@2; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: E46776770A1C922CDF1A00121BB6A4E3; Granted Authorities: ROLE_PATIENT, ROLE_PROFILE'
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-5] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-7] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is not anonymous); delegating to AccessDeniedHandler

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:157) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:96) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103) [spring-boot-actuator-1.3.1.RELEASE.jar:1.3.1.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_60]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_60]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]

2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-9] tRepository$SaveToSessionResponseWrapper : Skip invoking on
2016-01-11 12:09:17.827 DEBUG 1372 --- [nio-8080-exec-8] tRepository$SaveToSessionResponseWrapper : Skip invoking on

回答1:

From the Spring Security documentation

anonymous() Specify that URLs are allowed by anonymous users.

Lets take a look at some of your code:

.and().authorizeRequests().antMatchers("/login").anonymous()

You are telling the system to allow only anonymous users (ROLE_ANONYMOUS) to be able to call the /login mapping.

When you login with your user, the user has another role and is not anonymous anymore. For this code example you should use permitAll().

Most likely you also want to use permitAll() on other request matchers and in your case I would also use only one mapping for /login--> formLogin().



回答2:

This worked for me - hasAuthority("ROLE_USER")

Try with @RolesAllowed("USER") instead of @RolesAllowed("ROLE_USER"). Eventually you could use hasAuthority("ROLE_USER") or hasRole("USER") instead of hasRole("ROLE_USER") .



回答3:

The solution is that the

img.img-rounded.img-responsive(alt='Avatar', src="#{_contextPath}#{profile.avatarPath}")

was wrong. After getting the right path it works for me.



标签: java spring security spring-mvc spring-security
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~