Probleme filtre - WebSecurityConfigurerAdapter

**quentinb56** · 28/03/2016, 14h19

Bonjour je rencontre un problème de filtre au niveau de spring.

Je filtre chaque pages en fonctions du roles de chaque personnes.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package main.webapp.security;
 
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
import main.webapp.dao.TbUserDAO;
import main.webapp.rest.AuthenticationTokenProcessingFilter;
 
@Configuration
@EnableWebSecurity
@ImportResource("classpath:/context.xml")
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// disable CSRF and Basic Authentication
		http.csrf().disable().httpBasic().disable();
 
		http.authorizeRequests().antMatchers("/rest/user/authenticate").permitAll()
				.antMatchers(HttpMethod.GET, "/rest/typeAnimation/**").hasRole("admin")//
				.antMatchers(HttpMethod.PUT, "/rest/news/**").hasRole("admin")//
				.antMatchers(HttpMethod.POST, "/rest/news/**").hasRole("admin")//
				.antMatchers(HttpMethod.DELETE, "/rest/news/**").hasRole("admin");
 
		// customization for REST Token AUTH
		http.addFilterBefore(new AuthenticationTokenProcessingFilter(userDao),
				UsernamePasswordAuthenticationFilter.class).sessionManagement()
				.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	}
 
	@Autowired
	private TbUserDAO userDao;
 
	@Override
	protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
		authManagerBuilder.userDetailsService(userDao).passwordEncoder(encoder);
	}
 
	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}
}

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:jee="http://www.springframework.org/schema/jee" xmlns:util="http://www.springframework.org/schema/util"
	xmlns:tx="http://www.springframework.org/schema/tx" xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="
			http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
			http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
			http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
			http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
			http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
			http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
	<context:annotation-config />
 
	<bean id="entityManagerFactory"
		class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
		<property name="persistenceUnitName" value="ubo.persistence" />
		<property name="jpaVendorAdapter">
			<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
				<property name="generateDdl" value="true" />
				<property name="showSql" value="true" />
			</bean>
		</property>
	</bean>
 
	<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
		<property name="entityManagerFactory" ref="entityManagerFactory" />
	</bean>
 
	<bean id="animationDAO" class="main.webapp.dao.TbAnimationDAO"></bean>
	<bean id="animationOptionDAO" class="main.webapp.dao.TbAnimationOptionDAO"></bean>
	<bean id="optionDAO" class="main.webapp.dao.TbOptionDAO"></bean>
	<bean id="reservationDAO" class="main.webapp.dao.TbReservationDAO"></bean>
	<bean id="roleDAO" class="main.webapp.dao.TbRoleDAO"></bean>
	<bean id="typeAnimationDAO" class="main.webapp.dao.TbTypeAnimationDAO"></bean>
	<bean id="userDao" class="main.webapp.dao.TbUserDAO"></bean>
 
	<bean id="passwordEncoder"
		class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
	</bean>
 
	<tx:annotation-driven transaction-manager="transactionManager" />
 
 
	<context:component-scan base-package="main.webapp.rest.resources" />
 
	<bean id="objectMapper" class="org.codehaus.jackson.map.ObjectMapper" />
 
	<bean id="unauthorizedEntryPoint" class="main.webapp.rest.UnauthorizedEntryPoint" />
 
	<bean class="main.webapp.rest.AuthenticationTokenProcessingFilter"
		id="authenticationTokenProcessingFilter">
		<constructor-arg ref="userDao" />
	</bean>
 
</beans>

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
angular.module('exampleApp', ['ngRoute', 'ngCookies', 'exampleApp.services'])
	.config(
		[ '$routeProvider', '$locationProvider', '$httpProvider', function($routeProvider, $locationProvider, $httpProvider) {
 
			$routeProvider.when('/create', {
				templateUrl: 'partials/create.html',
				controller: CreateController
			});
 
			$routeProvider.when('/edit/:id', {
				templateUrl: 'partials/edit.html',
				controller: EditController
			});
 
			$routeProvider.when('/login', {
				templateUrl: 'partials/login.html',
				controller: LoginController
			});
 
			$routeProvider.when('/animationTypes', {
				templateUrl: 'partials/animationTypes.html',
				controller: AnimationTypeController
			});
 
			$routeProvider.when('/animations', {
				templateUrl: 'partials/animations.html',
				controller: AnimationController
			});
 
			$routeProvider.otherwise({
				templateUrl: 'partials/index.html',
				controller: IndexController
			});
 
			$locationProvider.hashPrefix('!');
 
			/* Register error provider that shows message on failed requests or redirects to login page on
			 * unauthenticated requests */
		    $httpProvider.interceptors.push(function ($q, $rootScope, $location) {
			        return {
			        	'responseError': function(rejection) {
			        		var status 		= rejection.status;
			        		var statusText 	= rejection.statusText;
			        		var config 		= rejection.config;
			        		var method 		= config.method;
			        		var url 		= config.url;
 
			        		if (status == 401) {
			        			$location.path( "/login" );
			        		} else {
			        			$rootScope.error = method + " on " + url + " failed with status " + status + " - " + statusText;
			        			console.log(rejection);
			        		}
 
			        		return $q.reject(rejection);
			        	}
			        };
			    }
		    );
 
		    /* Registers auth token interceptor, auth token is either passed by header or by query parameter
		     * as soon as there is an authenticated user */
		    $httpProvider.interceptors.push(function ($q, $rootScope, $location) {
		        return {
		        	'request': function(config) {
		        		var isRestCall = config.url.indexOf('rest') == 0;
		        		if (isRestCall && angular.isDefined($rootScope.authToken)) {
		        			var authToken = $rootScope.authToken;
		        			if (exampleAppConfig.useAuthTokenHeader) {
		        				config.headers['X-Auth-Token'] = authToken;
		        			} else {
		        				config.url = config.url + "?token=" + authToken;
		        			}
		        		}
		        		return config || $q.when(config);
		        	}
		        };
		    }
	    );
 
		} ]
 
	).run(function($rootScope, $location, $cookieStore, UserService) {
 
		/* Reset error when a new view is loaded */
		$rootScope.$on('$viewContentLoaded', function() {
			delete $rootScope.error;
		});
 
		$rootScope.hasRole = function(role) {
 
			if ($rootScope.user === undefined) {
				return false;
			}
			if ($rootScope.user.roles[role] === undefined) {
				return false;
			}
			return $rootScope.user.roles[role];
		};
 
		$rootScope.logout = function() {
			delete $rootScope.user;
			delete $rootScope.authToken;
			$cookieStore.remove('authToken');
			$location.path("/login");
		};
 
		 /* Try getting valid user from cookie or go to login page */
		var originalPath = $location.path();
		$location.path("/login");
		var authToken = $cookieStore.get('authToken');
		if (authToken !== undefined) {
			$rootScope.authToken = authToken;
			UserService.get(function(user) {
				$rootScope.user = user;
				$location.path(originalPath);
			});
		}
 
		$rootScope.initialized = true;
	});
 
 
function IndexController($scope, NewsService) {
 
	$scope.newsEntries = NewsService.query();
 
	$scope.deleteEntry = function(newsEntry) {
		newsEntry.$remove(function() {
			$scope.newsEntries = NewsService.query();
		});
	};
};
 
 
function EditController($scope, $routeParams, $location, NewsService) {
 
	$scope.newsEntry = NewsService.get({id: $routeParams.id});
 
	$scope.save = function() {
		$scope.newsEntry.$save(function() {
			$location.path('/');
		});
	};
};
 
 
function CreateController($scope, $location, NewsService) {
 
	$scope.newsEntry = new NewsService();
 
	$scope.save = function() {
		$scope.newsEntry.$save(function() {
			$location.path('/');
		});
	};
};
 
 
function LoginController($scope, $rootScope, $location, $cookieStore, UserService) {
 
	$scope.rememberMe = false;
 
	$scope.login = function() {
		UserService.authenticate($.param({username: $scope.username, password: $scope.password}), function(authenticationResult) {
			var authToken = authenticationResult.token;
			$rootScope.authToken = authToken;
			if ($scope.rememberMe) {
				$cookieStore.put('authToken', authToken);
			}
			UserService.get(function(user) {
				$rootScope.user = user;
				$location.path("/");
			});
		});
	};
};
 
function AnimationTypeController($scope, AnimationTypesService) {
 
	$scope.animationTypesEntries = AnimationTypesService.query();
 
	$scope.deleteEntry = function(animationTypesEntry) {
		animationTypesEntry.$remove(function() {
			$scope.animationTypesEntries = AnimationTypesService.query();
		});
	};
};
 
function AnimationController($scope, AnimationsService) {
 
	$scope.animationEntries = AnimationsService.query();
 
	$scope.deleteEntry = function(animationsEntry) {
		animationsEntry.$remove(function() {
			$scope.animationEntries = AnimationsService.query();
		});
	};
};
 
 
var services = angular.module('exampleApp.services', ['ngResource']);
 
services.factory('UserService', function($resource) {
 
	return $resource('rest/user/:action', {},
			{
				authenticate: {
					method: 'POST',
					params: {'action' : 'authenticate'},
					headers : {'Content-Type': 'application/x-www-form-urlencoded'}
				},
			}
		);
});
 
services.factory('NewsService', function($resource) {
 
	return $resource('rest/news/:id', {id: '@id'});
});
 
services.factory('AnimationTypesService', function($resource) {
	return $resource('rest/typeAnimation/:id', {id: '@id'});
});
 
services.factory('AnimationsService', function($resource) {
	return $resource('rest/animation/:id', {id: '@id'});
});

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package main.webapp.rest;
 
import java.io.IOException;
 
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
 
import org.springframework.context.annotation.Scope;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.GenericFilterBean;
 
public class AuthenticationTokenProcessingFilter extends GenericFilterBean {
 
	private final UserDetailsService userService;
 
	public AuthenticationTokenProcessingFilter(UserDetailsService userService) {
		this.userService = userService;
	}
 
	@Override
	@Scope("request")
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest httpRequest = this.getAsHttpRequest(request);
 
		String authToken = this.extractAuthTokenFromRequest(httpRequest);
		String userName = TokenUtils.getUserNameFromToken(authToken);
 
		if (userName != null) {
			try {
				UserDetails userDetails = this.userService.loadUserByUsername(userName);
 
				if (TokenUtils.validateToken(authToken, userDetails)) {
					UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
							userDetails, null, userDetails.getAuthorities());
					System.out.println("userDetails.getAuthorities() : " + userDetails.getAuthorities());
					authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
					SecurityContextHolder.getContext().setAuthentication(authentication);
				}
			} catch (UsernameNotFoundException e) {
				System.out.println("erreur : " + e);
			}
		}
		chain.doFilter(request, response);
	}
 
	private HttpServletRequest getAsHttpRequest(ServletRequest request) {
		if (!(request instanceof HttpServletRequest)) {
			throw new RuntimeException("Expecting an HTTP request");
		}
 
		return (HttpServletRequest) request;
	}
 
	private String extractAuthTokenFromRequest(HttpServletRequest httpRequest) {
		/* Get token from header */
		String authToken = httpRequest.getHeader("X-Auth-Token");
 
		/* If token not found get it from request parameter */
		if (authToken == null) {
			authToken = httpRequest.getParameter("token");
		}
 
		return authToken;
	}
}

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
package main.webapp.bean;
 
import static javax.persistence.GenerationType.IDENTITY;
 
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
 
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
 
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
 
@Entity
@Table(name = "tb_user", catalog = "brest2016")
public class TbUser implements java.io.Serializable, UserDetails {
 
	/**
         * 
         */
	private static final long serialVersionUID = 1L;
	private Integer DUsCode;
	private String VUsNom;
	private String VUsPrenom;
	private String VUsMdp;
	private String VUsEmail;
	private String VUsTelephone;
	private Date dtUsDebut;
	private Date dtUsFin;
	private Set<TbReservation> tbReservations = new HashSet<TbReservation>();
 
	private Set<TbRole> tbRoles = new HashSet<TbRole>(0);
 
	public TbUser() {
	}
 
	public TbUser(String VUsNom, String VUsPrenom, String VUsMdp, String VUsEmail) {
		this.VUsNom = VUsNom;
		this.VUsPrenom = VUsPrenom;
		this.VUsMdp = VUsMdp;
		this.VUsEmail = VUsEmail;
	}
 
	public TbUser(String VUsNom, String VUsPrenom, String VUsMdp, String VUsEmail, String VUsTelephone, Date dtUsDebut,
			Date dtUsFin, Set<TbReservation> tbReservations, Set<TbRole> tbRoles) {
		this.VUsNom = VUsNom;
		this.VUsPrenom = VUsPrenom;
		this.VUsMdp = VUsMdp;
		this.VUsEmail = VUsEmail;
		this.VUsTelephone = VUsTelephone;
		this.dtUsDebut = dtUsDebut;
		this.dtUsFin = dtUsFin;
		this.tbReservations = tbReservations;
		this.tbRoles = tbRoles;
	}
 
	@Id
	@GeneratedValue(strategy = IDENTITY)
	@Column(name = "D_US_CODE", unique = true, nullable = false)
	public Integer getDUsCode() {
		return this.DUsCode;
	}
 
	public void setDUsCode(Integer DUsCode) {
		this.DUsCode = DUsCode;
	}
 
	@Column(name = "V_US_NOM", nullable = false, length = 45)
	public String getVUsNom() {
		return this.VUsNom;
	}
 
	public void setVUsNom(String VUsNom) {
		this.VUsNom = VUsNom;
	}
 
	@Column(name = "V_US_PRENOM", nullable = false, length = 45)
	public String getVUsPrenom() {
		return this.VUsPrenom;
	}
 
	public void setVUsPrenom(String VUsPrenom) {
		this.VUsPrenom = VUsPrenom;
	}
 
	@Column(name = "V_US_MDP", nullable = false, length = 255)
	public String getVUsMdp() {
		return this.VUsMdp;
	}
 
	public void setVUsMdp(String VUsMdp) {
		this.VUsMdp = VUsMdp;
	}
 
	@Column(name = "V_US_EMAIL", nullable = false, length = 45)
	public String getVUsEmail() {
		return this.VUsEmail;
	}
 
	public void setVUsEmail(String VUsEmail) {
		this.VUsEmail = VUsEmail;
	}
 
	@Column(name = "V_US_TELEPHONE", length = 45)
	public String getVUsTelephone() {
		return this.VUsTelephone;
	}
 
	public void setVUsTelephone(String VUsTelephone) {
		this.VUsTelephone = VUsTelephone;
	}
 
	@Temporal(TemporalType.TIMESTAMP)
	@Column(name = "DT_US_DEBUT", length = 19)
	public Date getDtUsDebut() {
		return this.dtUsDebut;
	}
 
	public void setDtUsDebut(Date dtUsDebut) {
		this.dtUsDebut = dtUsDebut;
	}
 
	@Temporal(TemporalType.TIMESTAMP)
	@Column(name = "DT_US_FIN", length = 19)
	public Date getDtUsFin() {
		return this.dtUsFin;
	}
 
	public void setDtUsFin(Date dtUsFin) {
		this.dtUsFin = dtUsFin;
	}
 
	@OneToMany(fetch = FetchType.LAZY, mappedBy = "tbUser")
	public Set<TbReservation> getTbReservations() {
		return this.tbReservations;
	}
 
	public void setTbReservations(Set<TbReservation> tbReservations) {
		this.tbReservations = tbReservations;
	}
 
	@ManyToMany(fetch = FetchType.LAZY, cascade = CascadeType.ALL)
	@JoinTable(name = "tb_user_role", catalog = "brest2016", joinColumns = {
			@JoinColumn(name = "tb_role_D_RO_CODE", nullable = false, updatable = false) }, inverseJoinColumns = {
					@JoinColumn(name = "tb_user_D_US_CODE", nullable = false, updatable = false) })
	public Set<TbRole> getTbRoles() {
		return this.tbRoles;
	}
 
	public void setTbRoles(Set<TbRole> tbRoles) {
		this.tbRoles = tbRoles;
	}
 
	public void addRole(TbRole pRole) {
		tbRoles.add(pRole);
	}
 
	@Override
	@Transient
	public Collection<? extends GrantedAuthority> getAuthorities() {
		Set<TbRole> roles = this.getTbRoles();
 
		if (roles == null) {
			return Collections.emptyList();
		}
 
		Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
		for (TbRole role : roles) {
			authorities.add(new SimpleGrantedAuthority(role.getVRoLibelle()));
		}
 
		return authorities;
	}
 
	@Override
	@Transient
	public String getPassword() {
		return this.VUsMdp;
	}
 
	@Override
	@Transient
	public String getUsername() {
		return this.VUsNom;
	}
 
	@Override
	@Transient
	public boolean isAccountNonExpired() {
		return true;
	}
 
	@Override
	@Transient
	public boolean isAccountNonLocked() {
		return true;
	}
 
	@Override
	@Transient
	public boolean isCredentialsNonExpired() {
		return true;
	}
 
	@Override
	@Transient
	public boolean isEnabled() {
		return true;
	}
 
}

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<artifactId>WebBrest2016_V2</artifactId>
	<version>0.1.0-Version</version>
	<packaging>war</packaging>
 
	<properties>
		<!-- Spring Security is based on Spring 3.0.7 -->
		<spring.version>4.2.5.RELEASE</spring.version>
		<spring.security.version>4.0.4.RELEASE</spring.security.version>
		<jersey.version>1.18.1</jersey.version>
		<org.slf4j.version>1.7.7</org.slf4j.version>
		<javax.servlet-api.version>3.1.0</javax.servlet-api.version>
		<org.hibernate.version>4.3.11.Final</org.hibernate.version>
		<maven-compiler-plugin.version>3.1</maven-compiler-plugin.version>
		<org.hsqldb.version>2.3.2</org.hsqldb.version>
		<commons-dbcp.version>1.4</commons-dbcp.version>
		<junit.version>4.11</junit.version>
		<org.eclipse.jetty.jetty-maven-plugin.version>9.1.1.v20140108</org.eclipse.jetty.jetty-maven-plugin.version>
	</properties>
 
	<prerequisites>
		<maven>2.2.1</maven>
	</prerequisites>
 
	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>${maven-compiler-plugin.version}</version>
				<configuration>
					<source>1.8</source>
					<target>1.8</target>
				</configuration>
			</plugin>
			<plugin>
				<groupId>org.apache.tomcat.maven</groupId>
				<artifactId>tomcat7-maven-plugin</artifactId>
				<version>2.2</version>
			</plugin>
		</plugins>
	</build>
 
	<dependencyManagement>
		<dependencies>
			<dependency>
				<groupId>org.springframework</groupId>
				<artifactId>spring-framework-bom</artifactId>
				<version>${spring.version}</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
		</dependencies>
	</dependencyManagement>
 
	<dependencies>
 
		<dependency>
			<groupId>javax.ejb</groupId>
			<artifactId>javax.ejb-api</artifactId>
			<version>3.2</version>
		</dependency>
 
		<dependency>
			<groupId>javax.el</groupId>
			<artifactId>el-api</artifactId>
			<version>2.2.1-b04</version>
		</dependency>
 
		<dependency>
			<groupId>mysql</groupId>
			<artifactId>mysql-connector-java</artifactId>
			<version>5.1.38</version>
		</dependency>
 
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-orm</artifactId>
			<version>${spring.version}</version>
		</dependency>
 
		<!-- Huh? Spring Jdbc is suddenly marked as provided by spring-orm? -->
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-jdbc</artifactId>
			<version>${spring.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-tx</artifactId>
			<version>${spring.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-web</artifactId>
			<version>${spring.version}</version>
		</dependency>
 
		<dependency>
			<groupId>com.sun.jersey.contribs</groupId>
			<artifactId>jersey-spring</artifactId>
			<version>${jersey.version}</version>
			<!-- jersey-spring uses spring 2.5, we want to use 3.x instead -->
			<exclusions>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring</artifactId>
				</exclusion>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring-core</artifactId>
				</exclusion>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring-web</artifactId>
				</exclusion>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring-beans</artifactId>
				</exclusion>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring-context</artifactId>
				</exclusion>
				<exclusion>
					<groupId>org.springframework</groupId>
					<artifactId>spring-aop</artifactId>
				</exclusion>
			</exclusions>
		</dependency>
 
		<dependency>
			<groupId>com.sun.jersey</groupId>
			<artifactId>jersey-json</artifactId>
			<version>${jersey.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.hsqldb</groupId>
			<artifactId>hsqldb</artifactId>
			<version>${org.hsqldb.version}</version>
		</dependency>
 
		<dependency>
			<groupId>commons-dbcp</groupId>
			<artifactId>commons-dbcp</artifactId>
			<version>${commons-dbcp.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-entitymanager</artifactId>
			<version>${org.hibernate.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-validator</artifactId>
			<version>5.2.4.Final</version>
		</dependency>
 
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-log4j12</artifactId>
			<version>${org.slf4j.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
			<version>${spring.security.version}</version>
		</dependency>
 
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>${spring.security.version}</version>
		</dependency>
 
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>javax.servlet-api</artifactId>
			<version>${javax.servlet-api.version}</version>
			<scope>provided</scope>
		</dependency>
 
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-test</artifactId>
			<version>${spring.version}</version>
			<scope>test</scope>
		</dependency>
 
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>${junit.version}</version>
			<scope>test</scope>
		</dependency>
 
		<dependency>
			<groupId>javax.validation</groupId>
			<artifactId>validation-api</artifactId>
			<version>1.1.0.Final</version>
		</dependency>
 
	</dependencies>
 
	<groupId>com.ubo</groupId>
</project>

getAuthorities me renvoie bien admin et pourtant j'ai bien l'impossibilité d'accéder à ma page.

Nom : erreur403.PNG
Affichages : 4428
Taille : 38,7 Ko

**quentinb56** · 28/03/2016, 22h30

J'ai vu que crsf pouvait posé problème mais dans mon cas il est désactivé.

Pour .antMatchers(HttpMethod.GET, "/rest/typeAnimation/**").hasRole("admin")//

j'ai tenté en modifiant le lieu (/rest/...), le role en hasAnyRole mais rien à faire. Coté app.js j'ai pourtant bien le bon role et lors de l'utilisateur de mes pages html de hasRole(...) la fonction fonctionne très bien.

**quentinb56** · 29/03/2016, 18h21

Up ! Personne n'a une petite idée ?

**tchize_** · 29/03/2016, 19h03

rest/typeAnimation (utilisé pour ta requête d'après ton message d'erreur) ne matche pas la pattern ant "/rest/typeAnimation/**", ca il n'y a pas de / après typeAnimation. Hors le / n'est pas optionnel dans la pattern.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
 
				.antMatchers(HttpMethod.GET, "/rest/typeAnimation").hasRole("admin")

devrait résoudre ton problème.

**quentinb56** · 29/03/2016, 20h17

GET on rest/typeAnimation failed with status 403 - Interdit

même message.

/rest/typeAnimation/** pas besoin de représenter le paramètre lors de l'appel des fonctions ?

Exemple /rest/typeAnimation/id ?

**tchize_** · 29/03/2016, 22h06

tu peux afficher ce que dit l'inspecteur réseau de ta requête dans le browser? Fournir un HAR de ta conversation avec le serveur serait aussi utile.

**quentinb56** · 29/03/2016, 22h12

Merci encore de tes réponses !

Object { data: "<!DOCTYPE html><html><head><title>A…", status: 403, headers: headersGetter/<(), config: Object, statusText: "Interdit" }

En tête de requête

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: application/json, text/plain, */*
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-Auth-Token: admin:1459285882575:9639e29e26af9e57ce873ed137fde685
Referer: http://localhost:8080/WebBrest2016_V2/index.jsp
Cookie: JSESSIONID=F868A8371FC0F56AB5115700D8B2819F
Connection: keep-alive

En tête de réponse

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: fr
Content-Length: 1043
Content-Type: text/html;charset=utf-8
Date: Tue, 29 Mar 2016 20:11:23 GMT
Expires: 0
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F0D5F73D0CEF177AE330623636EB97B7; Path=/WebBrest2016_V2/; HttpOnly
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Si besoin je peux envoyé un war ou te fournir un accès en privé au svn.

**quentinb56** · 29/03/2016, 22h36

J'ai enfin réussi à corriger le problème un en moins !

http.authorizeRequests().antMatchers("/rest/user/authenticate").permitAll()
.antMatchers(HttpMethod.GET, "/rest/typeAnimation/**").hasAuthority("admin");

En filtrant sur authority cela fonctionne. Si tu as une explication je suis preneur !

Par contre je remarque que lorsque je filtre sur le get en faisant un permitAll la page ne s'affiche pas pour tout le monde !
Mais lorsque je fais un filtre sur DELETE avec admin j'ai l'accès (au GET) et si je fais hasAnyAuthorities avec visitor pareil j'ai l'accès pour visitor et admin.
C'est comme si j'avais le DELETE qui filtrait pour le GET.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
		http.authorizeRequests().antMatchers("/rest/user/authenticate").permitAll()
				/*.antMatchers(HttpMethod.GET, "/rest/typeAnimation/**").permitAll()*/
				.antMatchers(HttpMethod.GET, "/rest/typeAnimation/**").anonymous()
				.antMatchers(HttpMethod.PUT, "/rest/typeAnimation/**").hasAuthority("admin")
				.antMatchers(HttpMethod.POST, "/rest/typeAnimation/**").hasAuthority("admin")
				.antMatchers(HttpMethod.DELETE, "/rest/typeAnimation/**").hasAuthority("admin");

**quentinb56** · 29/03/2016, 23h11

Il semblerait que les HttpMethod ne soient pas pris en compte et que la dernière permission indiqué viennent écraser les précédentes...

**quentinb56** · 31/03/2016, 13h44

Personne ?

**tchize_** · 31/03/2016, 14h30

ha ben j'avais cru comprendre à ton dernier message que tu avais trouvé la solution.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
		http.authorizeRequests().antMatchers("/rest/user/authenticate").permitAll()
                                .and()
				.antMatchers(HttpMethod.GET, "/rest/typeAnimation/**").hasRole("admin")//
                                .and()
				.antMatchers(HttpMethod.PUT, "/rest/news/**").hasRole("admin")//
                                .and()
				.antMatchers(HttpMethod.POST, "/rest/news/**").hasRole("admin")//
                                .and()
				.antMatchers(HttpMethod.DELETE, "/rest/news/**").hasRole("admin");

**JeitEmgie** · 31/03/2016, 18h06

Envoyé par quentinb56

Il semblerait que les HttpMethod ne soient pas pris en compte et que la dernière permission indiqué viennent écraser les précédentes...

Non : le code source fait bien un add

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
		public static List<RequestMatcher> antMatchers(HttpMethod httpMethod,
				String... antPatterns) {
			String method = httpMethod == null ? null : httpMethod.toString();
			List<RequestMatcher> matchers = new ArrayList<RequestMatcher>();
			for (String pattern : antPatterns) {
				matchers.add(new AntPathRequestMatcher(pattern, method));
			}
returnmatchers;
		}

par contre hasRole("admin") != hasAuthority("admin"), n'oubliez pas que par défaut il y a un préfixe par défaut (ROLE_)
Avec Spring Security 4 :
hasRole("admin") == hasAuthority("ROLE_admin")
si vous n'avez pas changé le préfixe par défaut.

**quentinb56** · 31/03/2016, 18h29

hasAuthority("ROLE_admin") =>hasAuthority("admin") par défaut il me semble qu'il sait déjà qu'il y a _ROLE.

D'ailleurs erreurs suivantes :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
GRAVE: Exception lors de l'envoi de l'évènement contexte initialisé (context initialized) à l'instance de classe d'écoute (listener) org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_visitor, ROLE_admin'
	at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4729)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5167)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_visitor, ROLE_admin'
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
	at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
	... 23 more
Caused by: java.lang.IllegalArgumentException: role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_visitor, ROLE_admin'
	at org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.hasRole(ExpressionUrlAuthorizationConfigurer.java:206)
	at org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.access$200(ExpressionUrlAuthorizationConfigurer.java:75)
	at org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer$AuthorizedUrl.hasRole(ExpressionUrlAuthorizationConfigurer.java:260)
	at main.webapp.security.WebSecurityConfig.configure(WebSecurityConfig.java:43)
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:199)
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:290)
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:67)
	at main.webapp.security.WebSecurityConfig$$EnhancerBySpringCGLIB$$b981836f.init(<generated>)
	at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:370)
	at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:324)
	at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:105)
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$4434c629.CGLIB$springSecurityFilterChain$0(<generated>)
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$4434c629$$FastClassBySpringCGLIB$$13aae46.invoke(<generated>)
	at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
	at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:355)
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$4434c629.springSecurityFilterChain(<generated>)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
	... 24 more
 
mars 31, 2016 6:22:50 PM org.apache.catalina.core.StandardContext startInternal
GRAVE: One or more listeners failed to start. Full details will be found in the appropriate container log file
mars 31, 2016 6:22:50 PM org.apache.catalina.core.StandardContext startInternal
GRAVE: Erreur de démarrage du contexte [/WebBrest2016_V2] suite aux erreurs précédentes
mars 31, 2016 6:22:50 PM org.apache.catalina.core.ApplicationContext log
INFOS: Closing Spring root WebApplicationContext
mars 31, 2016 6:22:50 PM org.apache.catalina.loader.WebappClassLoaderBase clearReferencesJdbc
AVERTISSEMENT: The web application [WebBrest2016_V2] registered the JDBC driver [com.mysql.jdbc.Driver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered.
mars 31, 2016 6:22:50 PM org.apache.coyote.AbstractProtocol start
INFOS: Starting ProtocolHandler ["http-nio-8080"]
mars 31, 2016 6:22:50 PM org.apache.coyote.AbstractProtocol start
INFOS: Starting ProtocolHandler ["ajp-nio-8009"]
mars 31, 2016 6:22:50 PM org.apache.catalina.startup.Catalina start
INFOS: Server startup in 5597 ms

En mettant ROLE_ mais mon filtrage marche bien sur la dernière requête j'autorise bien admin et visitor sur telle ou telle page mais je ne peux pas autorisé par méthode.

Si je fais
.antMatchers(HttpMethod.GET,"rest/option/**").hasAuthority("visitor")
.antMatchers(HttpMethod.DELETE,"rest/option/**").permitAll()

le permit ALL va écrasé la condition sur le GET et va faire un permitAll sur le GET (il s'agit ici bien évidemment d'un exemple mais si je mets permitAll sur le GET et admin uniquement sur la méthode DELETE le filtre ne s'effectue pas.

**JeitEmgie** · 31/03/2016, 19h19

Envoyé par quentinb56

hasAuthority("ROLE_admin") =>hasAuthority("admin") par défaut il me semble qu'il sait déjà qu'il y a _ROLE.

le code source de ExpressionUrlAuthorizationConfigurer est clair: pour hasRole il ne faut pas mettre le préfixe, pour hasAuthority il faut que la string corresponde à ce qui est dans le UserDetails.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29


/**
         * Shortcut for specifying URLs require a particular role. If you do not want to
         * have "ROLE_" automatically inserted see {@link #hasAuthority(String)}.
         *
         * @param role the role to require (i.e. USER, ADMIN, etc). Note, it should not
         * start with "ROLE_" as this is automatically inserted.
         * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
         * customization
         */
        public ExpressionInterceptUrlRegistry hasRole(String role) {
            return access(ExpressionUrlAuthorizationConfigurer.hasRole(role));
        }




/**
         * Specify that URLs require a particular authority.
         *
         * @param authority the authority to require (i.e. ROLE_USER, ROLE_ADMIN, etc).
         * @return the {@link ExpressionUrlAuthorizationConfigurer} for further
         * customization
         */
        public ExpressionInterceptUrlRegistry hasAuthority(String authority) {
            return access(ExpressionUrlAuthorizationConfigurer.hasAuthority(authority));
        }

le stack trace de votre exception parle bien de hasRole

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
    at org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.hasRole(ExpressionUrlAuthorizationConfigurer.java:206)

mais vos explications ici postées parlent toujours de hasAuthority : de toute évidence il y a discordance...

Pour voir ce qui se passe dans le AntMatcher mettez le log level à DEBUG sur le package org.springframework.security.web.util.matcher

**quentinb56** · 31/03/2016, 22h39

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// disable CSRF and Basic Authentication
		http.csrf().disable().httpBasic().disable();
 
		 http.anonymous().and().authorizeRequests()//
		 .antMatchers(HttpMethod.DELETE,"/rest/typeAnimation/**").hasRole("admin")
		 .antMatchers(HttpMethod.GET,"/rest/typeAnimation/**").hasAnyRole("admin, visitor")
		 .anyRequest().permitAll();//
 
		// customization for REST Token AUTH
		http.addFilterBefore(new AuthenticationTokenProcessingFilter(userDao),
				UsernamePasswordAuthenticationFilter.class).sessionManagement()
				.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	}

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
 
21:58:19.505 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.505 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.505 [http-nio-8080-exec-4] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.505 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.505 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/js/controller/options.js'; against '/logout'
21:58:19.505 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.505 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B6D0962EF63678FD3ADD7F533AFF288; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/js/controller/options.js'; against 'delete'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/js/controller/options.js'; against '/rest/typeanimation/**'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/js/controller/options.js'; against 'get'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /js/controller/options.js; Attributes: [permitAll]
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B6D0962EF63678FD3ADD7F533AFF288; Granted Authorities: ROLE_ANONYMOUS
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /js/controller/options.js reached end of additional filter chain; proceeding with original chain
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.578 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against 'post'
21:58:19.578 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against '/login'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background.jpg'; against 'post'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background.jpg'; against '/login'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against '/logout'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background.jpg'; against '/logout'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B6D0962EF63678FD3ADD7F533AFF288; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B6D0962EF63678FD3ADD7F533AFF288; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against 'delete'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against '/rest/typeanimation/**'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against 'get'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /images/favicon.ico; Attributes: [permitAll]
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B6D0962EF63678FD3ADD7F533AFF288; Granted Authorities: ROLE_ANONYMOUS
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background.jpg'; against 'delete'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background.jpg'; against '/rest/typeanimation/**'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background.jpg'; against 'get'
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /images/background.jpg; Attributes: [permitAll]
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B6D0962EF63678FD3ADD7F533AFF288; Granted Authorities: ROLE_ANONYMOUS
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.579 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico reached end of additional filter chain; proceeding with original chain
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.579 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /images/background.jpg reached end of additional filter chain; proceeding with original chain
21:58:19.580 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.580 [http-nio-8080-exec-5] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.583 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.583 [http-nio-8080-exec-1] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against 'post'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against '/login'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against '/logout'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B6D0962EF63678FD3ADD7F533AFF288; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against 'delete'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against '/rest/typeanimation/**'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against 'get'
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /images/favicon.ico; Attributes: [permitAll]
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B6D0962EF63678FD3ADD7F533AFF288; Granted Authorities: ROLE_ANONYMOUS
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.666 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /images/favicon.ico reached end of additional filter chain; proceeding with original chain
21:58:19.667 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.667 [http-nio-8080-exec-7] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.764 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against 'post'
21:58:19.764 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against '/login'
21:58:19.764 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.764 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.764 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.764 [http-nio-8080-exec-6] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.764 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.764 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against '/logout'
21:58:19.764 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/login.html'; against 'post'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/login.html'; against '/login'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bc8d2722: Principal: main.webapp.bean.TbUser@58a18a40; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B6D0962EF63678FD3ADD7F533AFF288; Granted Authorities: visitor'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.s.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@7392f0c9
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/login.html'; against '/logout'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against 'delete'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.s.w.s.SessionManagementFilter - Requested session ID 2B6D0962EF63678FD3ADD7F533AFF288 is invalid.
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against '/rest/typeanimation/**'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against 'get'
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /rest/user; Attributes: [permitAll]
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/login.html'; against 'delete'
21:58:19.765 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bc8d2722: Principal: main.webapp.bean.TbUser@58a18a40; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B6D0962EF63678FD3ADD7F533AFF288; Granted Authorities: visitor
21:58:19.765 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/login.html'; against '/rest/typeanimation/**'
21:58:19.766 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/login.html'; against 'get'
21:58:19.766 [http-nio-8080-exec-6] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.766 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.766 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /partials/login.html; Attributes: [permitAll]
21:58:19.766 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.766 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS
21:58:19.766 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /rest/user reached end of additional filter chain; proceeding with original chain
21:58:19.766 [http-nio-8080-exec-3] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.766 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.766 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.766 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/login.html reached end of additional filter chain; proceeding with original chain
21:58:19.766 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.766 [http-nio-8080-exec-3] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.767 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.767 [http-nio-8080-exec-6] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/index.html'; against 'post'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/index.html'; against '/login'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/index.html'; against '/logout'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/index.html'; against 'delete'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/index.html'; against '/rest/typeanimation/**'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/index.html'; against 'get'
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /partials/index.html; Attributes: [permitAll]
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.866 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /partials/index.html reached end of additional filter chain; proceeding with original chain
21:58:19.867 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.867 [http-nio-8080-exec-10] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background_login.jpg'; against 'post'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background_login.jpg'; against '/login'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background_login.jpg'; against '/logout'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background_login.jpg'; against 'delete'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background_login.jpg'; against '/rest/typeanimation/**'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/background_login.jpg'; against 'get'
21:58:19.867 [http-nio-8080-exec-8] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /images/background_login.jpg; Attributes: [permitAll]
21:58:19.868 [http-nio-8080-exec-8] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS
21:58:19.868 [http-nio-8080-exec-8] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.868 [http-nio-8080-exec-8] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.868 [http-nio-8080-exec-8] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.868 [http-nio-8080-exec-8] DEBUG o.s.security.web.FilterChainProxy - /images/background_login.jpg reached end of additional filter chain; proceeding with original chain
21:58:19.869 [http-nio-8080-exec-8] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.869 [http-nio-8080-exec-8] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image1.jpg'; against 'post'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image1.jpg'; against '/login'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image1.jpg'; against '/logout'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image2.jpg'; against 'post'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image2.jpg'; against '/login'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image1.jpg'; against 'delete'
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image1.jpg'; against '/rest/typeanimation/**'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image1.jpg'; against 'get'
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /images/image1.jpg; Attributes: [permitAll]
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image2.jpg'; against '/logout'
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.957 [http-nio-8080-exec-2] DEBUG o.s.security.web.FilterChainProxy - /images/image1.jpg reached end of additional filter chain; proceeding with original chain
21:58:19.957 [http-nio-8080-exec-9] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.958 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.958 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image3.jpg'; against 'post'
21:58:19.958 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.958 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image3.jpg'; against '/login'
21:58:19.958 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.958 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.958 [http-nio-8080-exec-9] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image2.jpg'; against 'delete'
21:58:19.959 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.959 [http-nio-8080-exec-9] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image2.jpg'; against '/rest/typeanimation/**'
21:58:19.959 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.959 [http-nio-8080-exec-9] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image2.jpg'; against 'get'
21:58:19.959 [http-nio-8080-exec-4] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.960 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image4.jpg'; against 'post'
21:58:19.960 [http-nio-8080-exec-9] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /images/image2.jpg; Attributes: [permitAll]
21:58:19.961 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.961 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image4.jpg'; against '/login'
21:58:19.961 [http-nio-8080-exec-9] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS
21:58:19.961 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image3.jpg'; against '/logout'
21:58:19.961 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:19.961 [http-nio-8080-exec-9] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.962 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.962 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:19.962 [http-nio-8080-exec-9] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.962 [http-nio-8080-exec-9] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.962 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.962 [http-nio-8080-exec-9] DEBUG o.s.security.web.FilterChainProxy - /images/image2.jpg reached end of additional filter chain; proceeding with original chain
21:58:19.962 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.962 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.963 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image3.jpg'; against 'delete'
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image3.jpg'; against '/rest/typeanimation/**'
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image3.jpg'; against 'get'
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /images/image3.jpg; Attributes: [permitAll]
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.963 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy - /images/image3.jpg reached end of additional filter chain; proceeding with original chain
21:58:19.963 [http-nio-8080-exec-2] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.963 [http-nio-8080-exec-2] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.964 [http-nio-8080-exec-9] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.964 [http-nio-8080-exec-9] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.964 [http-nio-8080-exec-5] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:19.964 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image4.jpg'; against '/logout'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image4.jpg'; against 'delete'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image4.jpg'; against '/rest/typeanimation/**'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/image4.jpg'; against 'get'
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /images/image4.jpg; Attributes: [permitAll]
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:19.965 [http-nio-8080-exec-5] DEBUG o.s.security.web.FilterChainProxy - /images/image4.jpg reached end of additional filter chain; proceeding with original chain
21:58:19.966 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.966 [http-nio-8080-exec-4] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:19.967 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:19.968 [http-nio-8080-exec-5] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:26.571 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user/authenticate'; against 'post'
21:58:26.571 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user/authenticate'; against '/login'
21:58:26.571 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:26.571 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:26.571 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:26.571 [http-nio-8080-exec-1] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:26.571 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:26.571 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user/authenticate'; against '/logout'
21:58:26.571 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user/authenticate'; against 'delete'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user/authenticate'; against '/rest/typeanimation/**'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user/authenticate'; against 'get'
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /rest/user/authenticate; Attributes: [permitAll]
21:58:26.572 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: ROLE_ANONYMOUS
21:58:26.575 [http-nio-8080-exec-1] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:26.575 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:26.575 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:26.575 [http-nio-8080-exec-1] DEBUG o.s.security.web.FilterChainProxy - /rest/user/authenticate reached end of additional filter chain; proceeding with original chain
mars 31, 2016 9:58:26 PM com.sun.jersey.spi.container.servlet.WebComponent filterFormParameters
AVERTISSEMENT: A servlet request, to the URI http://localhost:8080/WebBrest2016_V2/rest/user/authenticate, contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters. Only resource methods using @FormParam will work as expected. Resource methods consuming the request body by other means will not work as expected.
User : visitor , password : visitor
21:58:26.576 [http-nio-8080-exec-1] DEBUG o.s.s.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
21:58:26.663 [http-nio-8080-exec-1] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'delegatingApplicationListener'
21:58:26.665 [http-nio-8080-exec-1] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:26.665 [http-nio-8080-exec-1] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:26.669 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against 'post'
21:58:26.669 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against '/login'
21:58:26.669 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:26.669 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:26.669 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:26.669 [http-nio-8080-exec-7] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:26.669 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:26.669 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against '/logout'
21:58:26.669 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@4372d8d2: Principal: main.webapp.bean.TbUser@58a18a40; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: visitor'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.s.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@7392f0c9
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against 'delete'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against '/rest/typeanimation/**'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/user'; against 'get'
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /rest/user; Attributes: [permitAll]
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@4372d8d2: Principal: main.webapp.bean.TbUser@58a18a40; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FAE5634E733A411099EF43130379DACD; Granted Authorities: visitor
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:26.671 [http-nio-8080-exec-7] DEBUG o.s.security.web.FilterChainProxy - /rest/user reached end of additional filter chain; proceeding with original chain
21:58:26.672 [http-nio-8080-exec-7] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:26.672 [http-nio-8080-exec-7] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/animationtypes.html'; against 'post'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/animationtypes.html'; against '/login'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/animationtypes.html'; against '/logout'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90514580: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: AB4381ED1DA4F5F1BA261A59F59AFF7C; Granted Authorities: ROLE_ANONYMOUS'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/animationtypes.html'; against 'delete'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/animationtypes.html'; against '/rest/typeanimation/**'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/partials/animationtypes.html'; against 'get'
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /partials/animationTypes.html; Attributes: [permitAll]
21:58:28.400 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90514580: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: AB4381ED1DA4F5F1BA261A59F59AFF7C; Granted Authorities: ROLE_ANONYMOUS
21:58:28.401 [http-nio-8080-exec-3] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:28.401 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:28.401 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:28.401 [http-nio-8080-exec-3] DEBUG o.s.security.web.FilterChainProxy - /partials/animationTypes.html reached end of additional filter chain; proceeding with original chain
21:58:28.401 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:28.401 [http-nio-8080-exec-3] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:28.442 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/typeanimation'; against 'post'
21:58:28.442 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/typeanimation'; against '/login'
21:58:28.442 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:28.442 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:28.442 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/{{anim.vtyimage}}'; against 'post'
21:58:28.442 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:28.442 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/{{anim.vtyimage}}'; against '/login'
21:58:28.442 [http-nio-8080-exec-10] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:28.442 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
21:58:28.442 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:28.442 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/typeanimation'; against '/logout'
21:58:28.442 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:28.442 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4c5067d2
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/{{anim.vtyimage}}'; against '/logout'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 5 of 11 in additional filter chain; firing Filter: 'AuthenticationTokenProcessingFilter'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90514580: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: AB4381ED1DA4F5F1BA261A59F59AFF7C; Granted Authorities: ROLE_ANONYMOUS'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/{{anim.vtyimage}}'; against 'delete'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/{{anim.vtyimage}}'; against '/rest/typeanimation/**'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/{{anim.vtyimage}}'; against 'get'
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /{{anim.vtyImage}}; Attributes: [permitAll]
21:58:28.443 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90514580: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: AB4381ED1DA4F5F1BA261A59F59AFF7C; Granted Authorities: ROLE_ANONYMOUS
21:58:28.444 [http-nio-8080-exec-6] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: 1
21:58:28.444 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
21:58:28.444 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
21:58:28.445 [http-nio-8080-exec-6] DEBUG o.s.security.web.FilterChainProxy - /{{anim.vtyImage}} reached end of additional filter chain; proceeding with original chain
21:58:28.445 [http-nio-8080-exec-6] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
21:58:28.445 [http-nio-8080-exec-6] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bc8875b2: Principal: main.webapp.bean.TbUser@58a18a40; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: AB4381ED1DA4F5F1BA261A59F59AFF7C; Granted Authorities: visitor'
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.s.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@7392f0c9
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.security.web.FilterChainProxy - /rest/typeAnimation at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/typeanimation'; against 'delete'
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/rest/typeanimation'; against '/rest/typeanimation/**'
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /rest/typeAnimation; Attributes: [hasAnyRole('ROLE_admin, visitor')]
21:58:28.449 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bc8875b2: Principal: main.webapp.bean.TbUser@58a18a40; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: AB4381ED1DA4F5F1BA261A59F59AFF7C; Granted Authorities: visitor
21:58:28.450 [http-nio-8080-exec-10] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2921f278, returned: -1
21:58:28.451 [http-nio-8080-exec-10] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'delegatingApplicationListener'
21:58:28.463 [http-nio-8080-exec-10] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at main.webapp.rest.AuthenticationTokenProcessingFilter.doFilter(AuthenticationTokenProcessingFilter.java:51)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)
21:58:28.464 [http-nio-8080-exec-10] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

**JeitEmgie** · 01/04/2016, 17h37

Envoyé par quentinb56

[CODE]
…
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/js/controller/options.js'; against 'delete'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/js/controller/options.js'; against '/rest/typeanimation/**'
21:58:19.506 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/js/controller/options.js'; against 'get'
…
21:58:19.578 [http-nio-8080-exec-5] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/images/favicon.ico'; against 'post'
/CODE]

de toute évidence il y a une couille dans le potage : à cet endroit-là il est censé afficher le pattern pas la méthode HTTP…

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
 
		if (logger.isDebugEnabled()) {
			logger.debug("Checking match of request : '" + url + "'; against '" + pattern
					+ "'");
		}

et la méthode HTTP doit être est majuscule : il met le pattern en minuscule dans le constructor mais ne touche pas au casing de la méthode

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
	public AntPathRequestMatcher(String pattern, String httpMethod, boolean caseSensitive) {
		Assert.hasText(pattern, "Pattern cannot be null or empty");
		this.caseSensitive = caseSensitive;
 
 
		if (pattern.equals(MATCH_ALL) || pattern.equals("**")) {
			pattern = MATCH_ALL;
			matcher = null;
		}
		else {
			if (!caseSensitive) {
				pattern = pattern.toLowerCase();
			}
 
 
			// If the pattern ends with {@code /**} and has no other wildcards or path
			// variables, then optimize to a sub-path match
			if (pattern.endsWith(MATCH_ALL)
					&& (pattern.indexOf('?') == -1 && pattern.indexOf('{') == -1 && pattern
							.indexOf('}') == -1)
					&& pattern.indexOf("*") == pattern.length() - 2) {
				matcher = new SubpathMatcher(pattern.substring(0, pattern.length() - 3));
			}
			else {
				matcher = new SpringAntMatcher(pattern);
			}
		}
 
 
		this.pattern = pattern;
		this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod
				.valueOf(httpMethod) : null;
	}

Et si httpMethod n'était pas GET/PUT/DELETE… à cet endroit-là il y aurait une belle exception sur le valueOf()…

La construction du AntPathRequestMatcher se faisant par :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
 
		public static List<RequestMatcher> antMatchers(HttpMethod httpMethod,
				String... antPatterns) {
			String method = httpMethod == null ? null : httpMethod.toString();
			List<RequestMatcher> matchers = new ArrayList<RequestMatcher>();
			for (String pattern : antPatterns) {
				matchers.add(new AntPathRequestMatcher(pattern, method));
			}
			return matchers;
		}

On ne voit pas trop où il inverserait le pattern et l'httpMethod…

Il ne reste qu'à faire un test unitaire et debugger pas-à-pas… l'initialisation et le matches()…

Probleme filtre - WebSecurityConfigurerAdapter

Spring Java

Discussions similaires

Partager

Partager