2. 질의 응답
  3. 액세스가 거부되었습니다 (사용자는 익명 임). Spring의 인증 엔트리 포인트로 리디렉션

액세스가 거부되었습니다 (사용자는 익명 임). Spring의 인증 엔트리 포인트로 리디렉션

2016-09-11 7 views
1

저는 Spring Security가 처음입니다. Spring Web app에 LDAP 인증을 추가하려고합니다. 테스트 LDAP 서버를 설정하고이를 사용하여 웹 응용 프로그램을 인증하려고합니다. 하지만 어떻게 든 로그인 페이지에 사용자 이름과 비밀번호를 입력하면이 오류가 계속 발생합니다.액세스가 거부되었습니다 (사용자는 익명 임). Spring의 인증 엔트리 포인트로 리디렉션

다음은 파일 내 WebSecurityConfig.java입니다 :

package com.logsniffer.web.util; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider; 
import org.springframework.context.annotation.Bean; 
import org.apache.log4j.Logger; 

@Configuration 
@EnableWebSecurity 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 

    static Logger log = Logger.getLogger(WebSecurityConfig.class.getName()); 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
      .authorizeRequests() 
      .anyRequest() 
      .authenticated() 
      .and() 
      .formLogin(); 
    } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     auth 
      .ldapAuthentication() 
      .userDnPatterns("uid={0},cn=admin,ou=support,dc=ldap,dc=com") 
      .contextSource() 
      .port(389) 
      .url("ldap://localhost") 
      .managerDn("cn=admin,dc=ldap,dc=com") 
      .managerPassword("thresh143"); 
    } 
}

내가 디버그 로그를 활성화하고 내 스택 추적은 다음과 같습니다.

016-09-11 20:25:09,608 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2016-09-11 20:25:09,612 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2016-09-11 20:25:09,613 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] No HttpSession currently exists 
2016-09-11 20:25:09,613 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] No SecurityContext was available from the HttpSession: null. A new one will be created. 
2016-09-11 20:25:09,617 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2016-09-11 20:25:09,618 DEBUG [org.springframework.security.web.header.writers.HstsHeaderWriter] Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]9a6237a 
2016-09-11 20:25:09,618 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 
2016-09-11 20:25:09,618 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Checking match of request : '/'; against '/logout' 
2016-09-11 20:25:09,618 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2016-09-11 20:25:09,619 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Request 'GET /' doesn't match 'POST /login 
2016-09-11 20:25:09,619 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 6 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 
2016-09-11 20:25:09,619 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
2016-09-11 20:25:09,619 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2016-09-11 20:25:09,621 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2016-09-11 20:25:09,622 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] Populated SecurityContextHolder with anonymous token: 'org.springframework.security.au[email protected]: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
2016-09-11 20:25:09,623 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 
2016-09-11 20:25:09,623 DEBUG [org.springframework.security.web.session.SessionManagementFilter] Requested session ID 1f9bsaf2s4smc1qgbhwob9rv0p is invalid. 
2016-09-11 20:25:09,623 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2016-09-11 20:25:09,623 DEBUG [org.springframework.security.web.FilterChainProxy]/at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2016-09-11 20:25:09,624 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] Secure object: FilterInvocation: URL: /; Attributes: [authenticated] 
2016-09-11 20:25:09,625 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] Previously Authenticated: org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 
2016-09-11 20:25:09,631 DEBUG [org.springframework.security.access.vote.AffirmativeBased] Voter: org.sp[email protected]3e7987f7, returned: -1 
2016-09-11 20:25:09,641 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] Access is denied (user is anonymous); redirecting to authentication entry point 
org.springframework.security.access.AccessDeniedException: Access is denied 
     at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) 
     at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232) 
     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) 
     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:162) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) 
     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) 
     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
     at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) 
     at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) 
     at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) 
     at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) 
     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) 
     at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) 
     at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) 
     at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) 
     at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) 
     at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) 
     at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) 
     at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) 
     at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) 
     at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) 
     at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) 
     at org.eclipse.jetty.server.Server.handle(Server.java:499) 
     at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) 
     at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) 
     at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) 
     at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) 
     at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) 
     at java.lang.Thread.run(Thread.java:745) 
2016-09-11 20:25:09,646 DEBUG [org.springframework.security.web.util.matcher.AndRequestMatcher] Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']] 
2016-09-11 20:25:09,646 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Checking match of request : '/'; against '/**/favicon.ico' 
2016-09-11 20:25:09,647 DEBUG [org.springframework.security.web.util.matcher.NegatedRequestMatcher] matches = true 
2016-09-11 20:25:09,647 DEBUG [org.springframework.security.web.util.matcher.AndRequestMatcher] Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.spring[email protected], matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]] 
2016-09-11 20:25:09,653 DEBUG [org.springframework.security.web.util.matcher.MediaTypeRequestMatcher] httpRequestMediaTypes=[text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8] 
2016-09-11 20:25:09,654 DEBUG [org.springframework.security.web.util.matcher.MediaTypeRequestMatcher] Processing text/html 
2016-09-11 20:25:09,654 DEBUG [org.springframework.security.web.util.matcher.MediaTypeRequestMatcher] application/json .isCompatibleWith text/html = false 
2016-09-11 20:25:09,654 DEBUG [org.springframework.security.web.util.matcher.MediaTypeRequestMatcher] Processing application/xhtml+xml 
2016-09-11 20:25:09,654 DEBUG [org.springframework.security.web.util.matcher.MediaTypeRequestMatcher] application/json .isCompatibleWith application/xhtml+xml = false 
2016-09-11 20:25:09,654 DEBUG [org.springframework.security.web.util.matcher.MediaTypeRequestMatcher] Processing application/xml;q=0.9 
2016-09-11 20:25:09,654 DEBUG [org.springframework.security.web.util.matcher.MediaTypeRequestMatcher] application/json .isCompatibleWith application/xml;q=0.9 = false 
2016-09-11 20:25:09,654 DEBUG [org.springframework.security.web.util.matcher.MediaTypeRequestMatcher] Processing */*;q=0.8 
2016-09-11 20:25:09,654 DEBUG [org.springframework.security.web.util.matcher.MediaTypeRequestMatcher] Ignoring 
2016-09-11 20:25:09,654 DEBUG [org.springframework.security.web.util.matcher.MediaTypeRequestMatcher] Did not match any media types 
2016-09-11 20:25:09,654 DEBUG [org.springframework.security.web.util.matcher.NegatedRequestMatcher] matches = true 
2016-09-11 20:25:09,655 DEBUG [org.springframework.security.web.util.matcher.AndRequestMatcher] Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]] 
2016-09-11 20:25:09,655 DEBUG [org.springframework.security.web.util.matcher.NegatedRequestMatcher] matches = true 
2016-09-11 20:25:09,655 DEBUG [org.springframework.security.web.util.matcher.AndRequestMatcher] All requestMatchers returned true 
2016-09-11 20:25:09,669 DEBUG [org.springframework.security.web.savedrequest.HttpSessionRequestCache] DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8082/] 
2016-09-11 20:25:09,669 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] Calling Authentication entry point. 
2016-09-11 20:25:09,670 DEBUG [org.springframework.security.web.DefaultRedirectStrategy] Redirecting to 'http://localhost:8082/login' 
2016-09-11 20:25:09,670 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 
2016-09-11 20:25:09,674 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed 
2016-09-11 20:25:09,680 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2016-09-11 20:25:09,680 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2016-09-11 20:25:09,680 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] HttpSession returned null object for SPRING_SECURITY_CONTEXT 
2016-09-11 20:25:09,680 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] No SecurityContext was available from the HttpSession: org.eclipse.jetty.server.session.HashedSession:[email protected] A new one will be created. 
2016-09-11 20:25:09,680 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2016-09-11 20:25:09,680 DEBUG [org.springframework.security.web.header.writers.HstsHeaderWriter] Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]9a6237a 
2016-09-11 20:25:09,681 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 
2016-09-11 20:25:09,681 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Checking match of request : '/login'; against '/logout' 
2016-09-11 20:25:09,681 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2016-09-11 20:25:09,681 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Request 'GET /login' doesn't match 'POST /login 
2016-09-11 20:25:09,681 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 6 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 
2016-09-11 20:25:09,684 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 
2016-09-11 20:25:09,687 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed 
2016-09-11 20:25:13,812 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2016-09-11 20:25:13,813 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2016-09-11 20:25:13,813 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] HttpSession returned null object for SPRING_SECURITY_CONTEXT 
2016-09-11 20:25:13,813 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] No SecurityContext was available from the HttpSession: org.eclipse.jetty.server.session.HashedSession:[email protected] A new one will be created. 
2016-09-11 20:25:13,813 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2016-09-11 20:25:13,813 DEBUG [org.springframework.security.web.header.writers.HstsHeaderWriter] Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]9a6237a 
2016-09-11 20:25:13,813 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 
2016-09-11 20:25:13,813 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Checking match of request : '/login'; against '/logout' 
2016-09-11 20:25:13,813 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2016-09-11 20:25:13,813 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Checking match of request : '/login'; against '/login' 
2016-09-11 20:25:13,813 DEBUG [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] Request is to process authentication 
2016-09-11 20:25:13,818 DEBUG [org.springframework.security.authentication.ProviderManager] Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider 
2016-09-11 20:25:13,819 DEBUG [org.springframework.security.ldap.authentication.LdapAuthenticationProvider] Processing authentication request for user: sramasinghe 
2016-09-11 20:25:13,829 DEBUG [org.springframework.security.ldap.authentication.BindAuthenticator] Attempting to bind as uid=sramasinghe,ou=support,dc=ldap,dc=com,dc=ldap,dc=com 
2016-09-11 20:25:13,829 DEBUG [org.springframework.security.ldap.DefaultSpringSecurityContextSource] Removing pooling flag for user uid=sramasinghe,ou=support,dc=ldap,dc=com,dc=ldap,dc=com 
2016-09-11 20:25:13,839 DEBUG [org.springframework.security.ldap.authentication.BindAuthenticator] Failed to bind as uid=sramasinghe,ou=support,dc=ldap,dc=com: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] 
2016-09-11 20:25:13,839 DEBUG [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials 
2016-09-11 20:25:13,840 DEBUG [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] Updated SecurityContextHolder to contain null Authentication 
2016-09-11 20:25:13,840 DEBUG [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] Delegating to authentication failure handler org.springframework.se[email protected]29fe65da 
2016-09-11 20:25:13,840 DEBUG [org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler] Redirecting to /login?error 
2016-09-11 20:25:13,840 DEBUG [org.springframework.security.web.DefaultRedirectStrategy] Redirecting to '/login?error' 
2016-09-11 20:25:13,840 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 
2016-09-11 20:25:13,840 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed 
2016-09-11 20:25:13,853 DEBUG [org.springframework.security.web.FilterChainProxy] /login?error at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.FilterChainProxy] /login?error at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] HttpSession returned null object for SPRING_SECURITY_CONTEXT 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] No SecurityContext was available from the HttpSession: org.eclipse.jetty.server.session.HashedSession:[email protected] A new one will be created. 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.FilterChainProxy] /login?error at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.header.writers.HstsHeaderWriter] Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]9a6237a 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.FilterChainProxy] /login?error at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Checking match of request : '/login'; against '/logout' 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.FilterChainProxy] /login?error at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Request 'GET /login' doesn't match 'POST /login 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.FilterChainProxy] /login?error at position 6 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 
2016-09-11 20:25:13,854 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 
2016-09-11 20:25:13,855 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed 
2016-09-11 20:25:13,916 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] HttpSession returned null object for SPRING_SECURITY_CONTEXT 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] No SecurityContext was available from the HttpSession: org.eclipse.jetty.server.session.HashedSession:[email protected] A new one will be created. 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.header.writers.HstsHeaderWriter] Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]9a6237a 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Checking match of request : '/login'; against '/logout' 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Request 'GET /login' doesn't match 'POST /login 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.FilterChainProxy] /login at position 6 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 
2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 
2016-09-11 20:25:13,918 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] SecurityContextHolder now cleared, as request processing completed

출처

2016-09-11 SameeraR

+0

로그인 페이지의 URL은 무엇입니까? 또한 어떤 URL에 대해 액세스가 거부 되었습니까? – ArunM

+0

로그인을위한 URL은 localhost : 8082/login 입니다. 홈 페이지의 URL은 localhost : 8082/ – SameeraR

+0

입니다. 틀릴 수도 있지만 이것이 Spring 구성과 관련이 있습니다. 이 질문을 참조하십시오. http://stackoverflow.com/questions/34719446/spring-security-access-is-denied-user-is-not-anonymous-spring-security-core – SameeraR

답변

0

그것은 오래 된 스레드의하지만 코드를 보면서 내가 여기에 도달하고 유사한 문제가 발생하고있어 이후이 라인을 찾을 수 :

2016-09-11 20:25:13,917 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] Request 'GET /login' doesn't match 'POST /login

/로그인이 일치하지 놀라운 것을을 메소드 구성으로 인해.

또한 UsernamePasswordAuthenticationFilter 및 SimpleUrlAuthenticationFailureHandler impelemntations 및 동작을 확인합니다.

출처

2016-11-12 09:25:49 pin

 관련 문제

  • 관련 문제 없음^_^