[英]Spring Security annotation based configuration - form based login is bypassed
我是Spring Security的新手。 我一直在从事使用Spring Security的业余项目。 在我的应用程序中,我具有REST以及页面请求映射。 我想将httpbasic用于REST,将基于表单的登录用于else 。 我可以弹出REST的httbasic身份验证,但也弹出其他请求。 以下是我基于注释的Spring安全性配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(
new PlaintextPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// Home, Login and Logout pages are permitted to all
http.authorizeRequests()
.antMatchers("/home", "/rest/denied", "/rest/ping")
.permitAll();
http.authorizeRequests()
.antMatchers("/rest/**")
.hasRole(Roles.ROLE_USER)
.and()
.httpBasic();
// Authorization based calls for specific roles
http.authorizeRequests()
.antMatchers("/rest/user/**")
.hasRole(Roles.ROLE_CREATE_USER)
.antMatchers("/rest/database/**")
.hasRole(Roles.ROLE_DB_ADMIN)
.and().httpBasic();
// Only authenticated users can continue
http.authorizeRequests()
.antMatchers("/**")
.hasRole(Roles.ROLE_USER)
.and().
formLogin()
.loginPage("/divein")
.failureUrl("/divein?error")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.and()
.logout()
.logoutUrl("/diveout")
.logoutSuccessUrl("/divein?logout")
.permitAll()
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedPage("/403");
}
}
以下是日志:
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/home'
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/rest/denied'
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/rest/ping'
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/rest/**'
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/rest/user/**'
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/rest/database/**'
18:08:37.042 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/somepage' matched by universal pattern '/**'
18:08:37.042 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /somepage; Attributes: [hasRole('ROLE_USER')]
18:08:37.042 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9054b1a2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: RemoteIpAddress: 127.0.0.1; SessionId: 09F57A48161AD5D009FAA9248907574F; Granted Authorities: ROLE_ANONYMOUS
18:08:37.061 [http-bio-8080-exec-52] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@24c3b979, returned: -1
18:08:37.071 [http-bio-8080-exec-52] TRACE o.s.w.c.s.AnnotationConfigWebApplicationContext - Publishing event in Root WebApplicationContext: org.springframework.security.access.event.AuthorizationFailureEvent[source=FilterInvocation: URL: /somepage]
18:08:37.083 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206) ~[spring-security-core-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115) ~[spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) ~[spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) ~[spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.54]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.54]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) [catalina.jar:7.0.54]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) [catalina.jar:7.0.54]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:7.0.54]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) [catalina.jar:7.0.54]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [catalina.jar:7.0.54]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) [catalina.jar:7.0.54]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) [catalina.jar:7.0.54]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) [catalina.jar:7.0.54]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) [tomcat-coyote.jar:7.0.54]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) [tomcat-coyote.jar:7.0.54]
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) [tomcat-coyote.jar:7.0.54]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [na:1.6.0_38]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [na:1.6.0_38]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.54]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_38]
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using Ant [pattern='/**', GET]
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/somepage' matched by universal pattern '/**'
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/**/favicon.ico'
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4cb8f09c, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8]
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing text/html
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith text/html = false
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xhtml+xml
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xhtml+xml = false
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing image/webp
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith image/webp = false
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xml;q=0.9
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xml;q=0.9 = false
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing */*;q=0.8
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Ignoring
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Did not match any media types
18:08:37.106 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
18:08:37.106 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
18:08:37.106 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
18:08:37.106 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - All requestMatchers returned true
18:08:37.108 [http-bio-8080-exec-52] DEBUG o.s.s.w.s.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/CRMBS/somepage]
18:08:37.108 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point.
18:08:37.108 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4cb8f09c, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8]
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing text/html
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/atom+xml .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/x-www-form-urlencoded .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/octet-stream .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xml .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - multipart/form-data .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - text/xml .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xhtml+xml
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/atom+xml .isCompatibleWith application/xhtml+xml = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/x-www-form-urlencoded .isCompatibleWith application/xhtml+xml = false
18:08:37.111 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xhtml+xml = false
18:08:37.111 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/octet-stream .isCompatibleWith application/xhtml+xml = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xml .isCompatibleWith application/xhtml+xml = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - multipart/form-data .isCompatibleWith application/xhtml+xml = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - text/xml .isCompatibleWith application/xhtml+xml = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing image/webp
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/atom+xml .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/x-www-form-urlencoded .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/octet-stream .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xml .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - multipart/form-data .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - text/xml .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xml;q=0.9
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/atom+xml .isCompatibleWith application/xml;q=0.9 = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/x-www-form-urlencoded .isCompatibleWith application/xml;q=0.9 = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xml;q=0.9 = false
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/octet-stream .isCompatibleWith application/xml;q=0.9 = false
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xml .isCompatibleWith application/xml;q=0.9 = true
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Match found! Executing org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@24cee99e
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@1bcb91e
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
18:08:37.114 [http-bio-8080-exec-52] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
Spring Security中的HttpBasic将使用默认的标准配置进行设置。
此时,要了解有关Spring Security如何处理请求的更多信息,您可以阅读有关Spring Security FilterChain的信息。
http://docs.spring.io/spring-security/site/docs/3.0.x/reference/security-filter-chain.html
无法使用Spring Security登录-基于注释的外部数据库配置
[英]Unable to login with Spring security -Annotation based configuration with external database
Spring Security使用基于Java的配置重定向到登录表单
[英]Spring security redirect to login form with Java based configuration
使用基于Java的配置使Spring安全性表单登录返回403代码
[英]Make spring security form login return 403 code with java based configuration
Spring安全性中的登录重定向到错误Thymeleaf和基于Java的配置
[英]Login in Spring security redirects to error Thymeleaf and Java based Configuration
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.