403 Forbidden on custom authentication in Spring Security
[英]403 Forbidden on custom authentication in Spring Security
問題描述
我正在使用AbstractAuthenticationProcessingFilter實現自定義身份驗證。 當用戶訪問/auth端點時,過濾器啟動並使用另一個微服務對 cookie 中的值進行身份驗證。 身份驗證成功后,它會返回Authentication的自定義實現並將用戶重定向到另一個端點。
但是,盡管身份驗證成功並且我可以在successfulAuthentication回調中看到具有正確權限的Authentication對象,但重定向到端點會導致403 被禁止。
CustomAuthentication類。
public class CustomAuthentication implements Authentication {
...
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return List.of(new SimpleGrantedAuthority("TRM"));
}
...
}
CookieAuthenticatorFilter類。
public class CookieAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
...
@Override
protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, Authentication authResult) throws java.io.IOException, javax.servlet.ServletException {
System.out.println(authResult.getAuthorities());
response.sendRedirect("/trm/");
}
}
最后是配置。
@Configuration
public class ApiConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf().disable();
http.addFilterBefore(new CookieAuthenticationFilter("/auth/**"), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/trm/**")
.hasAuthority("TRM");
return http.build();
}
}
有人可以幫我理解這里出了什么問題嗎?
調試日志:
2022-07-17 09:17:13.082 TRACE 2314 --- [nio-9000-exec-3] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@4eb166a1, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@554c4eaa, org.springframework.security.web.context.SecurityContextPersistenceFilter@77c233af, org.springframework.security.web.header.HeaderWriterFilter@10db6131, org.springframework.web.filter.CorsFilter@29fd8e67, org.springframework.security.web.authentication.logout.LogoutFilter@65e0b505, com.example.auth.authentication.CookieAuthenticationFilter@e146f93, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@37c41ec0, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@35a0e495, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4bd5849e, org.springframework.security.web.session.SessionManagementFilter@4730e0f0, org.springframework.security.web.access.ExceptionTranslationFilter@2d5ef498, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@541179e7]] (1/1)
2022-07-17 09:17:13.082 DEBUG 2314 --- [nio-9000-exec-3] o.s.security.web.FilterChainProxy : Securing GET /auth/
2022-07-17 09:17:13.083 TRACE 2314 --- [nio-9000-exec-3] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2022-07-17 09:17:13.083 TRACE 2314 --- [nio-9000-exec-3] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2022-07-17 09:17:13.083 TRACE 2314 --- [nio-9000-exec-3] o.s.security.web.FilterChainProxy : Invoking SecurityContextPersistenceFilter (3/13)
2022-07-17 09:17:13.088 TRACE 2314 --- [nio-9000-exec-3] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2022-07-17 09:17:13.088 TRACE 2314 --- [nio-9000-exec-3] w.c.HttpSessionSecurityContextRepository : Created SecurityContextImpl [Null authentication]
2022-07-17 09:17:13.088 DEBUG 2314 --- [nio-9000-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-07-17 09:17:13.089 TRACE 2314 --- [nio-9000-exec-3] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2022-07-17 09:17:13.093 TRACE 2314 --- [nio-9000-exec-3] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/13)
2022-07-17 09:17:13.094 TRACE 2314 --- [nio-9000-exec-3] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to HandlerExecutionChain with [ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]] and 3 interceptors
2022-07-17 09:17:13.094 TRACE 2314 --- [nio-9000-exec-3] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/13)
2022-07-17 09:17:13.094 TRACE 2314 --- [nio-9000-exec-3] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2022-07-17 09:17:13.095 TRACE 2314 --- [nio-9000-exec-3] o.s.security.web.FilterChainProxy : Invoking CookieAuthenticationFilter (7/13)
2022-07-17 09:17:13.097 DEBUG 2314 --- [nio-9000-exec-3] o.s.web.client.RestTemplate : HTTP GET localhost:8080/api/v1/agents/me/authorized-session?require_csrf=false
2022-07-17 09:17:13.098 DEBUG 2314 --- [nio-9000-exec-3] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2022-07-17 09:17:13.099 DEBUG 2314 --- [nio-9000-exec-3] o.s.web.client.RestTemplate : Writing [body] with org.springframework.http.converter.StringHttpMessageConverter
2022-07-17 09:17:14.470 DEBUG 2314 --- [nio-9000-exec-3] o.s.web.client.RestTemplate : Response 200 OK
2022-07-17 09:17:14.471 DEBUG 2314 --- [nio-9000-exec-3] o.s.web.client.RestTemplate : Reading to [com.example.auth.authentication.Agent]
2022-07-17 09:17:14.472 TRACE 2314 --- [nio-9000-exec-3] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
2022-07-17 09:17:14.472 DEBUG 2314 --- [nio-9000-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-07-17 09:17:14.472 DEBUG 2314 --- [nio-9000-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-07-17 09:17:14.472 DEBUG 2314 --- [nio-9000-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-07-17 09:17:14.474 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@4eb166a1, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@554c4eaa, org.springframework.security.web.context.SecurityContextPersistenceFilter@77c233af, org.springframework.security.web.header.HeaderWriterFilter@10db6131, org.springframework.web.filter.CorsFilter@29fd8e67, org.springframework.security.web.authentication.logout.LogoutFilter@65e0b505, com.example.auth.authentication.CookieAuthenticationFilter@e146f93, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@37c41ec0, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@35a0e495, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4bd5849e, org.springframework.security.web.session.SessionManagementFilter@4730e0f0, org.springframework.security.web.access.ExceptionTranslationFilter@2d5ef498, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@541179e7]] (1/1)
2022-07-17 09:17:14.474 DEBUG 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Securing GET /trm/
2022-07-17 09:17:14.474 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2022-07-17 09:17:14.474 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2022-07-17 09:17:14.475 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking SecurityContextPersistenceFilter (3/13)
2022-07-17 09:17:14.475 TRACE 2314 --- [nio-9000-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2022-07-17 09:17:14.475 TRACE 2314 --- [nio-9000-exec-4] w.c.HttpSessionSecurityContextRepository : Created SecurityContextImpl [Null authentication]
2022-07-17 09:17:14.475 DEBUG 2314 --- [nio-9000-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-07-17 09:17:14.475 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2022-07-17 09:17:14.477 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/13)
2022-07-17 09:17:14.477 TRACE 2314 --- [nio-9000-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.example.auth.controller.Api#joke()
2022-07-17 09:17:14.478 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/13)
2022-07-17 09:17:14.478 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2022-07-17 09:17:14.478 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking CookieAuthenticationFilter (7/13)
2022-07-17 09:17:14.479 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2022-07-17 09:17:14.479 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.s.HttpSessionRequestCache : No saved request
2022-07-17 09:17:14.479 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2022-07-17 09:17:14.479 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2022-07-17 09:17:14.483 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2022-07-17 09:17:14.483 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2022-07-17 09:17:14.483 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2022-07-17 09:17:14.483 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking FilterSecurityInterceptor (13/13)
2022-07-17 09:17:14.484 TRACE 2314 --- [nio-9000-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.example.auth.controller.Api#joke()
2022-07-17 09:17:14.484 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Did not re-authenticate AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] before authorizing
2022-07-17 09:17:14.485 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Authorizing filter invocation [GET /trm/] with attributes [hasAuthority('TRM')]
2022-07-17 09:17:14.490 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.a.expression.WebExpressionVoter : Voted to deny authorization
2022-07-17 09:17:14.490 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Failed to authorize filter invocation [GET /trm/] with attributes [hasAuthority('TRM')] using AffirmativeBased [DecisionVoters=[org.springframework.security.web.access.expression.WebExpressionVoter@1a8df0b3], AllowIfAllAbstainDecisions=false]
2022-07-17 09:17:14.491 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.access.AccessDeniedException: Access is denied
...
2022-07-17 09:17:14.513 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.s.HttpSessionRequestCache : Did not save request since it did not match [And [Not [Ant [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@14252cbb, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@10484049, matchingMediaTypes=[multipart/form-data], useEquals=false, ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@5dbe642c, matchingMediaTypes=[text/event-stream], useEquals=false, ignoredMediaTypes=[*/*]]]]]
2022-07-17 09:17:14.515 DEBUG 2314 --- [nio-9000-exec-4] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
2022-07-17 09:17:14.518 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
2022-07-17 09:17:14.518 DEBUG 2314 --- [nio-9000-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-07-17 09:17:14.518 DEBUG 2314 --- [nio-9000-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-07-17 09:17:14.518 DEBUG 2314 --- [nio-9000-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-07-17 09:17:14.519 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@4eb166a1, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@554c4eaa, org.springframework.security.web.context.SecurityContextPersistenceFilter@77c233af, org.springframework.security.web.header.HeaderWriterFilter@10db6131, org.springframework.web.filter.CorsFilter@29fd8e67, org.springframework.security.web.authentication.logout.LogoutFilter@65e0b505, com.example.auth.authentication.CookieAuthenticationFilter@e146f93, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@37c41ec0, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@35a0e495, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4bd5849e, org.springframework.security.web.session.SessionManagementFilter@4730e0f0, org.springframework.security.web.access.ExceptionTranslationFilter@2d5ef498, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@541179e7]] (1/1)
2022-07-17 09:17:14.520 DEBUG 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Securing GET /error
2022-07-17 09:17:14.520 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/13)
2022-07-17 09:17:14.520 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/13)
2022-07-17 09:17:14.520 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking SecurityContextPersistenceFilter (3/13)
2022-07-17 09:17:14.521 TRACE 2314 --- [nio-9000-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2022-07-17 09:17:14.521 TRACE 2314 --- [nio-9000-exec-4] w.c.HttpSessionSecurityContextRepository : Created SecurityContextImpl [Null authentication]
2022-07-17 09:17:14.521 DEBUG 2314 --- [nio-9000-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-07-17 09:17:14.521 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/13)
2022-07-17 09:17:14.522 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking CorsFilter (5/13)
2022-07-17 09:17:14.522 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/13)
2022-07-17 09:17:14.522 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.a.logout.LogoutFilter : Did not match request to Or [Ant [pattern='/logout', GET], Ant [pattern='/logout', POST], Ant [pattern='/logout', PUT], Ant [pattern='/logout', DELETE]]
2022-07-17 09:17:14.523 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking CookieAuthenticationFilter (7/13)
2022-07-17 09:17:14.523 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (8/13)
2022-07-17 09:17:14.524 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.s.HttpSessionRequestCache : No saved request
2022-07-17 09:17:14.524 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (9/13)
2022-07-17 09:17:14.524 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (10/13)
2022-07-17 09:17:14.524 TRACE 2314 --- [nio-9000-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]]
2022-07-17 09:17:14.526 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (11/13)
2022-07-17 09:17:14.526 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (12/13)
2022-07-17 09:17:14.526 TRACE 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Invoking FilterSecurityInterceptor (13/13)
2022-07-17 09:17:14.526 DEBUG 2314 --- [nio-9000-exec-4] o.s.security.web.FilterChainProxy : Secured GET /error
2022-07-17 09:17:14.528 TRACE 2314 --- [nio-9000-exec-4] edFilterInvocationSecurityMetadataSource : Did not match request to Mvc [pattern='/trm/**'] - [hasAuthority('TRM')] (1/1)
2022-07-17 09:17:14.528 TRACE 2314 --- [nio-9000-exec-4] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for GET "/error", parameters={}, headers={masked} in DispatcherServlet 'dispatcherServlet'
2022-07-17 09:17:14.528 TRACE 2314 --- [nio-9000-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2022-07-17 09:17:14.529 TRACE 2314 --- [nio-9000-exec-4] o.s.web.method.HandlerMethod : Arguments: [SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionRequestWrapper@500a35e0]]
2022-07-17 09:17:14.530 DEBUG 2314 --- [nio-9000-exec-4] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using 'application/json', given [application/json] and supported [application/json, application/*+json, application/json, application/*+json]
2022-07-17 09:17:14.531 TRACE 2314 --- [nio-9000-exec-4] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Writing [{timestamp=Sun Jul 17 09:17:14 IST 2022, status=403, error=Forbidden, path=/trm/}]
2022-07-17 09:17:14.532 DEBUG 2314 --- [nio-9000-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2022-07-17 09:17:14.533 TRACE 2314 --- [nio-9000-exec-4] o.s.web.servlet.DispatcherServlet : No view rendering, null ModelAndView returned.
2022-07-17 09:17:14.533 DEBUG 2314 --- [nio-9000-exec-4] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 403, headers={masked}
2022-07-17 09:17:14.533 DEBUG 2314 --- [nio-9000-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2022-07-17 09:17:14.533 DEBUG 2314 --- [nio-9000-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
1 個解決方案
解決方案1
0 2022-07-16 16:48:26
通過查看代碼,看起來問題出在您定義 csrf 的filterChain方法上。 在您的successfulAuthentication身份驗證中,一旦調用該方法( successfulAuthentication身份驗證),您將重定向到另一個資源。 我認為出於這個原因,您還需要禁用cors 。
嘗試更新您的filterChain並使用以下調用而不是原始http.csrf().disable(); :
http.cors().and().csrf().disable();
編輯 1:如果只是添加上面沒有幫助,你可以將你的filterChain重構到下面嗎?
http.cors().and().csrf().disable().
.authorizeRequests().antMatchers("/trm/**")
.hasAuthority("TRM");
http.addFilterBefore(new CookieAuthenticationFilter("/auth/**"), UsernamePasswordAuthenticationFilter.class);
return http.build();
Spring security中的自定義formLogin()返回一個(type=Forbidden, status=403)
[英]Custom formLogin() in Spring security returns a (type=Forbidden, status=403)
403 Forbidden for OpenApiSwagger in Spring Boot Security
[英]403 Forbidden for OpenApiSwagger in Spring Boot Security
angularjs中的Spring Security返回禁止登錄的403
[英]Spring security in angularjs returns 403 forbidden for login
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
403 禁止 - Spring 安全
Spring Security自定義身份驗證提供程序403響應
Spring security中的自定義formLogin()返回一個(type=Forbidden, status=403)
春季安全angularjs禁止403
403 Forbidden - 帶有彈簧引導的彈簧安全性
Spring Security Rest API錯誤-403禁止
Spring Security的AJAX請求給出403禁止
403 Forbidden for OpenApiSwagger in Spring Boot Security
angularjs中的Spring Security返回禁止登錄的403
Spring Security X509 - 403 禁止
相關標簽