I created a new spring boot 2 project in a view to create microservices with eureka server, api gateway using zuul proxy and tried inter communication between microservices.
But, coming to security, tried to implement oauth for the api gateway. But now the 'oauth/token' endpoint which i used in spring 1.x versions to get the access token is not working in spring boot 2.
As i googled, spring boot 2 undergone some changes with spring security 5 to default encryption and decryption for
- client-id
- client-secret
- user password
as well and changed that too in mysql database with bcrypted data with prefiexed as {encryption type} used Bcrypt with also works with matching the user entered credentials.
But, the request: http://localhost:8030/oauth/token?grant_type=password&[email protected]&password=yyyyy
returns me the 401 unauthorized as response
{ "timestamp": "2018-06-28T17:31:07.181+0000", "status": 401, "error": "Unauthorized", "message": "Unauthorized", "path": "/oauth/token" }
Which works smoothly in spring boot 1.x version but not in spring boot 2.0. I have not clue what i'm doing wrong. Please throw some lights as i stuck with this.
Kindly correct me if i'm wrong or comment below if the question needs to be more clear. so that i update the question with some worked code snippets. Please suggest some demo or any source to understand. Any small help will be appreciated.
Edited with - Log details:
:: Spring Boot :: (v2.0.3.RELEASE) 2018-06-30 00:26:01.086 INFO 1396 --- [ main] org.hibernate.Version : HHH000412: Hibernate Core {5.2.17.Final} 2018-06-30 00:26:01.088 INFO 1396 --- [ main] org.hibernate.cfg.Environment : HHH000206: hibernate.properties not found 2018-06-30 00:26:01.138 INFO 1396 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.0.1.Final} 2018-06-30 00:26:01.388 INFO 1396 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.MySQL5Dialect 2018-06-30 00:26:02.115 INFO 1396 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default' 2018-06-30 00:26:02.359 DEBUG 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : Looking for request mappings in application context: org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@515aebb0: startup date [Sat Jun 30 00:25:55 IST 2018]; root of context hierarchy 2018-06-30 00:26:02.373 DEBUG 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : 2 request handler methods found on class org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint: {public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map,java.util.Map,org.springframework.web.bind.support.SessionStatus,java.security.Principal)={[/oauth/authorize]}, public org.springframework.web.servlet.View org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.approveOrDeny(java.util.Map,java.util.Map,org.springframework.web.bind.support.SessionStatus,java.security.Principal)={[/oauth/authorize],methods=[POST],params=[user_oauth_approval]}} 2018-06-30 00:26:02.377 INFO 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/oauth/authorize]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map,java.util.Map,org.springframework.web.bind.support.SessionStatus,java.security.Principal) 2018-06-30 00:26:02.381 INFO 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/oauth/authorize],methods=[POST],params=[user_oauth_approval]}" onto public org.springframework.web.servlet.View org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.approveOrDeny(java.util.Map,java.util.Map,org.springframework.web.bind.support.SessionStatus,java.security.Principal) 2018-06-30 00:26:02.384 DEBUG 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : 2 request handler methods found on class org.springframework.security.oauth2.provider.endpoint.TokenEndpoint: {public org.springframework.http.ResponseEntity org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(java.security.Principal,java.util.Map) throws org.springframework.web.HttpRequestMethodNotSupportedException={[/oauth/token],methods=[GET]}, public org.springframework.http.ResponseEntity org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.postAccessToken(java.security.Principal,java.util.Map) throws org.springframework.web.HttpRequestMethodNotSupportedException={[/oauth/token],methods=[POST]}} 2018-06-30 00:26:02.386 INFO 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/oauth/token],methods=[GET]}" onto public org.springframework.http.ResponseEntity org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(java.security.Principal,java.util.Map) throws org.springframework.web.HttpRequestMethodNotSupportedException 2018-06-30 00:26:02.387 INFO 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/oauth/token],methods=[POST]}" onto public org.springframework.http.ResponseEntity org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.postAccessToken(java.security.Principal,java.util.Map) throws org.springframework.web.HttpRequestMethodNotSupportedException 2018-06-30 00:26:02.390 DEBUG 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : 1 request handler methods found on class org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint: {public java.util.Map org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint.checkToken(java.lang.String)={[/oauth/check_token]}} 2018-06-30 00:26:02.392 INFO 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/oauth/check_token]}" onto public java.util.Map org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint.checkToken(java.lang.String) 2018-06-30 00:26:02.394 DEBUG 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : 1 request handler methods found on class org.springframework.security.oauth2.provider.endpoint.WhitelabelApprovalEndpoint: {public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.WhitelabelApprovalEndpoint.getAccessConfirmation(java.util.Map,javax.servlet.http.HttpServletRequest) throws java.lang.Exception={[/oauth/confirm_access]}} 2018-06-30 00:26:02.397 INFO 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/oauth/confirm_access]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.WhitelabelApprovalEndpoint.getAccessConfirmation(java.util.Map,javax.servlet.http.HttpServletRequest) throws java.lang.Exception 2018-06-30 00:26:02.399 DEBUG 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : 1 request handler methods found on class org.springframework.security.oauth2.provider.endpoint.WhitelabelErrorEndpoint: {public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.WhitelabelErrorEndpoint.handleError(javax.servlet.http.HttpServletRequest)={[/oauth/error]}} 2018-06-30 00:26:02.401 INFO 1396 --- [ main] .s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/oauth/error]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.WhitelabelErrorEndpoint.handleError(javax.servlet.http.HttpServletRequest) 2018-06-30 00:26:02.625 INFO 1396 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [//favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler] 2018-06-30 00:26:03.361 INFO 1396 --- [ main] o.h.h.i.QueryTranslatorFactoryInitiator : HHH000397: Using ASTQueryTranslatorFactory 2018-06-30 00:26:03.591 INFO 1396 --- [ main] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@515aebb0: startup date [Sat Jun 30 00:25:55 IST 2018]; root of context hierarchy 2018-06-30 00:26:03.651 WARN 1396 --- [ main] aWebConfiguration$JpaWebMvcConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning 2018-06-30 00:26:03.688 INFO 1396 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/check/data]}" onto public java.lang.String com.cheers.authserver.auth.DataCheck.data() 2018-06-30 00:26:03.690 INFO 1396 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/open]}" onto public java.lang.String com.cheers.authserver.auth.DataCheck.testing() 2018-06-30 00:26:03.703 INFO 1396 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest) 2018-06-30 00:26:03.705 INFO 1396 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) 2018-06-30 00:26:03.769 INFO 1396 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/webjars/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler] 2018-06-30 00:26:03.770 INFO 1396 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler] 2018-06-30 00:26:04.148 DEBUG 1396 --- [ main] s.c.a.w.c.WebSecurityConfigurerAdapter$3 : No authenticationProviders and no parentAuthenticationManager defined. Returning null. 2018-06-30 00:26:04.289 DEBUG 1396 --- [ main] eGlobalAuthenticationAutowiredConfigurer : Eagerly initializing {org.springframework.boot.autoconfigure.security.servlet.WebSecurityEnablerConfiguration=org.springframework.boot.autoconfigure.security.servlet.WebSecurityEnablerConfiguration$$EnhancerBySpringCGLIB$$c3e8db27@77aea} 2018-06-30 00:26:04.316 INFO 1396 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/api/'], [] 2018-06-30 00:26:04.425 DEBUG 1396 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'fullyAuthenticated', for Ant [pattern='/oauth/token'] 2018-06-30 00:26:04.428 DEBUG 1396 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'permitAll()', for Ant [pattern='/oauth/token_key'] 2018-06-30 00:26:04.428 DEBUG 1396 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'isAuthenticated()', for Ant [pattern='/oauth/check_token'] 2018-06-30 00:26:04.439 DEBUG 1396 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes 2018-06-30 00:26:04.459 DEBUG 1396 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes 2018-06-30 00:26:04.477 INFO 1396 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/oauth/token'], Ant [pattern='/oauth/token_key'], Ant [pattern='/oauth/check_token']]], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@11826398, org.springframework.security.web.context.SecurityContextPersistenceFilter@76ac68b0, org.springframework.security.web.header.HeaderWriterFilter@5e2a6991, org.springframework.security.web.authentication.logout.LogoutFilter@7a358613, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@59b492ec, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@63917fe1, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2b7facc7, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@6c5ca0b6, org.springframework.security.web.session.SessionManagementFilter@409732fb, org.springframework.security.web.access.ExceptionTranslationFilter@5aea8994, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@2e4eda17] 2018-06-30 00:26:04.503 DEBUG 1396 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'permitAll', for Ant [pattern='/'] 2018-06-30 00:26:04.504 DEBUG 1396 --- [ main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'authenticated', for org.springframework.security.web.util.matcher.AnyRequestMatcher@1 2018-06-30 00:26:04.506 DEBUG 1396 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes 2018-06-30 00:26:04.507 DEBUG 1396 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Validated configuration attributes 2018-06-30 00:26:04.509 INFO 1396 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/api/'], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@15a8cebd, org.springframework.security.web.context.SecurityContextPersistenceFilter@410fc508, org.springframework.security.web.header.HeaderWriterFilter@a316f6b, org.springframework.security.web.authentication.logout.LogoutFilter@62e73ab6, org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter@5ebbde60, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4e17442f, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4f5c30b1, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3f6c2763, org.springframework.security.web.session.SessionManagementFilter@63f9ddf9, org.springframework.security.web.access.ExceptionTranslationFilter@35e74e08, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7bf018dd] 2018-06-30 00:26:04.532 INFO 1396 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@76a6f045, org.springframework.security.web.context.SecurityContextPersistenceFilter@59e7564b, org.springframework.security.web.header.HeaderWriterFilter@6793f752, org.springframework.security.web.csrf.CsrfFilter@2ad7bd26, org.springframework.security.web.authentication.logout.LogoutFilter@1510b9a2, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@482ba4b1, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@307af381, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@633ddc0c, org.springframework.security.web.session.SessionManagementFilter@1216eb3f, org.springframework.security.web.access.ExceptionTranslationFilter@44faa4f2] 2018-06-30 00:26:04.684 INFO 1396 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup 2018-06-30 00:26:04.759 INFO 1396 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8030 (http) with context path '' 2018-06-30 00:26:04.768 INFO 1396 --- [ main] c.c.authserver.AuthServerApplication : Started AuthServerApplication in 9.893 seconds (JVM running for 10.573) 2018-06-30 00:27:40.919 INFO 1396 --- [nio-8030-exec-2] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring FrameworkServlet 'dispatcherServlet' 2018-06-30 00:27:40.919 INFO 1396 --- [nio-8030-exec-2] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started 2018-06-30 00:27:41.004 INFO 1396 --- [nio-8030-exec-2] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 85 ms 2018-06-30 00:27:41.026 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/api/' 2018-06-30 00:27:41.026 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token'] 2018-06-30 00:27:41.026 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/oauth/token' 2018-06-30 00:27:41.026 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : matched 2018-06-30 00:27:41.027 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /oauth/token?grant_type=password&[email protected]&password=password at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 2018-06-30 00:27:41.029 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /oauth/token?grant_type=password&[email protected]&password=password at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 2018-06-30 00:27:41.030 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /oauth/token?grant_type=password&[email protected]&password=password at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' 2018-06-30 00:27:41.032 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /oauth/token?grant_type=password&[email protected]&password=password at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 2018-06-30 00:27:41.032 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET] 2018-06-30 00:27:41.032 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/logout' 2018-06-30 00:27:41.032 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST] 2018-06-30 00:27:41.032 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /oauth/token' doesn't match 'POST /logout 2018-06-30 00:27:41.032 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT] 2018-06-30 00:27:41.033 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /oauth/token' doesn't match 'PUT /logout 2018-06-30 00:27:41.033 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE] 2018-06-30 00:27:41.033 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /oauth/token' doesn't match 'DELETE /logout 2018-06-30 00:27:41.033 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : No matches found 2018-06-30 00:27:41.033 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /oauth/token?grant_type=password&[email protected]&password=password at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 2018-06-30 00:27:41.034 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.a.www.BasicAuthenticationFilter : Basic Authentication Authorization header found for user 'fooClientIdPassword' 2018-06-30 00:27:41.038 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider 2018-06-30 00:27:41.844 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.a.dao.DaoAuthenticationProvider : User 'fooClientIdPassword' not found 2018-06-30 00:27:41.845 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.a.www.BasicAuthenticationFilter : Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials 2018-06-30 00:27:41.845 DEBUG 1396 --- [nio-8030-exec-2] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest] 2018-06-30 00:27:41.845 DEBUG 1396 --- [nio-8030-exec-2] s.w.a.DelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@6dad2eff 2018-06-30 00:27:41.846 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@547de45b 2018-06-30 00:27:41.848 DEBUG 1396 --- [nio-8030-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/api/' 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token'] 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/oauth/token' 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token_key'] 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/oauth/token_key' 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/check_token'] 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/oauth/check_token' 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : No matches found 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/api/' 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password at position 1 of 10 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 2018-06-30 00:27:41.854 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password at position 2 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 2018-06-30 00:27:41.855 DEBUG 1396 --- [nio-8030-exec-2] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists 2018-06-30 00:27:41.856 DEBUG 1396 --- [nio-8030-exec-2] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created. 2018-06-30 00:27:41.857 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password at position 3 of 10 in additional filter chain; firing Filter: 'HeaderWriterFilter' 2018-06-30 00:27:41.857 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password at position 4 of 10 in additional filter chain; firing Filter: 'CsrfFilter' 2018-06-30 00:27:41.857 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password at position 5 of 10 in additional filter chain; firing Filter: 'LogoutFilter' 2018-06-30 00:27:41.859 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /error' doesn't match 'POST /logout 2018-06-30 00:27:41.860 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password at position 6 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 2018-06-30 00:27:41.860 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password at position 7 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 2018-06-30 00:27:41.863 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password at position 8 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 2018-06-30 00:27:41.863 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@784958e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 2018-06-30 00:27:41.864 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password at position 9 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter' 2018-06-30 00:27:41.865 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.session.SessionManagementFilter : Requested session ID E5A0A21A0F7DF095CB629DA455BDEEA0 is invalid. 2018-06-30 00:27:41.865 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password at position 10 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 2018-06-30 00:27:41.865 DEBUG 1396 --- [nio-8030-exec-2] o.s.security.web.FilterChainProxy : /error?grant_type=password&[email protected]&password=password reached end of additional filter chain; proceeding with original chain 2018-06-30 00:27:42.018 DEBUG 1396 --- [nio-8030-exec-2] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 2018-06-30 00:27:42.036 DEBUG 1396 --- [nio-8030-exec-2] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally 2018-06-30 00:27:42.037 DEBUG 1396 --- [nio-8030-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
logging.level.org.springframework.security=DEBUGandlogging.level.org.springframework.http=DEBUGdebug flags and share logs. – Vijay Nandwana