livro-spring-oauth2
livro-spring-oauth2 copied to clipboard
Published
20 hours ago •
adolfoweloy
adolfoweloy
Não suporta 1.5.X e roda até na versão 1.4.7.RELEASE do Spring Boot
Comecei há pouco tempo ler o livro e embora tenha os códigos prontos decidi fazer um do zero para por exemplo usar H2 em vez do MySQL e outras coisas (repositório aqui).
Estou no capítulo 7 e na versão 1.5.8.RELEASE do Spring Boot o projeto não funciona corretamente, se é feito um downgrade para 1.4.7.RELEASE funciona como esperando. No caso consigo gerar o token de acesso com o comando:
curl -X POST -H "Authorization: Basic Y2xpZW50ZS1hcHA6MTIzNDU2" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Accept: application/json" \
-d 'grant_type=password&[email protected]&password=123&scope=read write' \
"http://localhost:8080/oauth/token"
Porém ao executar o comando curl -i -X GET -H "Authorization: Bearer e5095996-fc3e-4a8a-ba33-2e7ff044b745" "http://localhost:8080/api/v2/livros" com o token de acesso retornado anteriormente sou redirecionado para http://localhost:8080/login, nem chega a ser informado se o token expirou ou não é mais válido. Ao habilitar debug no Spring Security recebo o seguinte no console (após autenticação e então consulta na API):
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/oauth/token'
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.web.util.matcher.OrRequestMatcher : matched
2017-11-20 21:13:15.936 INFO 11376 --- [nio-8080-exec-5] Spring Security Debugger :
************************************************************
Request received for POST '/oauth/token':
org.apache.catalina.connector.RequestFacade@70afc3d9
servletPath:/oauth/token
pathInfo:null
headers:
host: localhost:8080
user-agent: curl/7.47.1
authorization: Basic Y2xpZW50ZS1hcHA6MTIzNDU2
content-type: application/x-www-form-urlencoded
accept: application/json
content-length: 77
Security filter chain: [
WebAsyncManagerIntegrationFilter
SecurityContextPersistenceFilter
HeaderWriterFilter
LogoutFilter
BasicAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
************************************************************
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/oauth/token'
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.web.util.matcher.OrRequestMatcher : matched
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@66bbbcf8
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /oauth/token' doesn't match 'GET /logout
2017-11-20 21:13:15.936 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/logout'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /oauth/token' doesn't match 'PUT /logout
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /oauth/token' doesn't match 'DELETE /logout
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.a.www.BasicAuthenticationFilter : Basic Authentication Authorization header found for user 'cliente-app'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.a.www.BasicAuthenticationFilter : Authentication success: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a26ab6e: Principal: org.springframework.security.core.userdetails.User@f5d9e7ce: Username: cliente-app; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Not granted any authorities
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter : SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a26ab6e: Principal: org.springframework.security.core.userdetails.User@f5d9e7ce: Username: cliente-app; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Not granted any authorities'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@2b148c71
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/oauth/token'
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/token; Attributes: [fullyAuthenticated]
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a26ab6e: Principal: org.springframework.security.core.userdetails.User@f5d9e7ce: Username: cliente-app; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Not granted any authorities
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4e855c96, returned: 1
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /oauth/token reached end of additional filter chain; proceeding with original chain
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] .s.o.p.e.FrameworkEndpointHandlerMapping : Looking up handler method for path /oauth/token
2017-11-20 21:13:15.937 TRACE 11376 --- [nio-8080-exec-5] .s.o.p.e.FrameworkEndpointHandlerMapping : Found 1 matching mapping(s) for [/oauth/token] : [{[/oauth/token],methods=[POST]}]
2017-11-20 21:13:15.937 DEBUG 11376 --- [nio-8080-exec-5] .s.o.p.e.FrameworkEndpointHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.postAccessToken(java.security.Principal,java.util.Map<java.lang.String, java.lang.String>) throws org.springframework.web.HttpRequestMethodNotSupportedException]
2017-11-20 21:13:15.938 DEBUG 11376 --- [nio-8080-exec-5] .o.p.p.ResourceOwnerPasswordTokenGranter : Getting access token for: cliente-app
2017-11-20 21:13:15.938 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
Hibernate: select usuario0_.id as id1_2_, usuario0_.email as email2_2_, usuario0_.senha as senha3_2_, usuario0_.estante_id as estante_5_2_, usuario0_.nome as nome4_2_ from Usuario usuario0_ where usuario0_.email=?
Hibernate: select estante0_.id as id1_0_0_, usuario1_.id as id1_2_1_, usuario1_.email as email2_2_1_, usuario1_.senha as senha3_2_1_, usuario1_.estante_id as estante_5_2_1_, usuario1_.nome as nome4_2_1_ from Estante estante0_ left outer join Usuario usuario1_ on estante0_.id=usuario1_.estante_id where estante0_.id=?
Hibernate: select usuario0_.id as id1_2_1_, usuario0_.email as email2_2_1_, usuario0_.senha as senha3_2_1_, usuario0_.estante_id as estante_5_2_1_, usuario0_.nome as nome4_2_1_, estante1_.id as id1_0_0_ from Usuario usuario0_ left outer join Estante estante1_ on usuario0_.estante_id=estante1_.id where usuario0_.estante_id=?
2017-11-20 21:13:15.942 DEBUG 11376 --- [nio-8080-exec-5] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2017-11-20 21:13:15.942 DEBUG 11376 --- [nio-8080-exec-5] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/oauth/token'
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token_key']
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/oauth/token_key'
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/check_token']
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/oauth/check_token'
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/api/livros'
2017-11-20 21:13:20.011 INFO 11376 --- [nio-8080-exec-6] Spring Security Debugger :
************************************************************
Request received for GET '/api/v2/livros':
org.apache.catalina.connector.RequestFacade@70afc3d9
servletPath:/api/v2/livros
pathInfo:null
headers:
host: localhost:8080
user-agent: curl/7.47.1
accept: */*
authorization: Bearer 1f1824d6-b438-4a5b-ae9d-01d0b9ab190d
Security filter chain: [
WebAsyncManagerIntegrationFilter
SecurityContextPersistenceFilter
HeaderWriterFilter
LogoutFilter
UsernamePasswordAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
************************************************************
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/oauth/token'
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token_key']
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/oauth/token_key'
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/check_token']
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/oauth/check_token'
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/api/livros'
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-11-20 21:13:20.011 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@371cd8ec
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/logout'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/v2/livros' doesn't match 'POST /logout
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/v2/livros' doesn't match 'PUT /logout
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/v2/livros' doesn't match 'DELETE /logout
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/v2/livros' doesn't match 'POST /login
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : /api/v2/livros at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/logout'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/v2/livros' doesn't match 'POST /logout
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/v2/livros' doesn't match 'PUT /logout
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /api/v2/livros' doesn't match 'DELETE /logout
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/home'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/usuarios'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/webjars/**'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/static/**'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/jquery*'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/h2/**'
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /api/v2/livros; Attributes: [authenticated]
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3cdfe145, returned: -1
2017-11-20 21:13:20.012 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90)
at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:77)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/api/v2/livros'; against '/**/favicon.ico'
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4593ed47, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[]
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.m.MediaTypeRequestMatcher : Did not match any media types
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.util.matcher.AndRequestMatcher : All requestMatchers returned true
2017-11-20 21:13:20.013 INFO 11376 --- [nio-8080-exec-6] Spring Security Debugger :
************************************************************
New HTTP session created: 02901B715B2C7A798EDB56BAC401D14B
Call stack:
at org.springframework.security.web.debug.Logger.info(Logger.java:44)
at org.springframework.security.web.debug.DebugRequestWrapper.getSession(DebugFilter.java:166)
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)
at org.springframework.security.web.savedrequest.HttpSessionRequestCache.saveRequest(HttpSessionRequestCache.java:59)
at org.springframework.security.web.access.ExceptionTranslationFilter.sendStartAuthentication(ExceptionTranslationFilter.java:201)
at org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:177)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:133)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90)
at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:77)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
************************************************************
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.s.HttpSessionRequestCache : DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/api/v2/livros]
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/login'
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-11-20 21:13:20.013 DEBUG 11376 --- [nio-8080-exec-6] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
Para reproduzir é só rodar o projeto de exemplo na versão 1.5.8.RELEASE do Spring Boot.
