spring security security="none" not work -
i want /iocm/dev/sec/v1.1.0/login no auth, @ run time, run next <http> section's intercept-url processor,finally got failure, see log below. why?
<http pattern="/iocm/dev/**/v1.*.*/**" create-session="stateless" entry-point-ref="oauthauthenticationentrypoint" use-expressions="true" access-decision-manager-ref="accessdecisionmanager" xmlns="http://www.springframework.org/schema/security"> <anonymous enabled="false"/> <intercept-url pattern="/iocm/dev/**/v1.*.*/**" access="hasrole('device')"/> <custom-filter ref="authservicefilter" before="pre_auth_filter"/> <custom-filter ref="selecttenantfordevfilter" position="basic_auth_filter" /> <access-denied-handler ref="oauthaccessdeniedhandler" /> <csrf disabled="true"/> </http> 2017-08-18 19:27:12,791(144801):debug{}[http-nio-20880-exec-1]org.springframework.security.web.util.matcher.antpathrequestmatcher.matches(antpathrequestmatcher.java:157)-->checking match of request : '/iocm/dev/sec/v1.1.0/login'; against '/iocm/dev/sec/v1.1.0/login' 2017-08-18 19:27:12,792(144802):debug{}[http-nio-20880-exec-1]org.springframework.security.web.filterchainproxy.dofilterinternal(filterchainproxy.java:201)-->/iocm/dev/sec/v1.1.0/login has empty filter list 2017-08-18 19:27:12,792(144802):debug{}[http-nio-20880-exec-1]org.springframework.security.web.util.matcher.antpathrequestmatcher.matches(antpathrequestmatcher.java:157)-->checking match of request : '/iocm/dev/sec/v1.1.0/login'; against '/iocm/dev//v1../' 2017-08-18 19:27:12,793(144803):debug{}[http-nio-20880-exec-1]org.springframework.security.access.intercept.abstractsecurityinterceptor.beforeinvocation(abstractsecurityinterceptor.java:219)-->secure object: filterinvocation: url: /iocm/dev/sec/v1.1.0/login; attributes: [hasrole('device')] 2017-08-18 19:27:12,795(144805):debug{}[http-nio-20880-exec-1]org.springframework.beans.factory.support.abstractbeanfactory.dogetbean(abstractbeanfactory.java:251)-->returning cached instance of singleton bean 'io.servicecomb.core.cseapplicationlistener#0' 2017-08-18 19:27:12,796(144806):debug{}[http-nio-20880-exec-1]org.springframework.beans.factory.support.abstractbeanfactory.dogetbean(abstractbeanfactory.java:251)-->returning cached instance of singleton bean 'authorizationauditlistener' 2017-08-18 19:27:12,799(144809):debug{}[http-nio-20880-exec-1]org.springframework.beans.factory.support.abstractbeanfactory.dogetbean(abstractbeanfactory.java:251)-->returning cached instance of singleton bean 'io.servicecomb.core.cseapplicationlistener#0' 2017-08-18 19:27:12,800(144810):debug{}[http-nio-20880-exec-1]org.springframework.beans.factory.support.abstractbeanfactory.dogetbean(abstractbeanfactory.java:251)-->returning cached instance of singleton bean 'auditlistener' 2017-08-18 19:27:12,800(144810):debug{}[http-nio-20880-exec-1]org.springframework.boot.actuate.audit.listener.auditlistener.onauditevent(auditlistener.java:46)-->auditevent [timestamp=fri aug 18 19:27:12 gmt+08:00 2017, principal=, type=authentication_failure, data={type=org.springframework.security.authentication.authenticationcredentialsnotfoundexception, message=an authentication object not found in securitycontext}] 八月 18, 2017 7:27:12 下午 org.apache.catalina.core.standardwrappervalve invoke 严重: servlet.service() servlet [dispatcherservlet] in context path [] threw exception org.springframework.security.authentication.authenticationcredentialsnotfoundexception: authentication object not found in securitycontext @ org.springframework.security.access.intercept.abstractsecurityinterceptor.credentialsnotfound(abstractsecurityinterceptor.java:379) @ org.springframework.security.access.intercept.abstractsecurityinterceptor.beforeinvocation(abstractsecurityinterceptor.java:223) @ org.springframework.security.web.access.intercept.filtersecurityinterceptor.invoke(filtersecurityinterceptor.java:124) @ org.springframework.security.web.access.intercept.filtersecurityinterceptor.dofilter(filtersecurityinterceptor.java:91) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) @ org.springframework.security.web.filterchainproxy.dofilterinternal(filterchainproxy.java:208) @ org.springframework.security.web.filterchainproxy.dofilter(filterchainproxy.java:177) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) @ org.springframework.boot.actuate.trace.webrequesttracefilter.dofilterinternal(webrequesttracefilter.java:105) @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207)
Comments
Post a Comment