0dd_b1t
Reputation: 568
AuthenticationSuccessHandler is not been invoked
This is my AuthSuccessHandlerClass
public class AuthSuccessHandler implements AuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication auth) throws IOException, ServletException {
response.sendRedirect("http://google.com");
}}
And this is ...-security.xml
<security:http use-expressions="true" auto-config="true" create-session="always" access-decision-manager-ref="accessDecisionManager">
<security:intercept-url pattern="/app/Censor.html" access="hasRole('ROLE_CENSOR')"/>
<security:intercept-url pattern="/**" filters="none"/>
<security:form-login login-page="/auth/Login.html"
authentication-success-handler-ref="authenticationSuccessHandler"/>
<security:custom-filter position="FIRST" ref="customX509Filter" />
</security:http>
<beans:bean id="authenticationSuccessHandler" class="com.test.services.security.handlers.AuthSuccessHandler"/>
<authentication-manager alias="authenticationManager">
<security:authentication-provider ref="authenticationProvider">
</security:authentication-provider>
</authentication-manager>
For some, unvisible for me, reasons after login action browser dont redirect me at google.com and at debugging mode it skip this hadler. Why? Where is my mistake?
Thx!
UPD log for spring security after second login(automatic authorization)
19:48:18,690 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Converted URL to lowercase, from: '/service/censorservice'; to: '/service/censorservice'
19:48:18,690 DEBUG [http-8000-2] [security.web.FilterChainProxy]: Converted URL to lowercase, from: '/service/messageservice'; to: '/service/messageservice'
19:48:18,690 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Candidate is: '/service/censorservice'; pattern is /**; matched=true
19:48:18,690 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 1 of 11 in additional filter chain; firing Filter: 'CustomX509Filter'
19:48:18,690 DEBUG [http-8000-2] [security.web.FilterChainProxy]: Candidate is: '/service/messageservice'; pattern is /**; matched=true
19:48:18,692 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
19:48:18,692 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 1 of 11 in additional filter chain; firing Filter: 'CustomX509Filter'
19:48:18,692 DEBUG [http-8000-3] [web.context.HttpSessionSecurityContextRepository]: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@a48448b4: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:18,692 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
19:48:18,693 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
19:48:18,693 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
19:48:18,693 DEBUG [http-8000-2] [web.context.HttpSessionSecurityContextRepository]: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@a48448b4: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:18,694 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:48:18,694 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
19:48:18,695 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:48:18,695 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
19:48:18,696 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:48:18,695 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
19:48:18,696 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:48:18,696 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
19:48:18,697 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
19:48:18,697 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
19:48:18,697 DEBUG [http-8000-3] [web.authentication.AnonymousAuthenticationFilter]: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:18,698 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:48:18,698 DEBUG [http-8000-2] [web.authentication.AnonymousAuthenticationFilter]: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:18,699 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:48:18,699 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
19:48:18,700 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
19:48:18,700 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
19:48:18,700 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Converted URL to lowercase, from: '/service/censorservice'; to: '/service/censorservice'
19:48:18,701 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
19:48:18,701 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/censorservice'; pattern is /app/censor.html; matched=false
19:48:18,701 DEBUG [http-8000-2] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Converted URL to lowercase, from: '/service/messageservice'; to: '/service/messageservice'
19:48:18,702 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/censorservice'; pattern is /**; matched=true
19:48:18,702 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Secure object: FilterInvocation: URL: /service/censorservice; Attributes: [permitAll]
19:48:18,702 DEBUG [http-8000-2] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/messageservice'; pattern is /app/censor.html; matched=false
19:48:18,703 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:18,703 DEBUG [http-8000-2] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/messageservice'; pattern is /**; matched=true
19:48:18,704 DEBUG [http-8000-2] [access.intercept.FilterSecurityInterceptor]: Secure object: FilterInvocation: URL: /service/messageservice; Attributes: [permitAll]
19:48:18,704 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@235b4804, returned: 0
19:48:18,704 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.AuthenticatedVoter@6f3e49a8, returned: 0
19:48:18,704 DEBUG [http-8000-2] [access.intercept.FilterSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:18,705 DEBUG [http-8000-2] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@235b4804, returned: 0
19:48:18,705 DEBUG [http-8000-2] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.AuthenticatedVoter@6f3e49a8, returned: 0
19:48:18,705 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4019eb89, returned: 1
19:48:18,706 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Authorization successful
19:48:18,706 DEBUG [http-8000-2] [access.vote.AffirmativeBased]: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4019eb89, returned: 1
19:48:18,706 DEBUG [http-8000-2] [access.intercept.FilterSecurityInterceptor]: Authorization successful
19:48:18,706 DEBUG [http-8000-2] [access.intercept.FilterSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:18,707 DEBUG [http-8000-2] [security.web.FilterChainProxy]: /service/messageservice reached end of additional filter chain; proceeding with original chain
19:48:18,706 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:18,707 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice reached end of additional filter chain; proceeding with original chain
19:48:18,707 DEBUG [http-8000-2] [intercept.aopalliance.MethodSecurityInterceptor]: Secure object: ReflectiveMethodInvocation: public abstract com.extjs.gxt.ui.client.data.PagingLoadResult com.exigenservices.letter.censormodule.client.service.MessageDTOService.getAllNewIncomingMessageByCensor(java.util.Date); target is of class [com.exigenservices.letter.censormodule.server.MessageDTOServiceImpl]; Attributes: [ROLE_CENSOR]
19:48:18,707 DEBUG [http-8000-3] [intercept.aopalliance.MethodSecurityInterceptor]: Secure object: ReflectiveMethodInvocation: public abstract com.exigenservices.letter.censormodule.client.dto.UpdateResult com.exigenservices.letter.censormodule.client.service.CensorService.checkForNewLetters(java.util.Date) throws com.exigenservices.letter.commonmodule.client.exceptions.AccessDeniedException; target is of class [com.exigenservices.letter.censormodule.server.CensorServiceImpl]; Attributes: [ROLE_CENSOR]
19:48:18,708 DEBUG [http-8000-2] [intercept.aopalliance.MethodSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:18,708 DEBUG [http-8000-3] [intercept.aopalliance.MethodSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:18,709 DEBUG [http-8000-2] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@55a07c1c, returned: 1
19:48:18,709 DEBUG [http-8000-2] [intercept.aopalliance.MethodSecurityInterceptor]: Authorization successful
19:48:18,709 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@55a07c1c, returned: 1
19:48:18,710 DEBUG [http-8000-3] [intercept.aopalliance.MethodSecurityInterceptor]: Authorization successful
19:48:18,710 DEBUG [http-8000-2] [intercept.aopalliance.MethodSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:18,710 DEBUG [http-8000-3] [intercept.aopalliance.MethodSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:18,711 DEBUG [http-8000-2] [web.access.ExceptionTranslationFilter]: Chain processed normally
19:48:18,711 DEBUG [http-8000-2] [web.context.SecurityContextPersistenceFilter]: SecurityContextHolder now cleared, as request processing completed
19:48:18,715 DEBUG [http-8000-3] [web.access.ExceptionTranslationFilter]: Chain processed normally
19:48:18,715 DEBUG [http-8000-3] [web.context.SecurityContextPersistenceFilter]: SecurityContextHolder now cleared, as request processing completed
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Converted URL to lowercase, from: '/app/censor.html'; to: '/app/censor.html'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Candidate is: '/app/censor.html'; pattern is /**; matched=true
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 1 of 11 in additional filter chain; firing Filter: 'CustomX509Filter'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
19:48:19,359 DEBUG [http-8000-3] [web.context.HttpSessionSecurityContextRepository]: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@a48448b4: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:48:19,359 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
19:48:19,360 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
19:48:19,360 DEBUG [http-8000-3] [web.authentication.AnonymousAuthenticationFilter]: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:19,360 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:48:19,360 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
19:48:19,360 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
19:48:19,360 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Converted URL to lowercase, from: '/app/censor.html'; to: '/app/censor.html'
19:48:19,360 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/app/censor.html'; pattern is /app/censor.html; matched=true
19:48:19,360 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Secure object: FilterInvocation: URL: /app/Censor.html; Attributes: [hasRole('ROLE_CENSOR')]
19:48:19,360 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:19,360 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@235b4804, returned: 0
19:48:19,360 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.AuthenticatedVoter@6f3e49a8, returned: 0
19:48:19,360 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4019eb89, returned: 1
19:48:19,360 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Authorization successful
19:48:19,361 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:19,361 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/Censor.html reached end of additional filter chain; proceeding with original chain
19:48:19,361 DEBUG [http-8000-3] [web.access.ExceptionTranslationFilter]: Chain processed normally
19:48:19,361 DEBUG [http-8000-3] [web.context.SecurityContextPersistenceFilter]: SecurityContextHolder now cleared, as request processing completed
19:48:19,955 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Converted URL to lowercase, from: '/app/app.nocache.js'; to: '/app/app.nocache.js'
19:48:19,955 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Candidate is: '/app/app.nocache.js'; pattern is /**; matched=true
19:48:19,955 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 1 of 11 in additional filter chain; firing Filter: 'CustomX509Filter'
19:48:19,955 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
19:48:19,959 DEBUG [http-8000-3] [web.context.HttpSessionSecurityContextRepository]: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@a48448b4: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:19,959 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
19:48:19,960 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
19:48:19,960 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:48:19,960 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:48:19,961 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
19:48:19,961 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
19:48:19,961 DEBUG [http-8000-3] [web.authentication.AnonymousAuthenticationFilter]: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:19,961 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:48:19,962 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
19:48:19,962 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
19:48:19,962 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Converted URL to lowercase, from: '/app/app.nocache.js'; to: '/app/app.nocache.js'
19:48:19,963 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/app/app.nocache.js'; pattern is /app/censor.html; matched=false
19:48:19,963 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/app/app.nocache.js'; pattern is /**; matched=true
19:48:19,963 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Secure object: FilterInvocation: URL: /app/app.nocache.js; Attributes: [permitAll]
19:48:19,963 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR
19:48:19,964 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.RoleVoter@235b4804, returned: 0
19:48:19,964 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.access.vote.AuthenticatedVoter@6f3e49a8, returned: 0
19:48:19,964 DEBUG [http-8000-3] [access.vote.AffirmativeBased]: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4019eb89, returned: 1
19:48:19,964 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Authorization successful
19:48:19,965 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: RunAsManager did not change Authentication object
19:48:19,965 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /app/app.nocache.js reached end of additional filter chain; proceeding with original chain
19:48:19,965 DEBUG [http-8000-3] [commonmodule.server.GWTCacheControlFilter]: doFilter() nocache file expired forcibly
19:48:19,965 DEBUG [http-8000-3] [web.access.ExceptionTranslationFilter]: Chain processed normally
19:48:19,965 DEBUG [http-8000-3] [web.context.SecurityContextPersistenceFilter]: SecurityContextHolder now cleared, as request processing completed
19:48:20,814 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Converted URL to lowercase, from: '/service/censorservice'; to: '/service/censorservice'
19:48:20,815 DEBUG [http-8000-3] [security.web.FilterChainProxy]: Candidate is: '/service/censorservice'; pattern is /**; matched=true
19:48:20,815 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 1 of 11 in additional filter chain; firing Filter: 'CustomX509Filter'
19:48:20,815 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
19:48:20,817 DEBUG [http-8000-3] [web.context.HttpSessionSecurityContextRepository]: Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@a48448b4: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:20,817 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
19:48:20,818 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
19:48:20,818 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
19:48:20,818 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
19:48:20,819 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
19:48:20,819 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
19:48:20,819 DEBUG [http-8000-3] [web.authentication.AnonymousAuthenticationFilter]: SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a48448b4: Principal: com.exigenservices.letter.entity.Censor@73a3d5c3; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_CENSOR'
19:48:20,820 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
19:48:20,820 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
19:48:20,820 DEBUG [http-8000-3] [security.web.FilterChainProxy]: /service/censorservice at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
19:48:20,821 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Converted URL to lowercase, from: '/service/censorservice'; to: '/service/censorservice'
19:48:20,821 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/censorservice'; pattern is /app/censor.html; matched=false
19:48:20,821 DEBUG [http-8000-3] [access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: Candidate is: '/service/censorservice'; pattern is /**; matched=true
19:48:20,822 DEBUG [http-8000-3] [access.intercept.FilterSecurityInterceptor]: Secure object: FilterInvocation: URL: /service/censorservice; Attributes: [permitAll]
Upvotes: 0
Views: 2081
Answers (1)
Shaun the Sheep
Reputation: 22742
Try changing
<security:intercept-url pattern="/**" filters="none"/>
to
<security:intercept-url pattern="/**" access="permitAll"/>
The former will prevent the security chain being applied to any request other than an exact match of "/app/Censor.html", including the login form submission. It seems odd though, as I would then expect you to get a 404 for the login request.
You should also probably post the debug log for the login form submission, which shows your handler being "skipped".
Update
The log you've posted shows multiple interleaved requests being submitted from an already authenticated client (with a session), so I would not expect authentication to take place or a redirect to occur.
Upvotes: 2
Related Questions
- Spring boot AuthenticationSuccessHandler ignored
- AuthenticationSuccessHandler in Spring Security
- AuthenticationSuccessHandler in Spring MVC Java based configuration
- Spring Security custom AuthenticationSuccessHandler is ignored
- spring security AuthenticationFailureHandler with java config
- spring security authentication not working
- Authentication is not working in spring
- Spring Security authentication is ignored
- Spring Security authenticationSuccessHandler and j_security_check
- AuthenticationSuccessHandler example for Spring Security 3